diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 6e66e66db6630..5540fb7fd93e6 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -16,3 +16,28 @@ updates: directory: "/ui/" schedule: interval: "daily" + + - package-ecosystem: "docker" + directory: "/" + schedule: + interval: "daily" + + - package-ecosystem: "docker" + directory: "/test/container/" + schedule: + interval: "daily" + + - package-ecosystem: "docker" + directory: "/test/e2e/multiarch-container/" + schedule: + interval: "daily" + + - package-ecosystem: "docker" + directory: "/test/remote/" + schedule: + interval: "daily" + + - package-ecosystem: "docker" + directory: "/ui-test/" + schedule: + interval: "daily" diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index e64d61328d9f1..0ef3522b87c87 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -11,7 +11,10 @@ Checklist: * [ ] Does this PR require documentation updates? * [ ] I've updated documentation as required by this PR. * [ ] Optional. My organization is added to USERS.md. -* [ ] I have signed off all my commits as required by [DCO](https://github.com/argoproj/argoproj/tree/master/community#contributing-to-argo) +* [ ] I have signed off all my commits as required by [DCO](https://github.com/argoproj/argoproj/blob/master/community/CONTRIBUTING.md#legal) * [ ] I have written unit and/or e2e tests for my change. PRs without these are unlikely to be merged. * [ ] My build is green ([troubleshooting builds](https://argo-cd.readthedocs.io/en/latest/developer-guide/ci/)). +* [ ] My new feature complies with the [feature status](https://github.com/argoproj/argoproj/blob/master/community/feature-status.md) guidelines. +* [ ] I have added a brief description of why this PR is necessary and/or what this PR solves. +Please see [Contribution FAQs](https://argo-cd.readthedocs.io/en/latest/developer-guide/faq/) if you have questions about your pull-request. diff --git a/.github/workflows/ci-build.yaml b/.github/workflows/ci-build.yaml index f8a6e6a267ea1..08fe2a26e0e04 100644 --- a/.github/workflows/ci-build.yaml +++ b/.github/workflows/ci-build.yaml @@ -51,7 +51,7 @@ jobs: with: go-version: ${{ env.GOLANG_VERSION }} - name: Restore go build cache - uses: actions/cache@69d9d449aced6a2ede0bc19182fadc3a0a42d2b0 # v3.2.6 + uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 with: path: ~/.cache/go-build key: ${{ runner.os }}-go-build-v1-${{ github.run_id }} @@ -116,7 +116,7 @@ jobs: run: | echo "/usr/local/bin" >> $GITHUB_PATH - name: Restore go build cache - uses: actions/cache@69d9d449aced6a2ede0bc19182fadc3a0a42d2b0 # v3.2.6 + uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 with: path: ~/.cache/go-build key: ${{ runner.os }}-go-build-v1-${{ github.run_id }} @@ -183,7 +183,7 @@ jobs: run: | echo "/usr/local/bin" >> $GITHUB_PATH - name: Restore go build cache - uses: actions/cache@69d9d449aced6a2ede0bc19182fadc3a0a42d2b0 # v3.2.6 + uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 with: path: ~/.cache/go-build key: ${{ runner.os }}-go-build-v1-${{ github.run_id }} @@ -269,7 +269,7 @@ jobs: node-version: '12.18.4' - name: Restore node dependency cache id: cache-dependencies - uses: actions/cache@69d9d449aced6a2ede0bc19182fadc3a0a42d2b0 # v3.2.6 + uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 with: path: ui/node_modules key: ${{ runner.os }}-node-dep-v2-${{ hashFiles('**/yarn.lock') }} @@ -304,7 +304,7 @@ jobs: fetch-depth: 0 - name: Restore node dependency cache id: cache-dependencies - uses: actions/cache@69d9d449aced6a2ede0bc19182fadc3a0a42d2b0 # v3.2.6 + uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 with: path: ui/node_modules key: ${{ runner.os }}-node-dep-v2-${{ hashFiles('**/yarn.lock') }} @@ -398,7 +398,7 @@ jobs: sudo chown runner $HOME/.kube/config kubectl version - name: Restore go build cache - uses: actions/cache@69d9d449aced6a2ede0bc19182fadc3a0a42d2b0 # v3.2.6 + uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 with: path: ~/.cache/go-build key: ${{ runner.os }}-go-build-v1-${{ github.run_id }} @@ -426,7 +426,7 @@ jobs: run: | docker pull ghcr.io/dexidp/dex:v2.35.3 docker pull argoproj/argo-cd-ci-builder:v1.0.0 - docker pull redis:7.0.8-alpine + docker pull redis:7.0.9-alpine - name: Create target directory for binaries in the build-process run: | mkdir -p dist diff --git a/.github/workflows/image.yaml b/.github/workflows/image.yaml index 2004eb139356c..677e466ee0f87 100644 --- a/.github/workflows/image.yaml +++ b/.github/workflows/image.yaml @@ -54,7 +54,7 @@ jobs: # build - uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # v2.1.0 - - uses: docker/setup-buildx-action@f03ac48505955848960e80bbb68046aa35c7b9e7 # v2.4.1 + - uses: docker/setup-buildx-action@4b4e9c3e2d4531116a6f8ba8e71fc6e2cb6e6c8c # v2.5.0 - run: | IMAGE_PLATFORMS=linux/amd64 if [[ "${{ github.event_name }}" == "push" || "${{ contains(github.event.pull_request.labels.*.name, 'test-arm-image') }}" == "true" ]] diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index f213d7fa63dd3..d076dd6372d81 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -205,7 +205,7 @@ jobs: if: ${{ env.DRY_RUN != 'true' }} - uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # v2.1.0 - - uses: docker/setup-buildx-action@f03ac48505955848960e80bbb68046aa35c7b9e7 # v2.4.1 + - uses: docker/setup-buildx-action@4b4e9c3e2d4531116a6f8ba8e71fc6e2cb6e6c8c # v2.5.0 - name: Build and push Docker image for release run: | set -ue diff --git a/.gitpod.Dockerfile b/.gitpod.Dockerfile index 0560d5987f427..42b5cfea72e0e 100644 --- a/.gitpod.Dockerfile +++ b/.gitpod.Dockerfile @@ -1,4 +1,4 @@ -FROM gitpod/workspace-full +FROM gitpod/workspace-full@sha256:d5787229cd062aceae91109f1690013d3f25062916492fb7f444d13de3186178 USER root diff --git a/Dockerfile b/Dockerfile index 4f4020e966ca3..b8087011e01d7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,10 +1,10 @@ -ARG BASE_IMAGE=docker.io/library/ubuntu:22.04 +ARG BASE_IMAGE=docker.io/library/ubuntu:22.04@sha256:9a0bdde4188b896a372804be2384015e90e3f84906b750c1a53539b585fbbe7f #################################################################################################### # Builder image # Initial stage which pulls prepares build dependencies and CLI tooling we need for our final image # Also used as the image in CI jobs so needs all dependencies #################################################################################################### -FROM docker.io/library/golang:1.19 AS builder +FROM docker.io/library/golang:1.19.6@sha256:7ce31d15a3a4dbf20446cccffa4020d3a2974ad2287d96123f55caf22c7adb71 AS builder RUN echo 'deb http://deb.debian.org/debian buster-backports main' >> /etc/apt/sources.list @@ -83,7 +83,7 @@ WORKDIR /home/argocd #################################################################################################### # Argo CD UI stage #################################################################################################### -FROM --platform=$BUILDPLATFORM docker.io/library/node:12.18.4 AS argocd-ui +FROM --platform=$BUILDPLATFORM docker.io/library/node:12.18.4@sha256:8cfe7e8dc60095a4f9d25a3f0f208503559fa033a15e2ddd87dee85bec101a2e AS argocd-ui WORKDIR /src COPY ["ui/package.json", "ui/yarn.lock", "./"] @@ -101,7 +101,7 @@ RUN HOST_ARCH=$TARGETARCH NODE_ENV='production' NODE_ONLINE_ENV='online' NODE_OP #################################################################################################### # Argo CD Build stage which performs the actual build of Argo CD binaries #################################################################################################### -FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.19 AS argocd-build +FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.19.6@sha256:7ce31d15a3a4dbf20446cccffa4020d3a2974ad2287d96123f55caf22c7adb71 AS argocd-build WORKDIR /go/src/github.com/argoproj/argo-cd @@ -132,3 +132,4 @@ RUN ln -s /usr/local/bin/argocd /usr/local/bin/argocd-server && \ ln -s /usr/local/bin/argocd /usr/local/bin/argocd-k8s-auth USER $ARGOCD_USER_ID +ENTRYPOINT ["/usr/bin/tini", "--"] diff --git a/Makefile b/Makefile index 24f41e1c98404..9734575a904ba 100644 --- a/Makefile +++ b/Makefile @@ -219,7 +219,7 @@ clidocsgen: ensure-gopath .PHONY: codegen-local -codegen-local: ensure-gopath mod-vendor-local notification-docs notification-catalog gogen protogen clientgen openapigen clidocsgen manifests-local +codegen-local: ensure-gopath mod-vendor-local gogen protogen clientgen openapigen clidocsgen manifests-local notification-docs notification-catalog rm -rf vendor/ .PHONY: codegen diff --git a/README.md b/README.md index 0720dfa7ceebf..9dcf47c1d1bed 100644 --- a/README.md +++ b/README.md @@ -81,7 +81,7 @@ Participation in the Argo CD project is governed by the [CNCF Code of Conduct](h 1. [Applied GitOps with Argo CD](https://thenewstack.io/applied-gitops-with-argocd/) 1. [Solving configuration drift using GitOps with Argo CD](https://www.cncf.io/blog/2020/12/17/solving-configuration-drift-using-gitops-with-argo-cd/) 1. [Decentralized GitOps over environments](https://blogs.sap.com/2021/05/06/decentralized-gitops-over-environments/) -1. [How GitOps and Operators mark the rise of Infrastructure-As-Software](https://paytmlabs.com/blog/2021/10/how-to-improve-operational-work-with-operators-and-gitops/) 1. [Getting Started with ArgoCD for GitOps Deployments](https://youtu.be/AvLuplh1skA) 1. [Using Argo CD & Datree for Stable Kubernetes CI/CD Deployments](https://youtu.be/17894DTru2Y) +1. [How to create Argo CD Applications Automatically using ApplicationSet? "Automation of GitOps"](https://amralaayassen.medium.com/how-to-create-argocd-applications-automatically-using-applicationset-automation-of-the-gitops-59455eaf4f72) diff --git a/USERS.md b/USERS.md index 16845503886c3..8e7894156f13c 100644 --- a/USERS.md +++ b/USERS.md @@ -197,6 +197,7 @@ Currently, the following organizations are **officially** using Argo CD: 1. [RapidAPI](https://www.rapidapi.com/) 1. [Recreation.gov](https://www.recreation.gov/) 1. [Red Hat](https://www.redhat.com/) +1. [Redpill Linpro](https://www.redpill-linpro.com/) 1. [reev.com](https://www.reev.com/) 1. [RightRev](https://rightrev.com/) 1. [Rise](https://www.risecard.eu/) diff --git a/applicationset/controllers/applicationset_controller.go b/applicationset/controllers/applicationset_controller.go index b008c12d3b877..194fc47623a9b 100644 --- a/applicationset/controllers/applicationset_controller.go +++ b/applicationset/controllers/applicationset_controller.go @@ -53,7 +53,7 @@ const ( ) var ( - preservedAnnotations = []string{ + defaultPreservedAnnotations = []string{ NotifiedAnnotationKey, argov1alpha1.AnnotationKeyRefresh, } @@ -577,9 +577,15 @@ func (r *ApplicationSetReconciler) createOrUpdateInCluster(ctx context.Context, found.Operation = generatedApp.Operation } + preservedAnnotations := make([]string, 0) + if applicationSet.Spec.PreservedFields != nil { + preservedAnnotations = append(preservedAnnotations, applicationSet.Spec.PreservedFields.Annotations...) + } // Preserve specially treated argo cd annotations: // * https://github.com/argoproj/applicationset/issues/180 // * https://github.com/argoproj/argo-cd/issues/10500 + preservedAnnotations = append(preservedAnnotations, defaultPreservedAnnotations...) + for _, key := range preservedAnnotations { if state, exists := found.ObjectMeta.Annotations[key]; exists { if generatedApp.Annotations == nil { diff --git a/applicationset/controllers/applicationset_controller_test.go b/applicationset/controllers/applicationset_controller_test.go index 76e46659d9639..b89d95d671403 100644 --- a/applicationset/controllers/applicationset_controller_test.go +++ b/applicationset/controllers/applicationset_controller_test.go @@ -823,6 +823,73 @@ func TestCreateOrUpdateInCluster(t *testing.T) { }, }, }, + }, { + name: "Ensure that configured preserved annotations are preserved from an existing app", + appSet: argov1alpha1.ApplicationSet{ + ObjectMeta: metav1.ObjectMeta{ + Name: "name", + Namespace: "namespace", + }, + Spec: argov1alpha1.ApplicationSetSpec{ + Template: argov1alpha1.ApplicationSetTemplate{ + Spec: argov1alpha1.ApplicationSpec{ + Project: "project", + }, + }, + PreservedFields: &argov1alpha1.ApplicationPreservedFields{ + Annotations: []string{"preserved-annot-key"}, + }, + }, + }, + existingApps: []argov1alpha1.Application{ + { + TypeMeta: metav1.TypeMeta{ + Kind: "Application", + APIVersion: "argoproj.io/v1alpha1", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "app1", + Namespace: "namespace", + ResourceVersion: "2", + Annotations: map[string]string{ + "annot-key": "annot-value", + "preserved-annot-key": "preserved-annot-value", + }, + }, + Spec: argov1alpha1.ApplicationSpec{ + Project: "project", + }, + }, + }, + desiredApps: []argov1alpha1.Application{ + { + ObjectMeta: metav1.ObjectMeta{ + Name: "app1", + }, + Spec: argov1alpha1.ApplicationSpec{ + Project: "project", + }, + }, + }, + expected: []argov1alpha1.Application{ + { + TypeMeta: metav1.TypeMeta{ + Kind: "Application", + APIVersion: "argoproj.io/v1alpha1", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "app1", + Namespace: "namespace", + ResourceVersion: "3", + Annotations: map[string]string{ + "preserved-annot-key": "preserved-annot-value", + }, + }, + Spec: argov1alpha1.ApplicationSpec{ + Project: "project", + }, + }, + }, }, } { diff --git a/applicationset/services/scm_provider/gitlab.go b/applicationset/services/scm_provider/gitlab.go index cbd0f36293515..26f8060f2b669 100644 --- a/applicationset/services/scm_provider/gitlab.go +++ b/applicationset/services/scm_provider/gitlab.go @@ -4,6 +4,7 @@ import ( "context" "fmt" "os" + "net/http" pathpkg "path" gitlab "github.com/xanzy/go-gitlab" @@ -144,7 +145,11 @@ func (g *GitlabProvider) listBranches(_ context.Context, repo *Repository) ([]gi branches := []gitlab.Branch{} // If we don't specifically want to query for all branches, just use the default branch and call it a day. if !g.allBranches { - gitlabBranch, _, err := g.client.Branches.GetBranch(repo.RepositoryId, repo.Branch, nil) + gitlabBranch, resp, err := g.client.Branches.GetBranch(repo.RepositoryId, repo.Branch, nil) + // 404s are not an error here, just a normal false. + if resp != nil && resp.StatusCode == http.StatusNotFound { + return []gitlab.Branch{}, nil + } if err != nil { return nil, err } @@ -157,6 +162,10 @@ func (g *GitlabProvider) listBranches(_ context.Context, repo *Repository) ([]gi } for { gitlabBranches, resp, err := g.client.Branches.ListBranches(repo.RepositoryId, opt) + // 404s are not an error here, just a normal false. + if resp != nil && resp.StatusCode == http.StatusNotFound { + return []gitlab.Branch{}, nil + } if err != nil { return nil, err } diff --git a/applicationset/services/scm_provider/gitlab_test.go b/applicationset/services/scm_provider/gitlab_test.go index 272eab17c94da..2fd61f28b6eea 100644 --- a/applicationset/services/scm_provider/gitlab_test.go +++ b/applicationset/services/scm_provider/gitlab_test.go @@ -274,6 +274,8 @@ func gitlabMockHandler(t *testing.T) func(http.ResponseWriter, *http.Request) { if err != nil { t.Fail() } + case "/api/v4/projects/27084533/repository/branches/foo": + w.WriteHeader(http.StatusNotFound) default: _, err := io.WriteString(w, `[]`) if err != nil { @@ -391,3 +393,29 @@ func TestGitlabHasPath(t *testing.T) { }) } } + +func TestGitlabGetBranches(t *testing.T) { + ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + gitlabMockHandler(t)(w, r) + })) + host, _ := NewGitlabProvider(context.Background(), "test-argocd-proton", "", ts.URL, false, true) + + repo := &Repository{ + RepositoryId: 27084533, + Branch: "master", + } + t.Run("branch exists", func(t *testing.T) { + repos, err := host.GetBranches(context.Background(), repo) + assert.Nil(t, err) + assert.Equal(t, repos[0].Branch, "master") + }) + + repo2 := &Repository{ + RepositoryId: 27084533, + Branch: "foo", + } + t.Run("unknown branch", func(t *testing.T) { + _, err := host.GetBranches(context.Background(), repo2) + assert.NoError(t, err) + }) +} diff --git a/assets/swagger.json b/assets/swagger.json index 4bbb97c796914..9752049fd7efb 100644 --- a/assets/swagger.json +++ b/assets/swagger.json @@ -5675,6 +5675,17 @@ } } }, + "v1alpha1ApplicationPreservedFields": { + "type": "object", + "properties": { + "annotations": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, "v1alpha1ApplicationSet": { "type": "object", "title": "ApplicationSet is a set of Application resources\n+genclient\n+genclient:noStatus\n+k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object\n+kubebuilder:resource:path=applicationsets,shortName=appset;appsets\n+kubebuilder:subresource:status", @@ -5859,6 +5870,9 @@ "goTemplate": { "type": "boolean" }, + "preservedFields": { + "$ref": "#/definitions/v1alpha1ApplicationPreservedFields" + }, "strategy": { "$ref": "#/definitions/v1alpha1ApplicationSetStrategy" }, @@ -6131,6 +6145,10 @@ "type": "string", "title": "NameSuffix is a suffix appended to resources for Kustomize apps" }, + "namespace": { + "type": "string", + "title": "Namespace sets the namespace that Kustomize adds to all resources" + }, "version": { "type": "string", "title": "Version controls which version of Kustomize to use for rendering manifests" diff --git a/cmd/argocd-cmp-server/commands/argocd_cmp_server.go b/cmd/argocd-cmp-server/commands/argocd_cmp_server.go index ffb5eccc2f450..2b7bae66d6ed0 100644 --- a/cmd/argocd-cmp-server/commands/argocd_cmp_server.go +++ b/cmd/argocd-cmp-server/commands/argocd_cmp_server.go @@ -44,6 +44,14 @@ func NewCommand() *cobra.Command { config, err := plugin.ReadPluginConfig(configFilePath) errors.CheckError(err) + if !config.Spec.Discover.IsDefined() { + name := config.Metadata.Name + if config.Spec.Version != "" { + name = name + "-" + config.Spec.Version + } + log.Infof("No discovery configuration is defined for plugin %s. To use this plugin, specify %q in the Application's spec.source.plugin.name field.", config.Metadata.Name, name) + } + if otlpAddress != "" { var closer func() var err error diff --git a/cmd/argocd/commands/admin/cluster.go b/cmd/argocd/commands/admin/cluster.go index a9d8c034d7612..dd5833a21b048 100644 --- a/cmd/argocd/commands/admin/cluster.go +++ b/cmd/argocd/commands/admin/cluster.go @@ -541,6 +541,11 @@ func NewGenClusterConfigCommand(pathOpts *clientcmd.PathOptions) *cobra.Command return } + if clusterOpts.InCluster && clusterOpts.ClusterEndpoint != "" { + log.Fatal("Can only use one of --in-cluster or --cluster-endpoint") + return + } + overrides := clientcmd.ConfigOverrides{ Context: *clstContext, } @@ -580,9 +585,13 @@ func NewGenClusterConfigCommand(pathOpts *clientcmd.PathOptions) *cobra.Command errors.CheckError(err) clst := cmdutil.NewCluster(contextName, clusterOpts.Namespaces, clusterOpts.ClusterResources, conf, bearerToken, awsAuthConf, execProviderConf, labelsMap, annotationsMap) - if clusterOpts.InCluster { + if clusterOpts.InClusterEndpoint() { clst.Server = argoappv1.KubernetesInternalAPIServerAddr } + if clusterOpts.ClusterEndpoint == string(cmdutil.KubePublicEndpoint) { + // Ignore `kube-public` cluster endpoints, since this command is intended to run without invoking any network connections. + log.Warn("kube-public cluster endpoints are not supported. Falling back to the endpoint listed in the kubconfig context.") + } if clusterOpts.Shard >= 0 { clst.Shard = &clusterOpts.Shard } diff --git a/cmd/argocd/commands/app.go b/cmd/argocd/commands/app.go index db4d661c21eaf..38daa7ff3cbe7 100644 --- a/cmd/argocd/commands/app.go +++ b/cmd/argocd/commands/app.go @@ -643,6 +643,7 @@ type unsetOpts struct { namePrefix bool nameSuffix bool kustomizeVersion bool + kustomizeNamespace bool kustomizeImages []string parameters []string valuesFiles []string @@ -708,6 +709,7 @@ func NewApplicationUnsetCommand(clientOpts *argocdclient.ClientOptions) *cobra.C command.Flags().BoolVar(&opts.nameSuffix, "namesuffix", false, "Kustomize namesuffix") command.Flags().BoolVar(&opts.namePrefix, "nameprefix", false, "Kustomize nameprefix") command.Flags().BoolVar(&opts.kustomizeVersion, "kustomize-version", false, "Kustomize version") + command.Flags().BoolVar(&opts.kustomizeNamespace, "kustomize-namespace", false, "Kustomize namespace") command.Flags().StringArrayVar(&opts.kustomizeImages, "kustomize-image", []string{}, "Kustomize images name (e.g. --kustomize-image node --kustomize-image mysql)") command.Flags().StringArrayVar(&opts.pluginEnvs, "plugin-env", []string{}, "Unset plugin env variables (e.g --plugin-env name)") command.Flags().BoolVar(&opts.passCredentials, "pass-credentials", false, "Unset passCredentials") @@ -716,7 +718,7 @@ func NewApplicationUnsetCommand(clientOpts *argocdclient.ClientOptions) *cobra.C func unset(source *argoappv1.ApplicationSource, opts unsetOpts) (updated bool, nothingToUnset bool) { if source.Kustomize != nil { - if !opts.namePrefix && !opts.nameSuffix && !opts.kustomizeVersion && len(opts.kustomizeImages) == 0 { + if !opts.namePrefix && !opts.nameSuffix && !opts.kustomizeVersion && !opts.kustomizeNamespace && len(opts.kustomizeImages) == 0 { return false, true } @@ -735,6 +737,11 @@ func unset(source *argoappv1.ApplicationSource, opts unsetOpts) (updated bool, n source.Kustomize.Version = "" } + if opts.kustomizeNamespace && source.Kustomize.Namespace != "" { + updated = true + source.Kustomize.Namespace = "" + } + for _, kustomizeImage := range opts.kustomizeImages { for i, item := range source.Kustomize.Images { if argoappv1.KustomizeImage(kustomizeImage).Match(item) { diff --git a/cmd/argocd/commands/cluster.go b/cmd/argocd/commands/cluster.go index fa8a50d05c25f..a1d1589540af0 100644 --- a/cmd/argocd/commands/cluster.go +++ b/cmd/argocd/commands/cluster.go @@ -93,9 +93,17 @@ func NewClusterAddCommand(clientOpts *argocdclient.ClientOptions, pathOpts *clie cmdutil.PrintKubeContexts(configAccess) os.Exit(1) } + + if clusterOpts.InCluster && clusterOpts.ClusterEndpoint != "" { + log.Fatal("Can only use one of --in-cluster or --cluster-endpoint") + return + } + contextName := args[0] conf, err := getRestConfig(pathOpts, contextName) errors.CheckError(err) + clientset, err := kubernetes.NewForConfig(conf) + errors.CheckError(err) managerBearerToken := "" var awsAuthConf *argoappv1.AWSAuthConfig var execProviderConf *argoappv1.ExecProviderConfig @@ -114,13 +122,10 @@ func NewClusterAddCommand(clientOpts *argocdclient.ClientOptions, pathOpts *clie } } else { // Install RBAC resources for managing the cluster - clientset, err := kubernetes.NewForConfig(conf) - errors.CheckError(err) if clusterOpts.ServiceAccount != "" { managerBearerToken, err = clusterauth.GetServiceAccountBearerToken(clientset, clusterOpts.SystemNamespace, clusterOpts.ServiceAccount, common.BearerTokenTimeout) } else { isTerminal := isatty.IsTerminal(os.Stdout.Fd()) || isatty.IsCygwinTerminal(os.Stdout.Fd()) - if isTerminal && !skipConfirmation { accessLevel := "cluster" if len(clusterOpts.Namespaces) > 0 { @@ -147,9 +152,18 @@ func NewClusterAddCommand(clientOpts *argocdclient.ClientOptions, pathOpts *clie contextName = clusterOpts.Name } clst := cmdutil.NewCluster(contextName, clusterOpts.Namespaces, clusterOpts.ClusterResources, conf, managerBearerToken, awsAuthConf, execProviderConf, labelsMap, annotationsMap) - if clusterOpts.InCluster { + if clusterOpts.InClusterEndpoint() { clst.Server = argoappv1.KubernetesInternalAPIServerAddr + } else if clusterOpts.ClusterEndpoint == string(cmdutil.KubePublicEndpoint) { + endpoint, err := cmdutil.GetKubePublicEndpoint(clientset) + if err != nil || len(endpoint) == 0 { + log.Warnf("Failed to find the cluster endpoint from kube-public data: %v", err) + log.Infof("Falling back to the endpoint '%s' as listed in the kubeconfig context", clst.Server) + endpoint = clst.Server + } + clst.Server = endpoint } + if clusterOpts.Shard >= 0 { clst.Shard = &clusterOpts.Shard } diff --git a/cmd/util/app.go b/cmd/util/app.go index e80950533b054..e24decec98adb 100644 --- a/cmd/util/app.go +++ b/cmd/util/app.go @@ -69,6 +69,7 @@ type AppOptions struct { kustomizeCommonAnnotations []string kustomizeForceCommonLabels bool kustomizeForceCommonAnnotations bool + kustomizeNamespace string pluginEnvs []string Validate bool directoryExclude string @@ -123,6 +124,7 @@ func AddAppFlags(command *cobra.Command, opts *AppOptions) { command.Flags().StringArrayVar(&opts.kustomizeCommonAnnotations, "kustomize-common-annotation", []string{}, "Set common labels in Kustomize") command.Flags().BoolVar(&opts.kustomizeForceCommonLabels, "kustomize-force-common-label", false, "Force common labels in Kustomize") command.Flags().BoolVar(&opts.kustomizeForceCommonAnnotations, "kustomize-force-common-annotation", false, "Force common annotations in Kustomize") + command.Flags().StringVar(&opts.kustomizeNamespace, "kustomize-namespace", "", "Kustomize namespace") command.Flags().StringVar(&opts.directoryExclude, "directory-exclude", "", "Set glob expression used to exclude files from application source path") command.Flags().StringVar(&opts.directoryInclude, "directory-include", "", "Set glob expression used to include files from application source path") command.Flags().Int64Var(&opts.retryLimit, "sync-retry-limit", 0, "Max number of allowed sync retries") @@ -220,6 +222,8 @@ func SetAppSpecOptions(flags *pflag.FlagSet, spec *argoappv1.ApplicationSpec, ap setKustomizeOpt(source, kustomizeOpts{images: appOpts.kustomizeImages}) case "kustomize-version": setKustomizeOpt(source, kustomizeOpts{version: appOpts.kustomizeVersion}) + case "kustomize-namespace": + setKustomizeOpt(source, kustomizeOpts{namespace: appOpts.kustomizeNamespace}) case "kustomize-common-label": parsedLabels, err := label.Parse(appOpts.kustomizeCommonLabels) errors.CheckError(err) @@ -333,6 +337,7 @@ type kustomizeOpts struct { commonAnnotations map[string]string forceCommonLabels bool forceCommonAnnotations bool + namespace string } func setKustomizeOpt(src *argoappv1.ApplicationSource, opts kustomizeOpts) { @@ -348,6 +353,9 @@ func setKustomizeOpt(src *argoappv1.ApplicationSource, opts kustomizeOpts) { if opts.nameSuffix != "" { src.Kustomize.NameSuffix = opts.nameSuffix } + if opts.namespace != "" { + src.Kustomize.Namespace = opts.namespace + } if opts.commonLabels != nil { src.Kustomize.CommonLabels = opts.commonLabels } diff --git a/cmd/util/app_test.go b/cmd/util/app_test.go index 2e8ddc9e0fee7..d5a4ed2701ea1 100644 --- a/cmd/util/app_test.go +++ b/cmd/util/app_test.go @@ -91,6 +91,11 @@ func Test_setKustomizeOpt(t *testing.T) { setKustomizeOpt(&src, kustomizeOpts{version: "v0.1"}) assert.Equal(t, &v1alpha1.ApplicationSourceKustomize{Version: "v0.1"}, src.Kustomize) }) + t.Run("Namespace", func(t *testing.T) { + src := v1alpha1.ApplicationSource{} + setKustomizeOpt(&src, kustomizeOpts{namespace: "custom-namespace"}) + assert.Equal(t, &v1alpha1.ApplicationSourceKustomize{Namespace: "custom-namespace"}, src.Kustomize) + }) t.Run("Common labels", func(t *testing.T) { src := v1alpha1.ApplicationSource{} setKustomizeOpt(&src, kustomizeOpts{commonLabels: map[string]string{"foo1": "bar1", "foo2": "bar2"}}) diff --git a/cmd/util/cluster.go b/cmd/util/cluster.go index 1da0e53709993..7ceeca0d15e99 100644 --- a/cmd/util/cluster.go +++ b/cmd/util/cluster.go @@ -1,20 +1,33 @@ package util import ( + "context" "fmt" "os" "sort" "strings" "text/tabwriter" + "github.com/ghodss/yaml" "github.com/spf13/cobra" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/kubernetes" "k8s.io/client-go/rest" "k8s.io/client-go/tools/clientcmd" + clientcmdapiv1 "k8s.io/client-go/tools/clientcmd/api/v1" argoappv1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" "github.com/argoproj/argo-cd/v2/util/errors" ) +type ClusterEndpoint string + +const ( + KubeConfigEndpoint ClusterEndpoint = "kubeconfig" + KubePublicEndpoint ClusterEndpoint = "kube-public" + KubeInternalEndpoint ClusterEndpoint = "internal" +) + func PrintKubeContexts(ca clientcmd.ConfigAccess) { config, err := ca.GetStartingConfig() errors.CheckError(err) @@ -102,6 +115,30 @@ func NewCluster(name string, namespaces []string, clusterResources bool, conf *r return &clst } +// GetKubePublicEndpoint returns the kubernetes apiserver endpoint as published +// in the kube-public. +func GetKubePublicEndpoint(client kubernetes.Interface) (string, error) { + clusterInfo, err := client.CoreV1().ConfigMaps("kube-public").Get(context.TODO(), "cluster-info", metav1.GetOptions{}) + if err != nil { + return "", err + } + kubeconfig, ok := clusterInfo.Data["kubeconfig"] + if !ok { + return "", fmt.Errorf("cluster-info does not contain a public kubeconfig") + } + // Parse Kubeconfig and get server address + config := &clientcmdapiv1.Config{} + err = yaml.Unmarshal([]byte(kubeconfig), config) + if err != nil { + return "", fmt.Errorf("failed to parse cluster-info kubeconfig: %v", err) + } + if len(config.Clusters) == 0 { + return "", fmt.Errorf("cluster-info kubeconfig does not have any clusters") + } + + return config.Clusters[0].Cluster.Server, nil +} + type ClusterOptions struct { InCluster bool Upsert bool @@ -119,6 +156,13 @@ type ClusterOptions struct { ExecProviderEnv map[string]string ExecProviderAPIVersion string ExecProviderInstallHint string + ClusterEndpoint string +} + +// InClusterEndpoint returns true if ArgoCD should reference the in-cluster +// endpoint when registering the target cluster. +func (o ClusterOptions) InClusterEndpoint() bool { + return o.InCluster || o.ClusterEndpoint == string(KubeInternalEndpoint) } func AddClusterFlags(command *cobra.Command, opts *ClusterOptions) { @@ -135,4 +179,5 @@ func AddClusterFlags(command *cobra.Command, opts *ClusterOptions) { command.Flags().StringToStringVar(&opts.ExecProviderEnv, "exec-command-env", nil, "Environment vars to set when running the --exec-command executable") command.Flags().StringVar(&opts.ExecProviderAPIVersion, "exec-command-api-version", "", "Preferred input version of the ExecInfo for the --exec-command executable") command.Flags().StringVar(&opts.ExecProviderInstallHint, "exec-command-install-hint", "", "Text shown to the user when the --exec-command executable doesn't seem to be present") + command.Flags().StringVar(&opts.ClusterEndpoint, "cluster-endpoint", "", "Cluster endpoint to use. Can be one of the following: 'kubeconfig', 'kube-public', or 'internal'.") } diff --git a/cmd/util/cluster_test.go b/cmd/util/cluster_test.go index 6afea6fa7c17c..bb6de1a4a213b 100644 --- a/cmd/util/cluster_test.go +++ b/cmd/util/cluster_test.go @@ -4,8 +4,14 @@ import ( "strings" "testing" + "github.com/ghodss/yaml" "github.com/stretchr/testify/assert" + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/client-go/kubernetes/fake" "k8s.io/client-go/rest" + clientcmdapiv1 "k8s.io/client-go/tools/clientcmd/api/v1" "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" ) @@ -69,3 +75,109 @@ func Test_newCluster(t *testing.T) { assert.Nil(t, clusterWithBearerToken.Labels) assert.Nil(t, clusterWithBearerToken.Annotations) } + +func TestGetKubePublicEndpoint(t *testing.T) { + cases := []struct { + name string + clusterInfo *corev1.ConfigMap + expectedEndpoint string + expectError bool + }{ + { + name: "has public endpoint", + clusterInfo: &corev1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: "kube-public", + Name: "cluster-info", + }, + Data: map[string]string{ + "kubeconfig": kubeconfigFixture("https://test-cluster:6443"), + }, + }, + expectedEndpoint: "https://test-cluster:6443", + }, + { + name: "no cluster-info", + expectError: true, + }, + { + name: "no kubeconfig in cluster-info", + clusterInfo: &corev1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: "kube-public", + Name: "cluster-info", + }, + Data: map[string]string{ + "argo": "the project, not the movie", + }, + }, + expectError: true, + }, + { + name: "no clusters in cluster-info kubeconfig", + clusterInfo: &corev1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: "kube-public", + Name: "cluster-info", + }, + Data: map[string]string{ + "kubeconfig": kubeconfigFixture(""), + }, + }, + expectError: true, + }, + { + name: "can't parse kubeconfig", + clusterInfo: &corev1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: "kube-public", + Name: "cluster-info", + }, + Data: map[string]string{ + "kubeconfig": "this is not valid YAML", + }, + }, + expectError: true, + }, + } + + for _, tc := range cases { + t.Run(tc.name, func(t *testing.T) { + objects := []runtime.Object{} + if tc.clusterInfo != nil { + objects = append(objects, tc.clusterInfo) + } + clientset := fake.NewSimpleClientset(objects...) + endpoint, err := GetKubePublicEndpoint(clientset) + if err != nil && !tc.expectError { + t.Fatalf("unexpected error: %v", err) + } + if err == nil && tc.expectError { + t.Error("expected error to be returned, received none") + } + if endpoint != tc.expectedEndpoint { + t.Errorf("expected endpoint %s, got %s", tc.expectedEndpoint, endpoint) + } + }) + } + +} + +func kubeconfigFixture(endpoint string) string { + kubeconfig := &clientcmdapiv1.Config{} + if len(endpoint) > 0 { + kubeconfig.Clusters = []clientcmdapiv1.NamedCluster{ + { + Name: "test-kube", + Cluster: clientcmdapiv1.Cluster{ + Server: endpoint, + }, + }, + } + } + configYAML, err := yaml.Marshal(kubeconfig) + if err != nil { + return "" + } + return string(configYAML) +} diff --git a/cmpserver/plugin/config.go b/cmpserver/plugin/config.go index 3d07585ccae77..4dc564821257a 100644 --- a/cmpserver/plugin/config.go +++ b/cmpserver/plugin/config.go @@ -29,12 +29,16 @@ type PluginConfigSpec struct { Parameters Parameters `yaml:"parameters"` } -//Discover holds find and fileName +// Discover holds find and fileName type Discover struct { Find Find `json:"find"` FileName string `json:"fileName"` } +func (d Discover) IsDefined() bool { + return d.FileName != "" || d.Find.Glob == "" || len(d.Find.Command.Command) > 0 +} + // Command holds binary path and arguments list type Command struct { Command []string `json:"command,omitempty"` diff --git a/docs/2.7-2.8.md b/docs/2.7-2.8.md new file mode 100644 index 0000000000000..32f9e4cf1759c --- /dev/null +++ b/docs/2.7-2.8.md @@ -0,0 +1,5 @@ +# 2.7 to 2.8 + +## Tini as entrypoint + +With the 2.8 release `entrypoint.sh` will be removed from the containers, because starting with 2.7, the implicit entrypoint is set to `tini` in the `Dockerfile` explicitly, and the kubernetes manifests has been updated to use it. Simply updating the containers without updating the deployment manifests will result in pod startup failures, as the old manifests are relying on `entrypoint.sh` instead of `tini`. Please make sure the manifests are updated properly before moving to 2.8. diff --git a/docs/developer-guide/faq.md b/docs/developer-guide/faq.md index 0a8d936477bb4..5d9dda31949f7 100644 --- a/docs/developer-guide/faq.md +++ b/docs/developer-guide/faq.md @@ -6,11 +6,20 @@ Sure thing! You can either open an Enhancement Proposal in our GitHub issue tracker or you can [join us on Slack](https://argoproj.github.io/community/join-slack) in channel #argo-contributors to discuss your ideas and get guidance for submitting a PR. +!!! note + Regular [contributor meetings](https://argo-cd.readthedocs.io/en/latest/developer-guide/code-contributions/#regular-contributor-meeting) are held weekly. Please follow the link for more details. + ### No one has looked at my PR yet. Why? -As we have limited manpower, it can sometimes take a while for someone to respond to your PR. Especially, when your PR contains complex or non-obvious changes. Please bear with us, we try to look at every PR that we receive. +As we have limited resources, it can sometimes take a while for someone to respond to your PR. Especially, when your PR contains complex or non-obvious changes. Please bear with us, we try to look at every PR that we receive. Kindly ensure all applicable requirements have been met in your PR checklist. + +### How do I get my PR labeled `ready-for-review` ? + +Conventionally an initial review is performed from a Argo member or reviewer. Once the initial review is approved, it can be labeled `ready-for-review` and then added to the [Argo CD Review](https://github.com/orgs/argoproj/projects/28) Github project. Details of the project dashboard can be found [here](https://github.com/orgs/argoproj/projects/28?pane=info). + +High quality reviews are extremely encouraged from the community. A member/reviewer may work with a community reviewer to get a PR labeled `ready-for-review`. It can then be added to the project dashboard and marked `Community Reviewed`. -### Why has my PR been declined? I put much work in it! +### Why has my PR been declined? I put so much work into it! We appreciate that you have put your valuable time and know how into a contribution. Alas, some changes do not fit into the overall ArgoCD philosophy, and therefore can't be merged into the official ArgoCD source tree. diff --git a/docs/operator-manual/application.yaml b/docs/operator-manual/application.yaml index 28543a436e728..37c4fb3ca1a10 100644 --- a/docs/operator-manual/application.yaml +++ b/docs/operator-manual/application.yaml @@ -85,6 +85,7 @@ spec: images: - gcr.io/heptio-images/ks-guestbook-demo:0.2 - my-app=gcr.io/my-repo/my-app:0.1 + namespace: custom-namespace # directory directory: diff --git a/docs/operator-manual/applicationset/Controlling-Resource-Modification.md b/docs/operator-manual/applicationset/Controlling-Resource-Modification.md index f0bf6d37693ba..0e1e29f43359c 100644 --- a/docs/operator-manual/applicationset/Controlling-Resource-Modification.md +++ b/docs/operator-manual/applicationset/Controlling-Resource-Modification.md @@ -121,6 +121,37 @@ cd applicationset/manifests kubectl apply -n argocd -f install.yaml ``` +## Preserving changes made to an Applications annotations + +It is common practice in Kubernetes to store state in annotations, operators will often make use of this. To allow for this, it is possible to configure a list of annotations that the ApplicationSet should preserve when reconciling. + +For example, imagine that we have an Application created from an ApplicationSet, but a custom annotation has since been added (to the Application) that does not exist in the `ApplicationSet` resource: +```yaml +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + annotations: + # This annotation exists only on this Application, and not in + # the parent ApplicationSet template: + my-custom-annotation: some-value +spec: + # (...) +``` + +To preserve this annotation we can use the `preservedFields` property of the `ApplicationSet` like so: +```yaml +apiVersion: argoproj.io/v1alpha1 +kind: ApplicationSet +spec: + # (...) + preservedFields: + annotations: ["my-custom-annotation"] +``` + +The ApplicationSet controller will leave this annotation as-is when reconciling, even though it is not an annotation defined in the metadata of the ApplicationSet itself. + +By default, the Argo CD notifications and the Argo CD refresh type annotations are also preserved. + ## Limitations: what isn't supported as of the current release Here is a list of commonly requested resource modification features which are not supported as of the current release. This lack of support is *not* necessarily by design; rather these behaviours are documented here to provide clear, concise descriptions of the current state of the feature. @@ -144,22 +175,22 @@ As of this writing, there is [an issue open](https://github.com/argoproj/applica ### Limitation: ApplicationSet controller will not selectively ignore changes to individual fields -There is currently no way to instruct the ApplicationSet controller to ignore changes to individual fields of Applications. +Currently, you can only instruct the ApplicationSet controller to ignore changes to Application annotations. For example, imagine that we have an Application created from an ApplicationSet, but a user has attempted to add a custom annotation (to the Application) that does not exist in the `ApplicationSet` resource: ```yaml apiVersion: argoproj.io/v1alpha1 kind: Application metadata: - annotations: - # This annotation exists only on this Application, and not in + labels: + # This label exists only on this Application, and not in # the parent ApplicationSet template: - my-custom-annotation: some-value + my-custom-label: some-value spec: # (...) ``` -As above, the `ApplicationSet` resource does not have a `my-custom-annotation: some-value` annotation in the `.spec.template.annotations` for the Application. +As above, the `ApplicationSet` resource does not have a `my-custom-label: some-value` label in the `.spec.template.labels` for the Application. Since this field is not in the ApplicationSet template, as soon as a user adds this custom annotation, it will be immediately reverted (removed) by the ApplicationSet controller. @@ -167,6 +198,6 @@ There is currently no support for disabling or customizing this behaviour. To some extent this is by design: the main principle of ApplicationSets is that we maintain a 1-to-many relationship between the ApplicationSet and the Applications that it owns, such that all the Applications necessarily conform to a strict template. -This provides the advantages of the 'cattle not pets' philosophy of microservice/cloud native application resource management, wherein you don't need to worry about individual Applications differing from each other in subtle ways: they will all necessarily be reconciled to be consistent with the parent template. +This provides the advantages of the 'cattle not pets' philosophy of microservice/cloud native application resource management, wherein you don't need to worry about individual Applications differing from each other in subtle ways: they will all necessarily be reconciled to be consistent with the parent template. -BUT, admittedly, that is not always desirable 100% of the time, and there may be a better balance to be found, so discussions are continuing on GitHub and Slack. +BUT, support exists for preserving changes to Application annotations as documented [above](#preserving-changes-made-to-an-applications-annotations). diff --git a/docs/operator-manual/applicationset/Generators-Post-Selector.md b/docs/operator-manual/applicationset/Generators-Post-Selector.md new file mode 100644 index 0000000000000..20f367ada7a1f --- /dev/null +++ b/docs/operator-manual/applicationset/Generators-Post-Selector.md @@ -0,0 +1,43 @@ +# Post Selector all generators + +The Selector allows to post-filter based on generated values using the kubernetes common labelSelector format. In the example, the list generator generates a set of two application which then filter by the key value to only select the `env` with value `staging`: + +## Example: List generator + Post Selector +```yaml +apiVersion: argoproj.io/v1alpha1 +kind: ApplicationSet +metadata: + name: guestbook +spec: + generators: + - list: + elements: + - cluster: engineering-dev + url: https://kubernetes.default.svc + env: staging + - cluster: engineering-prod + url: https://kubernetes.default.svc + env: prod + selector: + matchLabels: + env: staging + template: + metadata: + name: '{{cluster}}-guestbook' + spec: + project: default + source: + repoURL: https://github.com/argoproj-labs/applicationset.git + targetRevision: HEAD + path: examples/list-generator/guestbook/{{cluster}} + destination: + server: '{{url}}' + namespace: guestbook +``` + +The List generator + Post Selector generates a single set of parameters: +```yaml +- cluster: engineering-dev + url: https://kubernetes.default.svc + env: staging +``` \ No newline at end of file diff --git a/docs/operator-manual/applicationset/Generators.md b/docs/operator-manual/applicationset/Generators.md index cd61db5da7918..5c162463d6e89 100644 --- a/docs/operator-manual/applicationset/Generators.md +++ b/docs/operator-manual/applicationset/Generators.md @@ -15,4 +15,6 @@ As of this writing there are eight generators: - [Pull Request generator](Generators-Pull-Request.md): The Pull Request generator uses the API of an SCMaaS provider (eg GitHub) to automatically discover open pull requests within an repository. - [Cluster Decision Resource generator](Generators-Cluster-Decision-Resource.md): The Cluster Decision Resource generator is used to interface with Kubernetes custom resources that use custom resource-specific logic to decide which set of Argo CD clusters to deploy to. +All generators can be filtered by using the [Post Selector](Generators-Post-Selector.md) + If you are new to generators, begin with the **List** and **Cluster** generators. For more advanced use cases, see the documentation for the remaining generators above. diff --git a/docs/operator-manual/upgrading/2.6-2.7.md b/docs/operator-manual/upgrading/2.6-2.7.md index fa5e9ea9f7841..b31bedf8e51dc 100644 --- a/docs/operator-manual/upgrading/2.6-2.7.md +++ b/docs/operator-manual/upgrading/2.6-2.7.md @@ -36,7 +36,7 @@ p, role:org-admin, extensions, invoke, my-proj/*, allow ## Upgraded Helm Version -Note that bundled Helm version has been upgraded from 3.10.3 to 3.11.1. +Note that bundled Helm version has been upgraded from 3.10.3 to 3.11.2. [1]: ../../developer-guide/extensions/proxy-extensions.md [2]: https://argo-cd.readthedocs.io/en/stable/operator-manual/rbac/#the-extensions-resource @@ -45,3 +45,9 @@ Note that bundled Helm version has been upgraded from 3.10.3 to 3.11.1. Argo CD 2.7 upgrades Sprig templating specifically within Argo CD notifications to v3. That upgrade includes an upgrade of [Masterminds/semver](https://github.com/Masterminds/semver/releases) to v3. Masterminds/semver v3 changed the behavior of the `^` prefix in semantic version constraints. If you are using sprig template functions in your notifications templates which include references to [Sprig's semver functions](https://masterminds.github.io/sprig/semver.html) and use the `^` prefix, read the [Masterminds/semver changelog](https://github.com/Masterminds/semver/releases/tag/v3.0.0) to understand how your notifications' behavior may change. + +## Tini as entrypoint + +The manifests are now using [`tini` as entrypoint][1], instead of `entrypoint.sh`. Until 2.8, `entrypoint.sh` is retained for upgrade compatibility. This means that the deployment manifests have to be updated after upgrading to 2.7, and before upgrading to 2.8 later. In case the manifests are updated before moving to 2.8, the containers will not be able to start. + +[1]: https://github.com/argoproj/argo-cd/pull/12707 diff --git a/docs/operator-manual/upgrading/overview.md b/docs/operator-manual/upgrading/overview.md index 736f84c911e22..0c1ede757c324 100644 --- a/docs/operator-manual/upgrading/overview.md +++ b/docs/operator-manual/upgrading/overview.md @@ -37,6 +37,7 @@ kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/ +* [v2.6 to v2.7](./2.6-2.7.md) * [v2.5 to v2.6](./2.5-2.6.md) * [v2.4 to v2.5](./2.4-2.5.md) * [v2.3 to v2.4](./2.3-2.4.md) diff --git a/docs/snyk/index.md b/docs/snyk/index.md index 9801e292d3b44..efc5b96e2a4d2 100644 --- a/docs/snyk/index.md +++ b/docs/snyk/index.md @@ -17,46 +17,46 @@ recent minor releases. | [ui/yarn.lock](master/argocd-test.html) | 0 | 0 | 0 | 0 | | [dex:v2.35.3](master/ghcr.io_dexidp_dex_v2.35.3.html) | 0 | 3 | 1 | 0 | | [haproxy:2.6.9-alpine](master/haproxy_2.6.9-alpine.html) | 0 | 0 | 0 | 0 | -| [argocd:latest](master/quay.io_argoproj_argocd_latest.html) | 0 | 0 | 1 | 14 | +| [argocd:latest](master/quay.io_argoproj_argocd_latest.html) | 0 | 0 | 0 | 14 | | [redis:7.0.8-alpine](master/redis_7.0.8-alpine.html) | 0 | 0 | 0 | 0 | | [install.yaml](master/argocd-iac-install.html) | - | - | - | - | | [namespace-install.yaml](master/argocd-iac-namespace-install.html) | - | - | - | - | -### v2.6.3 +### v2.6.4 | | Critical | High | Medium | Low | |---:|:--------:|:----:|:------:|:---:| -| [go.mod](v2.6.3/argocd-test.html) | 0 | 1 | 0 | 0 | -| [ui/yarn.lock](v2.6.3/argocd-test.html) | 0 | 0 | 0 | 0 | -| [dex:v2.35.3](v2.6.3/ghcr.io_dexidp_dex_v2.35.3.html) | 0 | 3 | 1 | 0 | -| [haproxy:2.6.2-alpine](v2.6.3/haproxy_2.6.2-alpine.html) | 0 | 3 | 1 | 0 | -| [argocd:v2.6.3](v2.6.3/quay.io_argoproj_argocd_v2.6.3.html) | 0 | 0 | 3 | 14 | -| [redis:7.0.7-alpine](v2.6.3/redis_7.0.7-alpine.html) | 0 | 6 | 1 | 1 | -| [install.yaml](v2.6.3/argocd-iac-install.html) | - | - | - | - | -| [namespace-install.yaml](v2.6.3/argocd-iac-namespace-install.html) | - | - | - | - | +| [go.mod](v2.6.4/argocd-test.html) | 0 | 2 | 0 | 0 | +| [ui/yarn.lock](v2.6.4/argocd-test.html) | 0 | 0 | 0 | 0 | +| [dex:v2.35.3](v2.6.4/ghcr.io_dexidp_dex_v2.35.3.html) | 0 | 3 | 1 | 0 | +| [haproxy:2.6.9-alpine](v2.6.4/haproxy_2.6.9-alpine.html) | 0 | 0 | 0 | 0 | +| [argocd:v2.6.4](v2.6.4/quay.io_argoproj_argocd_v2.6.4.html) | 0 | 0 | 0 | 14 | +| [redis:7.0.8-alpine](v2.6.4/redis_7.0.8-alpine.html) | 0 | 0 | 0 | 0 | +| [install.yaml](v2.6.4/argocd-iac-install.html) | - | - | - | - | +| [namespace-install.yaml](v2.6.4/argocd-iac-namespace-install.html) | - | - | - | - | -### v2.5.12 +### v2.5.13 | | Critical | High | Medium | Low | |---:|:--------:|:----:|:------:|:---:| -| [go.mod](v2.5.12/argocd-test.html) | 0 | 0 | 3 | 0 | -| [ui/yarn.lock](v2.5.12/argocd-test.html) | 0 | 0 | 4 | 0 | -| [dex:v2.35.3](v2.5.12/ghcr.io_dexidp_dex_v2.35.3.html) | 0 | 3 | 1 | 0 | -| [haproxy:2.6.2-alpine](v2.5.12/haproxy_2.6.2-alpine.html) | 0 | 3 | 1 | 0 | -| [argocd:v2.5.12](v2.5.12/quay.io_argoproj_argocd_v2.5.12.html) | 0 | 0 | 3 | 14 | -| [redis:7.0.7-alpine](v2.5.12/redis_7.0.7-alpine.html) | 0 | 6 | 1 | 1 | -| [install.yaml](v2.5.12/argocd-iac-install.html) | - | - | - | - | -| [namespace-install.yaml](v2.5.12/argocd-iac-namespace-install.html) | - | - | - | - | +| [go.mod](v2.5.13/argocd-test.html) | 0 | 1 | 3 | 0 | +| [ui/yarn.lock](v2.5.13/argocd-test.html) | 0 | 0 | 4 | 0 | +| [dex:v2.35.3](v2.5.13/ghcr.io_dexidp_dex_v2.35.3.html) | 0 | 3 | 1 | 0 | +| [haproxy:2.6.9-alpine](v2.5.13/haproxy_2.6.9-alpine.html) | 0 | 0 | 0 | 0 | +| [argocd:v2.5.13](v2.5.13/quay.io_argoproj_argocd_v2.5.13.html) | 0 | 0 | 0 | 14 | +| [redis:7.0.8-alpine](v2.5.13/redis_7.0.8-alpine.html) | 0 | 0 | 0 | 0 | +| [install.yaml](v2.5.13/argocd-iac-install.html) | - | - | - | - | +| [namespace-install.yaml](v2.5.13/argocd-iac-namespace-install.html) | - | - | - | - | -### v2.4.24 +### v2.4.25 | | Critical | High | Medium | Low | |---:|:--------:|:----:|:------:|:---:| -| [go.mod](v2.4.24/argocd-test.html) | 0 | 0 | 3 | 0 | -| [ui/yarn.lock](v2.4.24/argocd-test.html) | 0 | 0 | 4 | 0 | -| [dex:v2.35.3](v2.4.24/ghcr.io_dexidp_dex_v2.35.3.html) | 0 | 3 | 1 | 0 | -| [haproxy:2.0.29-alpine](v2.4.24/haproxy_2.0.29-alpine.html) | 0 | 3 | 1 | 0 | -| [argocd:v2.4.24](v2.4.24/quay.io_argoproj_argocd_v2.4.24.html) | 0 | 0 | 3 | 14 | -| [redis:7.0.7-alpine](v2.4.24/redis_7.0.7-alpine.html) | 0 | 6 | 1 | 1 | -| [install.yaml](v2.4.24/argocd-iac-install.html) | - | - | - | - | -| [namespace-install.yaml](v2.4.24/argocd-iac-namespace-install.html) | - | - | - | - | +| [go.mod](v2.4.25/argocd-test.html) | 0 | 1 | 3 | 0 | +| [ui/yarn.lock](v2.4.25/argocd-test.html) | 0 | 0 | 4 | 0 | +| [dex:v2.35.3](v2.4.25/ghcr.io_dexidp_dex_v2.35.3.html) | 0 | 3 | 1 | 0 | +| [haproxy:2.0.31-alpine](v2.4.25/haproxy_2.0.31-alpine.html) | 0 | 0 | 0 | 0 | +| [argocd:v2.4.25](v2.4.25/quay.io_argoproj_argocd_v2.4.25.html) | 0 | 0 | 0 | 14 | +| [redis:7.0.8-alpine](v2.4.25/redis_7.0.8-alpine.html) | 0 | 0 | 0 | 0 | +| [install.yaml](v2.4.25/argocd-iac-install.html) | - | - | - | - | +| [namespace-install.yaml](v2.4.25/argocd-iac-namespace-install.html) | - | - | - | - | diff --git a/docs/snyk/master/argocd-iac-install.html b/docs/snyk/master/argocd-iac-install.html index 76fe1dce66554..b9a1e86ab0c68 100644 --- a/docs/snyk/master/argocd-iac-install.html +++ b/docs/snyk/master/argocd-iac-install.html @@ -456,7 +456,7 @@

Snyk test report

-

March 5th 2023, 12:19:45 am

+

March 12th 2023, 12:16:57 am

Scanned the following path: @@ -466,7 +466,7 @@

Snyk test report

-
32 total issues
+
41 total issues
@@ -507,7 +507,7 @@

Role with dangerous permissions

  • - Line number: 15180 + Line number: 15319
    • @@ -553,7 +553,7 @@

    Role with dangerous permissions

  • - Line number: 15257 + Line number: 15396
    • @@ -599,7 +599,7 @@

    Role with dangerous permissions

  • - Line number: 15285 + Line number: 15424
    • @@ -645,7 +645,7 @@

    Role with dangerous permissions

  • - Line number: 15329 + Line number: 15468
    • @@ -691,7 +691,7 @@

    Role with dangerous permissions

  • - Line number: 15311 + Line number: 15450
    • @@ -737,7 +737,7 @@

    Role with dangerous permissions

  • - Line number: 15345 + Line number: 15484
    • @@ -789,7 +789,7 @@

    Container could be running with outdated image

  • - Line number: 16349 + Line number: 16487
    • @@ -847,7 +847,7 @@

    Container has no CPU limit

  • - Line number: 15812 + Line number: 15951
    • @@ -905,7 +905,7 @@

    Container has no CPU limit

  • - Line number: 15985 + Line number: 16123
    • @@ -963,7 +963,7 @@

    Container has no CPU limit

  • - Line number: 15951 + Line number: 16089
    • @@ -1021,7 +1021,7 @@

    Container has no CPU limit

  • - Line number: 16041 + Line number: 16179
    • @@ -1079,7 +1079,7 @@

    Container has no CPU limit

  • - Line number: 16115 + Line number: 16253
    • @@ -1137,7 +1137,7 @@

    Container has no CPU limit

  • - Line number: 16349 + Line number: 16487
    • @@ -1195,7 +1195,7 @@

    Container has no CPU limit

  • - Line number: 16171 + Line number: 16309
    • @@ -1253,7 +1253,7 @@

    Container has no CPU limit

  • - Line number: 16434 + Line number: 16572
    • @@ -1311,7 +1311,7 @@

    Container has no CPU limit

  • - Line number: 16738 + Line number: 16876
    • @@ -1363,7 +1363,7 @@

    Container is running with multiple open ports

  • - Line number: 15965 + Line number: 16103
    • @@ -1419,7 +1419,7 @@

    Container is running with writable root filesystem

  • - Line number: 16125 + Line number: 16263
    • @@ -1471,7 +1471,7 @@

    Container is running without liveness probe

  • - Line number: 15812 + Line number: 15951
    • @@ -1523,7 +1523,7 @@

    Container is running without liveness probe

  • - Line number: 15951 + Line number: 16089
    • @@ -1575,7 +1575,7 @@

    Container is running without liveness probe

  • - Line number: 15985 + Line number: 16123
    • @@ -1627,7 +1627,7 @@

    Container is running without liveness probe

  • - Line number: 16115 + Line number: 16253
    • @@ -1679,7 +1679,7 @@

    Container is running without liveness probe

  • - Line number: 16349 + Line number: 16487
    • @@ -1737,7 +1737,7 @@

    Container is running without memory limit

  • - Line number: 15812 + Line number: 15951
    • @@ -1795,7 +1795,7 @@

    Container is running without memory limit

  • - Line number: 15951 + Line number: 16089
    • @@ -1853,7 +1853,7 @@

    Container is running without memory limit

  • - Line number: 15985 + Line number: 16123
    • @@ -1911,7 +1911,7 @@

    Container is running without memory limit

  • - Line number: 16041 + Line number: 16179
    • @@ -1969,7 +1969,7 @@

    Container is running without memory limit

  • - Line number: 16115 + Line number: 16253
    • @@ -2027,7 +2027,7 @@

    Container is running without memory limit

  • - Line number: 16349 + Line number: 16487
    • @@ -2085,7 +2085,7 @@

    Container is running without memory limit

  • - Line number: 16171 + Line number: 16309
    • @@ -2143,7 +2143,7 @@

    Container is running without memory limit

  • - Line number: 16434 + Line number: 16572
    • @@ -2201,7 +2201,7 @@

    Container is running without memory limit

  • - Line number: 16738 + Line number: 16876
    • @@ -2222,6 +2222,510 @@

    Remediation

    +
    +

    Container's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 42] + › + input + › + spec + › + template + › + spec + › + containers[argocd-applicationset-controller] + › + securityContext + › + runAsUser + +
      • + +
    • + Line number: 16026 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 43] + › + input + › + spec + › + template + › + spec + › + initContainers[copyutil] + › + securityContext + › + runAsUser + +
      • + +
    • + Line number: 16131 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 43] + › + input + › + spec + › + template + › + spec + › + containers[dex] + › + securityContext + › + runAsUser + +
      • + +
    • + Line number: 16106 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 44] + › + input + › + spec + › + template + › + spec + › + containers[argocd-notifications-controller] + › + securityContext + › + runAsUser + +
      • + +
    • + Line number: 16187 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 45] + › + input + › + spec + › + template + › + spec + › + containers[redis] + › + securityContext + › + runAsUser + +
      • + +
    • + Line number: 16263 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 46] + › + input + › + spec + › + template + › + spec + › + initContainers[copyutil] + › + securityContext + › + runAsUser + +
      • + +
    • + Line number: 16494 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 46] + › + input + › + spec + › + template + › + spec + › + containers[argocd-repo-server] + › + securityContext + › + runAsUser + +
      • + +
    • + Line number: 16460 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 47] + › + input + › + spec + › + template + › + spec + › + containers[argocd-server] + › + securityContext + › + runAsUser + +
      • + +
    • + Line number: 16786 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 48] + › + input + › + spec + › + template + › + spec + › + containers[argocd-application-controller] + › + securityContext + › + runAsUser + +
      • + +
    • + Line number: 17012 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    diff --git a/docs/snyk/master/argocd-iac-namespace-install.html b/docs/snyk/master/argocd-iac-namespace-install.html index 271e6be5713f3..7d6bb20f74cc4 100644 --- a/docs/snyk/master/argocd-iac-namespace-install.html +++ b/docs/snyk/master/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    March 5th 2023, 12:19:55 am

    +

    March 12th 2023, 12:17:08 am

    Scanned the following path: @@ -466,7 +466,7 @@

    Snyk test report

    -
    32 total issues
    +
    41 total issues
    @@ -789,7 +789,7 @@

    Container could be running with outdated image

  • - Line number: 1153 + Line number: 1152
    • @@ -905,7 +905,7 @@

    Container has no CPU limit

  • - Line number: 789 + Line number: 788
    • @@ -963,7 +963,7 @@

    Container has no CPU limit

  • - Line number: 755 + Line number: 754
    • @@ -1021,7 +1021,7 @@

    Container has no CPU limit

  • - Line number: 845 + Line number: 844
    • @@ -1079,7 +1079,7 @@

    Container has no CPU limit

  • - Line number: 919 + Line number: 918
    • @@ -1137,7 +1137,7 @@

    Container has no CPU limit

  • - Line number: 1153 + Line number: 1152
    • @@ -1195,7 +1195,7 @@

    Container has no CPU limit

  • - Line number: 975 + Line number: 974
    • @@ -1253,7 +1253,7 @@

    Container has no CPU limit

  • - Line number: 1238 + Line number: 1237
    • @@ -1311,7 +1311,7 @@

    Container has no CPU limit

  • - Line number: 1542 + Line number: 1541
    • @@ -1363,7 +1363,7 @@

    Container is running with multiple open ports

  • - Line number: 769 + Line number: 768
    • @@ -1419,7 +1419,7 @@

    Container is running with writable root filesystem

  • - Line number: 929 + Line number: 928
    • @@ -1523,7 +1523,7 @@

    Container is running without liveness probe

  • - Line number: 755 + Line number: 754
    • @@ -1575,7 +1575,7 @@

    Container is running without liveness probe

  • - Line number: 789 + Line number: 788
    • @@ -1627,7 +1627,7 @@

    Container is running without liveness probe

  • - Line number: 919 + Line number: 918
    • @@ -1679,7 +1679,7 @@

    Container is running without liveness probe

  • - Line number: 1153 + Line number: 1152
    • @@ -1795,7 +1795,7 @@

    Container is running without memory limit

  • - Line number: 755 + Line number: 754
    • @@ -1853,7 +1853,7 @@

    Container is running without memory limit

  • - Line number: 789 + Line number: 788
    • @@ -1911,7 +1911,7 @@

    Container is running without memory limit

  • - Line number: 845 + Line number: 844
    • @@ -1969,7 +1969,7 @@

    Container is running without memory limit

  • - Line number: 919 + Line number: 918
    • @@ -2027,7 +2027,7 @@

    Container is running without memory limit

  • - Line number: 1153 + Line number: 1152
    • @@ -2085,7 +2085,7 @@

    Container is running without memory limit

  • - Line number: 975 + Line number: 974
    • @@ -2143,7 +2143,7 @@

    Container is running without memory limit

  • - Line number: 1238 + Line number: 1237
    • @@ -2201,7 +2201,7 @@

    Container is running without memory limit

  • - Line number: 1542 + Line number: 1541
    • @@ -2222,6 +2222,510 @@

    Remediation

    +
    +

    Container's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 35] + › + input + › + spec + › + template + › + spec + › + containers[argocd-applicationset-controller] + › + securityContext + › + runAsUser + +
      • + +
    • + Line number: 691 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 36] + › + input + › + spec + › + template + › + spec + › + initContainers[copyutil] + › + securityContext + › + runAsUser + +
      • + +
    • + Line number: 796 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 36] + › + input + › + spec + › + template + › + spec + › + containers[dex] + › + securityContext + › + runAsUser + +
      • + +
    • + Line number: 771 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 37] + › + input + › + spec + › + template + › + spec + › + containers[argocd-notifications-controller] + › + securityContext + › + runAsUser + +
      • + +
    • + Line number: 852 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 38] + › + input + › + spec + › + template + › + spec + › + containers[redis] + › + securityContext + › + runAsUser + +
      • + +
    • + Line number: 928 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 39] + › + input + › + spec + › + template + › + spec + › + initContainers[copyutil] + › + securityContext + › + runAsUser + +
      • + +
    • + Line number: 1159 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 39] + › + input + › + spec + › + template + › + spec + › + containers[argocd-repo-server] + › + securityContext + › + runAsUser + +
      • + +
    • + Line number: 1125 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 40] + › + input + › + spec + › + template + › + spec + › + containers[argocd-server] + › + securityContext + › + runAsUser + +
      • + +
    • + Line number: 1451 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 41] + › + input + › + spec + › + template + › + spec + › + containers[argocd-application-controller] + › + securityContext + › + runAsUser + +
      • + +
    • + Line number: 1677 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    diff --git a/docs/snyk/master/argocd-test.html b/docs/snyk/master/argocd-test.html index 14291f6e1cfce..f53a663f75398 100644 --- a/docs/snyk/master/argocd-test.html +++ b/docs/snyk/master/argocd-test.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    March 5th 2023, 12:17:26 am

    +

    March 12th 2023, 12:14:51 am

    Scanned the following paths: diff --git a/docs/snyk/master/ghcr.io_dexidp_dex_v2.35.3.html b/docs/snyk/master/ghcr.io_dexidp_dex_v2.35.3.html index 61523750c8808..40471bd87cf1d 100644 --- a/docs/snyk/master/ghcr.io_dexidp_dex_v2.35.3.html +++ b/docs/snyk/master/ghcr.io_dexidp_dex_v2.35.3.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    March 5th 2023, 12:17:36 am

    +

    March 12th 2023, 12:15:01 am

    Scanned the following paths: @@ -466,8 +466,8 @@

    Snyk test report

    -
    8 known vulnerabilities
    -
    35 vulnerable dependency paths
    +
    9 known vulnerabilities
    +
    37 vulnerable dependency paths
    756 dependencies
    @@ -873,6 +873,94 @@

    References

    More about this vulnerability

    + +
    +

    Denial of Service (DoS)

    +
    + +
    + high severity +
    + +
    + +
      +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + golang.org/x/net/http2/hpack +
      • + +
    • Introduced through: + + github.com/hairyhenderson/gomplate/v3@* and golang.org/x/net/http2/hpack@v0.0.0-20220909164309-bea034e7d591 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/hairyhenderson/gomplate/v3@* + › + golang.org/x/net/http2/hpack@v0.0.0-20220909164309-bea034e7d591 + + + +
      • +
    • + Introduced through: + github.com/dexidp/dex@* + › + golang.org/x/net/http2/hpack@v0.0.0-20220927171203-f486391704dc + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

    +

    Details

    +

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    +

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    +

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    +

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    +

    Two common types of DoS vulnerabilities:

    + +

    Remediation

    +

    Upgrade golang.org/x/net/http2/hpack to version 0.7.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    Denial of Service (DoS)

    @@ -932,8 +1020,8 @@

    Detailed paths

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    -

    Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

    +

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go. + Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

    Details

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    @@ -1293,8 +1381,8 @@

    Detailed paths

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    -

    Affected versions of this package are vulnerable to Denial of Service (DoS) due to improper checks and limitations for the number of entries in the cache, which can allow an attacker to consume unbounded amounts of memory by sending a small number of very large keys.

    +

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go. + Affected versions of this package are vulnerable to Denial of Service (DoS) due to improper checks and limitations for the number of entries in the cache, which can allow an attacker to consume unbounded amounts of memory by sending a small number of very large keys.

    Details

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    diff --git a/docs/snyk/master/haproxy_2.6.9-alpine.html b/docs/snyk/master/haproxy_2.6.9-alpine.html index 32658fcbd9781..e75e5fc8e0900 100644 --- a/docs/snyk/master/haproxy_2.6.9-alpine.html +++ b/docs/snyk/master/haproxy_2.6.9-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    March 5th 2023, 12:17:42 am

    +

    March 12th 2023, 12:15:08 am

    Scanned the following path: diff --git a/docs/snyk/master/quay.io_argoproj_argocd_latest.html b/docs/snyk/master/quay.io_argoproj_argocd_latest.html index fdea89b3691f3..e68797bd66892 100644 --- a/docs/snyk/master/quay.io_argoproj_argocd_latest.html +++ b/docs/snyk/master/quay.io_argoproj_argocd_latest.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    March 5th 2023, 12:18:07 am

    +

    March 12th 2023, 12:15:31 am

    Scanned the following paths: @@ -466,9 +466,9 @@

    Snyk test report

    -
    22 known vulnerabilities
    -
    99 vulnerable dependency paths
    -
    2061 dependencies
    +
    19 known vulnerabilities
    +
    87 vulnerable dependency paths
    +
    2056 dependencies
    @@ -525,8 +525,8 @@

    Detailed paths

    Overview

    -

    gopkg.in/yaml.v3 is a YAML support package for the Go language.

    -

    Affected versions of this package are vulnerable to Denial of Service (DoS) via the Unmarshal function, which causes the program to crash when attempting to deserialize invalid input.

    +

    gopkg.in/yaml.v3 is a YAML support package for the Go language. + Affected versions of this package are vulnerable to Denial of Service (DoS) via the Unmarshal function, which causes the program to crash when attempting to deserialize invalid input.

    PoC

    package main
         
@@ -615,8 +615,8 @@ 
    Detailed paths
    
               
    
               
               
    Overview
    
-        
    gopkg.in/yaml.v3 is a YAML support package for the Go language.
    
-        
    Affected versions of this package are vulnerable to NULL Pointer Dereference when parsing #\n-\n-\n0 via the parserc.go parser.
    
+        
    gopkg.in/yaml.v3 is a YAML support package for the Go language.
+        Affected versions of this package are vulnerable to NULL Pointer Dereference when parsing #\n-\n-\n0 via the parserc.go parser.
    
         
    PoC
    
         
    package main
         
@@ -645,7 +645,7 @@ 
    References
    -

    Denial of Service

    +

    Denial of Service (DoS)

    @@ -661,12 +661,12 @@

    Denial of Service

  • Vulnerable module: - golang.org/x/net/http2 + golang.org/x/net/http2/hpack
  • Introduced through: - helm.sh/helm/v3@* and golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b + sigs.k8s.io/kustomize/kustomize/v4@* and golang.org/x/net/http2/hpack@v0.0.0-20220127200216-cd36cc0744dd
    • @@ -677,11 +677,20 @@

    Denial of Service

    Detailed paths

      +
    • + Introduced through: + sigs.k8s.io/kustomize/kustomize/v4@* + › + golang.org/x/net/http2/hpack@v0.0.0-20220127200216-cd36cc0744dd + + + +
    • Introduced through: helm.sh/helm/v3@* › - golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b + golang.org/x/net/http2/hpack@v0.5.0 @@ -693,20 +702,33 @@

      Detailed paths

      Overview

      -

      golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

      -

      Affected versions of this package are vulnerable to Denial of Service as an HTTP/2 connection can hang during closing if a shutdown was preempted by a fatal error.

      +

      Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

      +

      Details

      +

      Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

      +

      Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

      +

      One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

      +

      When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

      +

      Two common types of DoS vulnerabilities:

      +
        +

      • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

        +
        • +

      • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

        +
        • +

      Remediation

      -

      Upgrade golang.org/x/net/http2 to version 0.0.0-20220906165146-f3363e06e74c, 1.18.6, 1.19.1 or higher.

      +

      Upgrade golang.org/x/net/http2/hpack to version 0.7.0 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    @@ -732,7 +754,7 @@

    Denial of Service (DoS)

  • Introduced through: - helm.sh/helm/v3@* and golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b + helm.sh/helm/v3@* and golang.org/x/net/http2@v0.5.0
    • @@ -747,7 +769,7 @@

    Detailed paths

    Introduced through: helm.sh/helm/v3@* › - golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b + golang.org/x/net/http2@v0.5.0 @@ -759,8 +781,8 @@

    Detailed paths

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    -

    Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

    +

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go. + Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

    Details

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    @@ -789,178 +811,6 @@

    References

    More about this vulnerability

    -
    -
    -

    Off-by-one Error

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - systemd/libsystemd0 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@latest and systemd/libsystemd0@249.11-0ubuntu3.6 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - systemd/libsystemd0@249.11-0ubuntu3.6 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - apt@2.4.8 - › - systemd/libsystemd0@249.11-0ubuntu3.6 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - procps/libprocps8@2:3.3.17-6ubuntu2 - › - systemd/libsystemd0@249.11-0ubuntu3.6 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - util-linux@2.37.2-4ubuntu3 - › - systemd/libsystemd0@249.11-0ubuntu3.6 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - util-linux/bsdutils@1:2.37.2-4ubuntu3 - › - systemd/libsystemd0@249.11-0ubuntu3.6 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - apt@2.4.8 - › - apt/libapt-pkg6.0@2.4.8 - › - systemd/libsystemd0@249.11-0ubuntu3.6 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - systemd/libudev1@249.11-0ubuntu3.6 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - libfido2/libfido2-1@1.10.0-1 - › - systemd/libudev1@249.11-0ubuntu3.6 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - util-linux@2.37.2-4ubuntu3 - › - systemd/libudev1@249.11-0ubuntu3.6 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - apt@2.4.8 - › - apt/libapt-pkg6.0@2.4.8 - › - systemd/libudev1@249.11-0ubuntu3.6 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream systemd package and not the systemd package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 systemd.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    -

    Improper Input Validation

    @@ -1004,15 +854,6 @@

    Detailed paths

    -
  • - Introduced through: - helm.sh/helm/v3@* - › - golang.org/x/text/language@v0.3.7 - - - -
    • @@ -1038,151 +879,6 @@

    References

    More about this vulnerability

    - -
    -

    Incorrect Privilege Assignment

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/sys/unix -
      • - -
    • Introduced through: - - helm.sh/helm/v3@* and golang.org/x/sys/unix@v0.0.0-20220722155257-8c9f86f7a55f - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - helm.sh/helm/v3@* - › - golang.org/x/sys/unix@v0.0.0-20220722155257-8c9f86f7a55f - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Incorrect Privilege Assignment such that when called with a non-zero flags parameter, the Faccessat function can incorrectly report that a file is accessible.

    -

    Remediation

    -

    Upgrade golang.org/x/sys/unix to version 0.1.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Denial of Service (DoS)

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/net/http2 -
      • - -
    • Introduced through: - - helm.sh/helm/v3@* and golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - helm.sh/helm/v3@* - › - golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    -

    Affected versions of this package are vulnerable to Denial of Service (DoS) due to improper checks and limitations for the number of entries in the cache, which can allow an attacker to consume unbounded amounts of memory by sending a small number of very large keys.

    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    -

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    -

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    -

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    -

    Two common types of DoS vulnerabilities:

    -
      -

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      -
      • -

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      -
      • -
    -

    Remediation

    -

    Upgrade golang.org/x/net/http2 to version 0.4.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    -

    CVE-2022-46908

    diff --git a/docs/snyk/master/redis_7.0.8-alpine.html b/docs/snyk/master/redis_7.0.8-alpine.html index 268aa8edac4c8..53fb749e2ce17 100644 --- a/docs/snyk/master/redis_7.0.8-alpine.html +++ b/docs/snyk/master/redis_7.0.8-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    March 5th 2023, 12:18:13 am

    +

    March 12th 2023, 12:15:39 am

    Scanned the following path: diff --git a/docs/snyk/v2.4.24/haproxy_2.0.29-alpine.html b/docs/snyk/v2.4.24/haproxy_2.0.29-alpine.html deleted file mode 100644 index 3784836b7c65e..0000000000000 --- a/docs/snyk/v2.4.24/haproxy_2.0.29-alpine.html +++ /dev/null @@ -1,1109 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    March 5th 2023, 12:25:30 am

    -
    -
    - Scanned the following path: -
      -
    • haproxy:2.0.29-alpine (apk)
      • -
    -
    - -
    -
    4 known vulnerabilities
    -
    36 vulnerable dependency paths
    -
    17 dependencies
    -
    -
    -
    -
    -
    - - - - - - - -
    Project docker-image|haproxy
    Path haproxy:2.0.29-alpine
    Package Manager apk
    -
    -
    -
    -
    -

    Double Free

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.16 -
      • -
    • - Vulnerable module: - - openssl/libcrypto1.1 -
      • - -
    • Introduced through: - - docker-image|haproxy@2.0.29-alpine and openssl/libcrypto1.1@1.1.1s-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|haproxy@2.0.29-alpine - › - openssl/libcrypto1.1@1.1.1s-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.0.29-alpine - › - openssl/libssl1.1@1.1.1s-r0 - › - openssl/libcrypto1.1@1.1.1s-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.0.29-alpine - › - .haproxy-rundeps@20221112.055308 - › - openssl/libcrypto1.1@1.1.1s-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.0.29-alpine - › - apk-tools/apk-tools@2.12.9-r3 - › - openssl/libcrypto1.1@1.1.1s-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.0.29-alpine - › - busybox/ssl_client@1.35.0-r17 - › - openssl/libcrypto1.1@1.1.1s-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.0.29-alpine - › - openssl/libssl1.1@1.1.1s-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.0.29-alpine - › - .haproxy-rundeps@20221112.055308 - › - openssl/libssl1.1@1.1.1s-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.0.29-alpine - › - apk-tools/apk-tools@2.12.9-r3 - › - openssl/libssl1.1@1.1.1s-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.0.29-alpine - › - busybox/ssl_client@1.35.0-r17 - › - openssl/libssl1.1@1.1.1s-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.16. - See How to fix? for Alpine:3.16 relevant fixed versions and status.

    -

    The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.16 openssl to version 1.1.1t-r0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Access of Resource Using Incompatible Type ('Type Confusion')

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.16 -
      • -
    • - Vulnerable module: - - openssl/libcrypto1.1 -
      • - -
    • Introduced through: - - docker-image|haproxy@2.0.29-alpine and openssl/libcrypto1.1@1.1.1s-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|haproxy@2.0.29-alpine - › - openssl/libcrypto1.1@1.1.1s-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.0.29-alpine - › - openssl/libssl1.1@1.1.1s-r0 - › - openssl/libcrypto1.1@1.1.1s-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.0.29-alpine - › - .haproxy-rundeps@20221112.055308 - › - openssl/libcrypto1.1@1.1.1s-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.0.29-alpine - › - apk-tools/apk-tools@2.12.9-r3 - › - openssl/libcrypto1.1@1.1.1s-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.0.29-alpine - › - busybox/ssl_client@1.35.0-r17 - › - openssl/libcrypto1.1@1.1.1s-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.0.29-alpine - › - openssl/libssl1.1@1.1.1s-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.0.29-alpine - › - .haproxy-rundeps@20221112.055308 - › - openssl/libssl1.1@1.1.1s-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.0.29-alpine - › - apk-tools/apk-tools@2.12.9-r3 - › - openssl/libssl1.1@1.1.1s-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.0.29-alpine - › - busybox/ssl_client@1.35.0-r17 - › - openssl/libssl1.1@1.1.1s-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.16. - See How to fix? for Alpine:3.16 relevant fixed versions and status.

    -

    There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.

    -

    Remediation

    -

    Upgrade Alpine:3.16 openssl to version 1.1.1t-r0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Use After Free

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.16 -
      • -
    • - Vulnerable module: - - openssl/libcrypto1.1 -
      • - -
    • Introduced through: - - docker-image|haproxy@2.0.29-alpine and openssl/libcrypto1.1@1.1.1s-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|haproxy@2.0.29-alpine - › - openssl/libcrypto1.1@1.1.1s-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.0.29-alpine - › - openssl/libssl1.1@1.1.1s-r0 - › - openssl/libcrypto1.1@1.1.1s-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.0.29-alpine - › - .haproxy-rundeps@20221112.055308 - › - openssl/libcrypto1.1@1.1.1s-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.0.29-alpine - › - apk-tools/apk-tools@2.12.9-r3 - › - openssl/libcrypto1.1@1.1.1s-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.0.29-alpine - › - busybox/ssl_client@1.35.0-r17 - › - openssl/libcrypto1.1@1.1.1s-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.0.29-alpine - › - openssl/libssl1.1@1.1.1s-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.0.29-alpine - › - .haproxy-rundeps@20221112.055308 - › - openssl/libssl1.1@1.1.1s-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.0.29-alpine - › - apk-tools/apk-tools@2.12.9-r3 - › - openssl/libssl1.1@1.1.1s-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.0.29-alpine - › - busybox/ssl_client@1.35.0-r17 - › - openssl/libssl1.1@1.1.1s-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.16. - See How to fix? for Alpine:3.16 relevant fixed versions and status.

    -

    The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL cms and smime command line applications are similarly affected.

    -

    Remediation

    -

    Upgrade Alpine:3.16 openssl to version 1.1.1t-r0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2022-4304

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.16 -
      • -
    • - Vulnerable module: - - openssl/libcrypto1.1 -
      • - -
    • Introduced through: - - docker-image|haproxy@2.0.29-alpine and openssl/libcrypto1.1@1.1.1s-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|haproxy@2.0.29-alpine - › - openssl/libcrypto1.1@1.1.1s-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.0.29-alpine - › - openssl/libssl1.1@1.1.1s-r0 - › - openssl/libcrypto1.1@1.1.1s-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.0.29-alpine - › - .haproxy-rundeps@20221112.055308 - › - openssl/libcrypto1.1@1.1.1s-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.0.29-alpine - › - apk-tools/apk-tools@2.12.9-r3 - › - openssl/libcrypto1.1@1.1.1s-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.0.29-alpine - › - busybox/ssl_client@1.35.0-r17 - › - openssl/libcrypto1.1@1.1.1s-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.0.29-alpine - › - openssl/libssl1.1@1.1.1s-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.0.29-alpine - › - .haproxy-rundeps@20221112.055308 - › - openssl/libssl1.1@1.1.1s-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.0.29-alpine - › - apk-tools/apk-tools@2.12.9-r3 - › - openssl/libssl1.1@1.1.1s-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.0.29-alpine - › - busybox/ssl_client@1.35.0-r17 - › - openssl/libssl1.1@1.1.1s-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.16. - See How to fix? for Alpine:3.16 relevant fixed versions and status.

    -

    A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.

    -

    Remediation

    -

    Upgrade Alpine:3.16 openssl to version 1.1.1t-r0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -
    -
    - - - diff --git a/docs/snyk/v2.4.24/redis_7.0.7-alpine.html b/docs/snyk/v2.4.24/redis_7.0.7-alpine.html deleted file mode 100644 index d8a1e69e11e0d..0000000000000 --- a/docs/snyk/v2.4.24/redis_7.0.7-alpine.html +++ /dev/null @@ -1,1721 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    March 5th 2023, 12:25:58 am

    -
    -
    - Scanned the following path: -
      -
    • redis:7.0.7-alpine (apk)
      • -
    -
    - -
    -
    8 known vulnerabilities
    -
    72 vulnerable dependency paths
    -
    18 dependencies
    -
    -
    -
    -
    -
    - - - - - - - -
    Project docker-image|redis
    Path redis:7.0.7-alpine
    Package Manager apk
    -
    -
    -
    -
    -

    NULL Pointer Dereference

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.17 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|redis@7.0.7-alpine and openssl/libcrypto3@3.0.7-r2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|redis@7.0.7-alpine - › - openssl/libcrypto3@3.0.7-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.7-alpine - › - openssl/libssl3@3.0.7-r2 - › - openssl/libcrypto3@3.0.7-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.7-alpine - › - .redis-rundeps@20230109.200518 - › - openssl/libcrypto3@3.0.7-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.7-alpine - › - apk-tools/apk-tools@2.12.10-r1 - › - openssl/libcrypto3@3.0.7-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.7-alpine - › - busybox/ssl_client@1.35.0-r29 - › - openssl/libcrypto3@3.0.7-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.7-alpine - › - openssl/libssl3@3.0.7-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.7-alpine - › - .redis-rundeps@20230109.200518 - › - openssl/libssl3@3.0.7-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.7-alpine - › - apk-tools/apk-tools@2.12.10-r1 - › - openssl/libssl3@3.0.7-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.7-alpine - › - busybox/ssl_client@1.35.0-r29 - › - openssl/libssl3@3.0.7-r2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. - See How to fix? for Alpine:3.17 relevant fixed versions and status.

    -

    A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail. There is a missing check for the return value from the initialization function which later leads to invalid usage of the digest API most likely leading to a crash. The unavailability of an algorithm can be caused by using FIPS enabled configuration of providers or more commonly by not loading the legacy provider. PKCS7 data is processed by the SMIME library calls and also by the time stamp (TS) library calls. The TLS implementation in OpenSSL does not call these functions however third party applications would be affected if they call these functions to verify signatures on untrusted data.

    -

    Remediation

    -

    Upgrade Alpine:3.17 openssl to version 3.0.8-r0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Use After Free

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.17 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|redis@7.0.7-alpine and openssl/libcrypto3@3.0.7-r2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|redis@7.0.7-alpine - › - openssl/libcrypto3@3.0.7-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.7-alpine - › - openssl/libssl3@3.0.7-r2 - › - openssl/libcrypto3@3.0.7-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.7-alpine - › - .redis-rundeps@20230109.200518 - › - openssl/libcrypto3@3.0.7-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.7-alpine - › - apk-tools/apk-tools@2.12.10-r1 - › - openssl/libcrypto3@3.0.7-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.7-alpine - › - busybox/ssl_client@1.35.0-r29 - › - openssl/libcrypto3@3.0.7-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.7-alpine - › - openssl/libssl3@3.0.7-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.7-alpine - › - .redis-rundeps@20230109.200518 - › - openssl/libssl3@3.0.7-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.7-alpine - › - apk-tools/apk-tools@2.12.10-r1 - › - openssl/libssl3@3.0.7-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.7-alpine - › - busybox/ssl_client@1.35.0-r29 - › - openssl/libssl3@3.0.7-r2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. - See How to fix? for Alpine:3.17 relevant fixed versions and status.

    -

    The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL cms and smime command line applications are similarly affected.

    -

    Remediation

    -

    Upgrade Alpine:3.17 openssl to version 3.0.8-r0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Access of Resource Using Incompatible Type ('Type Confusion')

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.17 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|redis@7.0.7-alpine and openssl/libcrypto3@3.0.7-r2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|redis@7.0.7-alpine - › - openssl/libcrypto3@3.0.7-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.7-alpine - › - openssl/libssl3@3.0.7-r2 - › - openssl/libcrypto3@3.0.7-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.7-alpine - › - .redis-rundeps@20230109.200518 - › - openssl/libcrypto3@3.0.7-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.7-alpine - › - apk-tools/apk-tools@2.12.10-r1 - › - openssl/libcrypto3@3.0.7-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.7-alpine - › - busybox/ssl_client@1.35.0-r29 - › - openssl/libcrypto3@3.0.7-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.7-alpine - › - openssl/libssl3@3.0.7-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.7-alpine - › - .redis-rundeps@20230109.200518 - › - openssl/libssl3@3.0.7-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.7-alpine - › - apk-tools/apk-tools@2.12.10-r1 - › - openssl/libssl3@3.0.7-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.7-alpine - › - busybox/ssl_client@1.35.0-r29 - › - openssl/libssl3@3.0.7-r2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. - See How to fix? for Alpine:3.17 relevant fixed versions and status.

    -

    There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.

    -

    Remediation

    -

    Upgrade Alpine:3.17 openssl to version 3.0.8-r0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Double Free

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.17 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|redis@7.0.7-alpine and openssl/libcrypto3@3.0.7-r2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|redis@7.0.7-alpine - › - openssl/libcrypto3@3.0.7-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.7-alpine - › - openssl/libssl3@3.0.7-r2 - › - openssl/libcrypto3@3.0.7-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.7-alpine - › - .redis-rundeps@20230109.200518 - › - openssl/libcrypto3@3.0.7-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.7-alpine - › - apk-tools/apk-tools@2.12.10-r1 - › - openssl/libcrypto3@3.0.7-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.7-alpine - › - busybox/ssl_client@1.35.0-r29 - › - openssl/libcrypto3@3.0.7-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.7-alpine - › - openssl/libssl3@3.0.7-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.7-alpine - › - .redis-rundeps@20230109.200518 - › - openssl/libssl3@3.0.7-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.7-alpine - › - apk-tools/apk-tools@2.12.10-r1 - › - openssl/libssl3@3.0.7-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.7-alpine - › - busybox/ssl_client@1.35.0-r29 - › - openssl/libssl3@3.0.7-r2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. - See How to fix? for Alpine:3.17 relevant fixed versions and status.

    -

    The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.17 openssl to version 3.0.8-r0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    NULL Pointer Dereference

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.17 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|redis@7.0.7-alpine and openssl/libcrypto3@3.0.7-r2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|redis@7.0.7-alpine - › - openssl/libcrypto3@3.0.7-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.7-alpine - › - openssl/libssl3@3.0.7-r2 - › - openssl/libcrypto3@3.0.7-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.7-alpine - › - .redis-rundeps@20230109.200518 - › - openssl/libcrypto3@3.0.7-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.7-alpine - › - apk-tools/apk-tools@2.12.10-r1 - › - openssl/libcrypto3@3.0.7-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.7-alpine - › - busybox/ssl_client@1.35.0-r29 - › - openssl/libcrypto3@3.0.7-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.7-alpine - › - openssl/libssl3@3.0.7-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.7-alpine - › - .redis-rundeps@20230109.200518 - › - openssl/libssl3@3.0.7-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.7-alpine - › - apk-tools/apk-tools@2.12.10-r1 - › - openssl/libssl3@3.0.7-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.7-alpine - › - busybox/ssl_client@1.35.0-r29 - › - openssl/libssl3@3.0.7-r2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. - See How to fix? for Alpine:3.17 relevant fixed versions and status.

    -

    An invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the d2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions. The result of the dereference is an application crash which could lead to a denial of service attack. The TLS implementation in OpenSSL does not call this function however third party applications might call these functions on untrusted data.

    -

    Remediation

    -

    Upgrade Alpine:3.17 openssl to version 3.0.8-r0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    NULL Pointer Dereference

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.17 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|redis@7.0.7-alpine and openssl/libcrypto3@3.0.7-r2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|redis@7.0.7-alpine - › - openssl/libcrypto3@3.0.7-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.7-alpine - › - openssl/libssl3@3.0.7-r2 - › - openssl/libcrypto3@3.0.7-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.7-alpine - › - .redis-rundeps@20230109.200518 - › - openssl/libcrypto3@3.0.7-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.7-alpine - › - apk-tools/apk-tools@2.12.10-r1 - › - openssl/libcrypto3@3.0.7-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.7-alpine - › - busybox/ssl_client@1.35.0-r29 - › - openssl/libcrypto3@3.0.7-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.7-alpine - › - openssl/libssl3@3.0.7-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.7-alpine - › - .redis-rundeps@20230109.200518 - › - openssl/libssl3@3.0.7-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.7-alpine - › - apk-tools/apk-tools@2.12.10-r1 - › - openssl/libssl3@3.0.7-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.7-alpine - › - busybox/ssl_client@1.35.0-r29 - › - openssl/libssl3@3.0.7-r2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. - See How to fix? for Alpine:3.17 relevant fixed versions and status.

    -

    An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVP_PKEY_public_check() function. This will most likely lead to an application crash. This function can be called on public keys supplied from untrusted sources which could allow an attacker to cause a denial of service attack. The TLS implementation in OpenSSL does not call this function but applications might call the function if there are additional security requirements imposed by standards such as FIPS 140-3.

    -

    Remediation

    -

    Upgrade Alpine:3.17 openssl to version 3.0.8-r0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2022-4304

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.17 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|redis@7.0.7-alpine and openssl/libcrypto3@3.0.7-r2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|redis@7.0.7-alpine - › - openssl/libcrypto3@3.0.7-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.7-alpine - › - openssl/libssl3@3.0.7-r2 - › - openssl/libcrypto3@3.0.7-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.7-alpine - › - .redis-rundeps@20230109.200518 - › - openssl/libcrypto3@3.0.7-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.7-alpine - › - apk-tools/apk-tools@2.12.10-r1 - › - openssl/libcrypto3@3.0.7-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.7-alpine - › - busybox/ssl_client@1.35.0-r29 - › - openssl/libcrypto3@3.0.7-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.7-alpine - › - openssl/libssl3@3.0.7-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.7-alpine - › - .redis-rundeps@20230109.200518 - › - openssl/libssl3@3.0.7-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.7-alpine - › - apk-tools/apk-tools@2.12.10-r1 - › - openssl/libssl3@3.0.7-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.7-alpine - › - busybox/ssl_client@1.35.0-r29 - › - openssl/libssl3@3.0.7-r2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. - See How to fix? for Alpine:3.17 relevant fixed versions and status.

    -

    A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.

    -

    Remediation

    -

    Upgrade Alpine:3.17 openssl to version 3.0.8-r0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2022-4203

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.17 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|redis@7.0.7-alpine and openssl/libcrypto3@3.0.7-r2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|redis@7.0.7-alpine - › - openssl/libcrypto3@3.0.7-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.7-alpine - › - openssl/libssl3@3.0.7-r2 - › - openssl/libcrypto3@3.0.7-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.7-alpine - › - .redis-rundeps@20230109.200518 - › - openssl/libcrypto3@3.0.7-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.7-alpine - › - apk-tools/apk-tools@2.12.10-r1 - › - openssl/libcrypto3@3.0.7-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.7-alpine - › - busybox/ssl_client@1.35.0-r29 - › - openssl/libcrypto3@3.0.7-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.7-alpine - › - openssl/libssl3@3.0.7-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.7-alpine - › - .redis-rundeps@20230109.200518 - › - openssl/libssl3@3.0.7-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.7-alpine - › - apk-tools/apk-tools@2.12.10-r1 - › - openssl/libssl3@3.0.7-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.7-alpine - › - busybox/ssl_client@1.35.0-r29 - › - openssl/libssl3@3.0.7-r2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. - See How to fix? for Alpine:3.17 relevant fixed versions and status.

    -

    A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. The read buffer overrun might result in a crash which could lead to a denial of service attack. In theory it could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext) although we are not aware of any working exploit leading to memory contents disclosure as of the time of release of this advisory. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects.

    -

    Remediation

    -

    Upgrade Alpine:3.17 openssl to version 3.0.8-r0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -
    -
    - - - diff --git a/docs/snyk/v2.4.24/argocd-iac-install.html b/docs/snyk/v2.4.25/argocd-iac-install.html similarity index 79% rename from docs/snyk/v2.4.24/argocd-iac-install.html rename to docs/snyk/v2.4.25/argocd-iac-install.html index 9cbf1c40d362c..3e9c3b5f11c44 100644 --- a/docs/snyk/v2.4.24/argocd-iac-install.html +++ b/docs/snyk/v2.4.25/argocd-iac-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    March 5th 2023, 12:26:54 am

    +

    March 12th 2023, 12:23:17 am

    Scanned the following path: @@ -466,7 +466,7 @@

    Snyk test report

    -
    32 total issues
    +
    41 total issues
    @@ -2222,6 +2222,510 @@

    Remediation

    +
    +

    Container's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 42] + › + input + › + spec + › + template + › + spec + › + containers[argocd-applicationset-controller] + › + securityContext + › + runAsUser + +
      • + +
    • + Line number: 9702 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 43] + › + input + › + spec + › + template + › + spec + › + initContainers[copyutil] + › + securityContext + › + runAsUser + +
      • + +
    • + Line number: 9794 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 43] + › + input + › + spec + › + template + › + spec + › + containers[dex] + › + securityContext + › + runAsUser + +
      • + +
    • + Line number: 9773 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 44] + › + input + › + spec + › + template + › + spec + › + containers[argocd-notifications-controller] + › + securityContext + › + runAsUser + +
      • + +
    • + Line number: 9837 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 45] + › + input + › + spec + › + template + › + spec + › + containers[redis] + › + securityContext + › + runAsUser + +
      • + +
    • + Line number: 9911 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 46] + › + input + › + spec + › + template + › + spec + › + initContainers[copyutil] + › + securityContext + › + runAsUser + +
      • + +
    • + Line number: 10107 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 46] + › + input + › + spec + › + template + › + spec + › + containers[argocd-repo-server] + › + securityContext + › + runAsUser + +
      • + +
    • + Line number: 10075 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 47] + › + input + › + spec + › + template + › + spec + › + containers[argocd-server] + › + securityContext + › + runAsUser + +
      • + +
    • + Line number: 10366 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 48] + › + input + › + spec + › + template + › + spec + › + containers[argocd-application-controller] + › + securityContext + › + runAsUser + +
      • + +
    • + Line number: 10567 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    diff --git a/docs/snyk/v2.4.24/argocd-iac-namespace-install.html b/docs/snyk/v2.4.25/argocd-iac-namespace-install.html similarity index 79% rename from docs/snyk/v2.4.24/argocd-iac-namespace-install.html rename to docs/snyk/v2.4.25/argocd-iac-namespace-install.html index 0baa613cf873e..43c7e499a0a30 100644 --- a/docs/snyk/v2.4.24/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.4.25/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    March 5th 2023, 12:27:03 am

    +

    March 12th 2023, 12:23:27 am

    Scanned the following path: @@ -466,7 +466,7 @@

    Snyk test report

    -
    32 total issues
    +
    41 total issues
    @@ -2222,6 +2222,510 @@

    Remediation

    +
    +

    Container's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 35] + › + input + › + spec + › + template + › + spec + › + containers[argocd-applicationset-controller] + › + securityContext + › + runAsUser + +
      • + +
    • + Line number: 627 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 36] + › + input + › + spec + › + template + › + spec + › + initContainers[copyutil] + › + securityContext + › + runAsUser + +
      • + +
    • + Line number: 719 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 36] + › + input + › + spec + › + template + › + spec + › + containers[dex] + › + securityContext + › + runAsUser + +
      • + +
    • + Line number: 698 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 37] + › + input + › + spec + › + template + › + spec + › + containers[argocd-notifications-controller] + › + securityContext + › + runAsUser + +
      • + +
    • + Line number: 762 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 38] + › + input + › + spec + › + template + › + spec + › + containers[redis] + › + securityContext + › + runAsUser + +
      • + +
    • + Line number: 836 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 39] + › + input + › + spec + › + template + › + spec + › + initContainers[copyutil] + › + securityContext + › + runAsUser + +
      • + +
    • + Line number: 1032 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 39] + › + input + › + spec + › + template + › + spec + › + containers[argocd-repo-server] + › + securityContext + › + runAsUser + +
      • + +
    • + Line number: 1000 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 40] + › + input + › + spec + › + template + › + spec + › + containers[argocd-server] + › + securityContext + › + runAsUser + +
      • + +
    • + Line number: 1291 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 41] + › + input + › + spec + › + template + › + spec + › + containers[argocd-application-controller] + › + securityContext + › + runAsUser + +
      • + +
    • + Line number: 1492 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    diff --git a/docs/snyk/v2.4.24/argocd-test.html b/docs/snyk/v2.4.25/argocd-test.html similarity index 77% rename from docs/snyk/v2.4.24/argocd-test.html rename to docs/snyk/v2.4.25/argocd-test.html index 5846562ee7f4e..f7747bf8bfecd 100644 --- a/docs/snyk/v2.4.24/argocd-test.html +++ b/docs/snyk/v2.4.25/argocd-test.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    March 5th 2023, 12:25:14 am

    +

    March 12th 2023, 12:21:48 am

    Scanned the following paths: @@ -466,8 +466,8 @@

    Snyk test report

    -
    7 known vulnerabilities
    -
    313 vulnerable dependency paths
    +
    8 known vulnerabilities
    +
    402 vulnerable dependency paths
    1656 dependencies
    @@ -476,6 +476,1849 @@

    Snyk test report

    +
    +

    Denial of Service (DoS)

    +
    + +
    + high severity +
    + +
    + +
      +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + golang.org/x/net/http2/hpack +
      • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, github.com/soheilhy/cmux@0.1.5 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/soheilhy/cmux@0.1.5 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/apimachinery/pkg/util/net@0.23.1 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/soheilhy/cmux@0.1.5 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + google.golang.org/grpc@1.45.0 + › + google.golang.org/grpc/internal/transport@1.45.0 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/apimachinery/pkg/watch@0.23.1 + › + k8s.io/apimachinery/pkg/util/net@0.23.1 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + google.golang.org/grpc@1.45.0 + › + google.golang.org/grpc/internal/transport@1.45.0 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/grpc-ecosystem/go-grpc-middleware@1.3.0 + › + google.golang.org/grpc@1.45.0 + › + google.golang.org/grpc/internal/transport@1.45.0 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/grpc-ecosystem/go-grpc-middleware/auth@1.3.0 + › + google.golang.org/grpc@1.45.0 + › + google.golang.org/grpc/internal/transport@1.45.0 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/grpc-ecosystem/go-grpc-middleware/retry@1.3.0 + › + google.golang.org/grpc@1.45.0 + › + google.golang.org/grpc/internal/transport@1.45.0 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 + › + google.golang.org/grpc@1.45.0 + › + google.golang.org/grpc/internal/transport@1.45.0 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + google.golang.org/grpc/health/grpc_health_v1@1.45.0 + › + google.golang.org/grpc@1.45.0 + › + google.golang.org/grpc/internal/transport@1.45.0 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.3.0 + › + google.golang.org/grpc@1.45.0 + › + google.golang.org/grpc/internal/transport@1.45.0 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/improbable-eng/grpc-web/go/grpcweb@#16092bd1d58a + › + google.golang.org/grpc@1.45.0 + › + google.golang.org/grpc/internal/transport@1.45.0 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.31.0 + › + google.golang.org/grpc@1.45.0 + › + google.golang.org/grpc/internal/transport@1.45.0 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.6.3 + › + google.golang.org/grpc@1.45.0 + › + google.golang.org/grpc/internal/transport@1.45.0 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + › + k8s.io/apimachinery/pkg/watch@0.23.1 + › + k8s.io/apimachinery/pkg/util/net@0.23.1 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/client-go/rest@0.23.1 + › + k8s.io/client-go/transport@0.23.1 + › + k8s.io/apimachinery/pkg/util/net@0.23.1 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/grpc-ecosystem/go-grpc-middleware@1.3.0 + › + google.golang.org/grpc@1.45.0 + › + google.golang.org/grpc/internal/transport@1.45.0 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/grpc-ecosystem/go-grpc-middleware/auth@1.3.0 + › + google.golang.org/grpc@1.45.0 + › + google.golang.org/grpc/internal/transport@1.45.0 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/grpc-ecosystem/go-grpc-middleware/retry@1.3.0 + › + google.golang.org/grpc@1.45.0 + › + google.golang.org/grpc/internal/transport@1.45.0 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 + › + google.golang.org/grpc@1.45.0 + › + google.golang.org/grpc/internal/transport@1.45.0 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + google.golang.org/grpc/health/grpc_health_v1@1.45.0 + › + google.golang.org/grpc@1.45.0 + › + google.golang.org/grpc/internal/transport@1.45.0 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.3.0 + › + google.golang.org/grpc@1.45.0 + › + google.golang.org/grpc/internal/transport@1.45.0 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/improbable-eng/grpc-web/go/grpcweb@#16092bd1d58a + › + google.golang.org/grpc@1.45.0 + › + google.golang.org/grpc/internal/transport@1.45.0 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.31.0 + › + google.golang.org/grpc@1.45.0 + › + google.golang.org/grpc/internal/transport@1.45.0 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.6.3 + › + google.golang.org/grpc@1.45.0 + › + google.golang.org/grpc/internal/transport@1.45.0 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + google.golang.org/grpc/reflection@1.45.0 + › + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.45.0 + › + google.golang.org/grpc@1.45.0 + › + google.golang.org/grpc/internal/transport@1.45.0 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + google.golang.org/grpc/health@1.45.0 + › + google.golang.org/grpc/health/grpc_health_v1@1.45.0 + › + google.golang.org/grpc@1.45.0 + › + google.golang.org/grpc/internal/transport@1.45.0 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.23.1 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + › + k8s.io/apimachinery/pkg/watch@0.23.1 + › + k8s.io/apimachinery/pkg/util/net@0.23.1 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/api/rbac/v1@0.23.1 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + › + k8s.io/apimachinery/pkg/watch@0.23.1 + › + k8s.io/apimachinery/pkg/util/net@0.23.1 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1@0.23.1 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + › + k8s.io/apimachinery/pkg/watch@0.23.1 + › + k8s.io/apimachinery/pkg/util/net@0.23.1 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + sigs.k8s.io/controller-runtime/pkg/scheme@0.11.0 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + › + k8s.io/apimachinery/pkg/watch@0.23.1 + › + k8s.io/apimachinery/pkg/util/net@0.23.1 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/api/core/v1@0.23.1 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + › + k8s.io/apimachinery/pkg/watch@0.23.1 + › + k8s.io/apimachinery/pkg/util/net@0.23.1 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/apimachinery/pkg/api/errors@0.23.1 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + › + k8s.io/apimachinery/pkg/watch@0.23.1 + › + k8s.io/apimachinery/pkg/util/net@0.23.1 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/apimachinery/pkg/api/equality@0.23.1 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + › + k8s.io/apimachinery/pkg/watch@0.23.1 + › + k8s.io/apimachinery/pkg/util/net@0.23.1 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/client-go/discovery@0.23.1 + › + k8s.io/client-go/rest@0.23.1 + › + k8s.io/client-go/transport@0.23.1 + › + k8s.io/apimachinery/pkg/util/net@0.23.1 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/client-go/dynamic@0.23.1 + › + k8s.io/client-go/rest@0.23.1 + › + k8s.io/client-go/transport@0.23.1 + › + k8s.io/apimachinery/pkg/util/net@0.23.1 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/client-go/transport/spdy@0.23.1 + › + k8s.io/client-go/rest@0.23.1 + › + k8s.io/client-go/transport@0.23.1 + › + k8s.io/apimachinery/pkg/util/net@0.23.1 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/pkg/kubeclientmetrics@#36c59d8fafe0 + › + k8s.io/client-go/rest@0.23.1 + › + k8s.io/client-go/transport@0.23.1 + › + k8s.io/apimachinery/pkg/util/net@0.23.1 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/client-go/testing@0.23.1 + › + k8s.io/client-go/rest@0.23.1 + › + k8s.io/client-go/transport@0.23.1 + › + k8s.io/apimachinery/pkg/util/net@0.23.1 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/client-go/kubernetes@0.23.1 + › + k8s.io/client-go/rest@0.23.1 + › + k8s.io/client-go/transport@0.23.1 + › + k8s.io/apimachinery/pkg/util/net@0.23.1 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/client-go/plugin/pkg/client/auth/azure@0.23.1 + › + k8s.io/client-go/rest@0.23.1 + › + k8s.io/client-go/transport@0.23.1 + › + k8s.io/apimachinery/pkg/util/net@0.23.1 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/client-go/plugin/pkg/client/auth/gcp@0.23.1 + › + k8s.io/client-go/rest@0.23.1 + › + k8s.io/client-go/transport@0.23.1 + › + k8s.io/apimachinery/pkg/util/net@0.23.1 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/client-go/plugin/pkg/client/auth/oidc@0.23.1 + › + k8s.io/client-go/rest@0.23.1 + › + k8s.io/client-go/transport@0.23.1 + › + k8s.io/apimachinery/pkg/util/net@0.23.1 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + google.golang.org/grpc/reflection@1.45.0 + › + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.45.0 + › + google.golang.org/grpc@1.45.0 + › + google.golang.org/grpc/internal/transport@1.45.0 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + google.golang.org/grpc/health@1.45.0 + › + google.golang.org/grpc/health/grpc_health_v1@1.45.0 + › + google.golang.org/grpc@1.45.0 + › + google.golang.org/grpc/internal/transport@1.45.0 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.3.0 + › + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.3.0 + › + github.com/grpc-ecosystem/go-grpc-middleware/tags@1.3.0 + › + google.golang.org/grpc@1.45.0 + › + google.golang.org/grpc/internal/transport@1.45.0 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/kubectl/pkg/util/openapi@0.23.1 + › + k8s.io/client-go/discovery@0.23.1 + › + k8s.io/client-go/rest@0.23.1 + › + k8s.io/client-go/transport@0.23.1 + › + k8s.io/apimachinery/pkg/util/net@0.23.1 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/apimachinery/pkg/util/managedfields@0.23.1 + › + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.23.1 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + › + k8s.io/apimachinery/pkg/watch@0.23.1 + › + k8s.io/apimachinery/pkg/util/net@0.23.1 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/gitops-engine/pkg/sync/common@0.7.3 + › + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.23.1 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + › + k8s.io/apimachinery/pkg/watch@0.23.1 + › + k8s.io/apimachinery/pkg/util/net@0.23.1 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/gitops-engine/pkg/sync/hook@0.7.3 + › + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.23.1 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + › + k8s.io/apimachinery/pkg/watch@0.23.1 + › + k8s.io/apimachinery/pkg/util/net@0.23.1 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/gitops-engine/pkg/sync/resource@0.7.3 + › + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.23.1 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + › + k8s.io/apimachinery/pkg/watch@0.23.1 + › + k8s.io/apimachinery/pkg/util/net@0.23.1 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/gitops-engine/pkg/sync/ignore@0.7.3 + › + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.23.1 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + › + k8s.io/apimachinery/pkg/watch@0.23.1 + › + k8s.io/apimachinery/pkg/util/net@0.23.1 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@0.7.3 + › + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.23.1 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + › + k8s.io/apimachinery/pkg/watch@0.23.1 + › + k8s.io/apimachinery/pkg/util/net@0.23.1 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/gitops-engine/pkg/utils/testing@0.7.3 + › + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.23.1 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + › + k8s.io/apimachinery/pkg/watch@0.23.1 + › + k8s.io/apimachinery/pkg/util/net@0.23.1 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/client-go/tools/record@0.23.1 + › + k8s.io/client-go/tools/reference@0.23.1 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + › + k8s.io/apimachinery/pkg/watch@0.23.1 + › + k8s.io/apimachinery/pkg/util/net@0.23.1 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/client-go/tools/cache@0.23.1 + › + k8s.io/client-go/tools/pager@0.23.1 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + › + k8s.io/apimachinery/pkg/watch@0.23.1 + › + k8s.io/apimachinery/pkg/util/net@0.23.1 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.23.1 + › + k8s.io/client-go/pkg/apis/clientauthentication@0.23.1 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + › + k8s.io/apimachinery/pkg/watch@0.23.1 + › + k8s.io/apimachinery/pkg/util/net@0.23.1 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + sigs.k8s.io/controller-runtime@0.11.0 + › + sigs.k8s.io/controller-runtime/pkg/scheme@0.11.0 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + › + k8s.io/apimachinery/pkg/watch@0.23.1 + › + k8s.io/apimachinery/pkg/util/net@0.23.1 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/client-go/util/retry@0.23.1 + › + k8s.io/apimachinery/pkg/api/errors@0.23.1 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + › + k8s.io/apimachinery/pkg/watch@0.23.1 + › + k8s.io/apimachinery/pkg/util/net@0.23.1 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/kubectl/pkg/util/resource@0.23.1 + › + k8s.io/api/core/v1@0.23.1 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + › + k8s.io/apimachinery/pkg/watch@0.23.1 + › + k8s.io/apimachinery/pkg/util/net@0.23.1 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/gitops-engine/pkg/health@0.7.3 + › + k8s.io/kubectl/pkg/util/podutils@0.23.1 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + › + k8s.io/apimachinery/pkg/watch@0.23.1 + › + k8s.io/apimachinery/pkg/util/net@0.23.1 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/apimachinery/pkg/api/validation@0.23.1 + › + k8s.io/apimachinery/pkg/apis/meta/v1/validation@0.23.1 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + › + k8s.io/apimachinery/pkg/watch@0.23.1 + › + k8s.io/apimachinery/pkg/util/net@0.23.1 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/client-go/tools/portforward@0.23.1 + › + k8s.io/api/core/v1@0.23.1 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + › + k8s.io/apimachinery/pkg/watch@0.23.1 + › + k8s.io/apimachinery/pkg/util/net@0.23.1 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/client-go/discovery/fake@0.23.1 + › + k8s.io/client-go/testing@0.23.1 + › + k8s.io/client-go/rest@0.23.1 + › + k8s.io/client-go/transport@0.23.1 + › + k8s.io/apimachinery/pkg/util/net@0.23.1 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/client-go/kubernetes/fake@0.23.1 + › + k8s.io/client-go/testing@0.23.1 + › + k8s.io/client-go/rest@0.23.1 + › + k8s.io/client-go/transport@0.23.1 + › + k8s.io/apimachinery/pkg/util/net@0.23.1 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/client-go/tools/remotecommand@0.23.1 + › + k8s.io/client-go/transport/spdy@0.23.1 + › + k8s.io/client-go/rest@0.23.1 + › + k8s.io/client-go/transport@0.23.1 + › + k8s.io/apimachinery/pkg/util/net@0.23.1 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.3.0 + › + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.3.0 + › + github.com/grpc-ecosystem/go-grpc-middleware/tags@1.3.0 + › + google.golang.org/grpc@1.45.0 + › + google.golang.org/grpc/internal/transport@1.45.0 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/gitops-engine/pkg/cache@0.7.3 + › + k8s.io/kubectl/pkg/util/openapi@0.23.1 + › + k8s.io/client-go/discovery@0.23.1 + › + k8s.io/client-go/rest@0.23.1 + › + k8s.io/client-go/transport@0.23.1 + › + k8s.io/apimachinery/pkg/util/net@0.23.1 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/gitops-engine/pkg/sync@0.7.3 + › + k8s.io/kubectl/pkg/util/openapi@0.23.1 + › + k8s.io/client-go/discovery@0.23.1 + › + k8s.io/client-go/rest@0.23.1 + › + k8s.io/client-go/transport@0.23.1 + › + k8s.io/apimachinery/pkg/util/net@0.23.1 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 + › + k8s.io/kubectl/pkg/util/openapi@0.23.1 + › + k8s.io/client-go/discovery@0.23.1 + › + k8s.io/client-go/rest@0.23.1 + › + k8s.io/client-go/transport@0.23.1 + › + k8s.io/apimachinery/pkg/util/net@0.23.1 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 + › + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.23.1 + › + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.23.1 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + › + k8s.io/apimachinery/pkg/watch@0.23.1 + › + k8s.io/apimachinery/pkg/util/net@0.23.1 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/client-go/listers/core/v1@0.23.1 + › + k8s.io/client-go/tools/cache@0.23.1 + › + k8s.io/client-go/tools/pager@0.23.1 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + › + k8s.io/apimachinery/pkg/watch@0.23.1 + › + k8s.io/apimachinery/pkg/util/net@0.23.1 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/notifications-engine/pkg/api@#567361917320 + › + k8s.io/client-go/tools/cache@0.23.1 + › + k8s.io/client-go/tools/pager@0.23.1 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + › + k8s.io/apimachinery/pkg/watch@0.23.1 + › + k8s.io/apimachinery/pkg/util/net@0.23.1 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/client-go/informers/core/v1@0.23.1 + › + k8s.io/client-go/tools/cache@0.23.1 + › + k8s.io/client-go/tools/pager@0.23.1 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + › + k8s.io/apimachinery/pkg/watch@0.23.1 + › + k8s.io/apimachinery/pkg/util/net@0.23.1 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/client-go/informers@0.23.1 + › + k8s.io/client-go/tools/cache@0.23.1 + › + k8s.io/client-go/tools/pager@0.23.1 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + › + k8s.io/apimachinery/pkg/watch@0.23.1 + › + k8s.io/apimachinery/pkg/util/net@0.23.1 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/notifications-engine/pkg/controller@#567361917320 + › + k8s.io/client-go/tools/cache@0.23.1 + › + k8s.io/client-go/tools/pager@0.23.1 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + › + k8s.io/apimachinery/pkg/watch@0.23.1 + › + k8s.io/apimachinery/pkg/util/net@0.23.1 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/kubectl/pkg/util/term@0.23.1 + › + k8s.io/client-go/tools/remotecommand@0.23.1 + › + k8s.io/client-go/transport/spdy@0.23.1 + › + k8s.io/client-go/rest@0.23.1 + › + k8s.io/client-go/transport@0.23.1 + › + k8s.io/apimachinery/pkg/util/net@0.23.1 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/client-go/kubernetes/scheme@0.23.1 + › + k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 + › + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.23.1 + › + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.23.1 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + › + k8s.io/apimachinery/pkg/watch@0.23.1 + › + k8s.io/apimachinery/pkg/util/net@0.23.1 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/client-go/tools/clientcmd@0.23.1 + › + k8s.io/client-go/tools/clientcmd/api/latest@0.23.1 + › + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.23.1 + › + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.23.1 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + › + k8s.io/apimachinery/pkg/watch@0.23.1 + › + k8s.io/apimachinery/pkg/util/net@0.23.1 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.11.0 + › + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 + › + k8s.io/client-go/restmapper@0.23.1 + › + k8s.io/client-go/discovery@0.23.1 + › + k8s.io/client-go/rest@0.23.1 + › + k8s.io/client-go/transport@0.23.1 + › + k8s.io/apimachinery/pkg/util/net@0.23.1 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/gitops-engine/pkg/diff@0.7.3 + › + k8s.io/client-go/kubernetes/scheme@0.23.1 + › + k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 + › + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.23.1 + › + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.23.1 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + › + k8s.io/apimachinery/pkg/watch@0.23.1 + › + k8s.io/apimachinery/pkg/util/net@0.23.1 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + sigs.k8s.io/controller-runtime/pkg/envtest@0.11.0 + › + sigs.k8s.io/controller-runtime/pkg/webhook/conversion@0.11.0 + › + k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 + › + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.23.1 + › + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.23.1 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + › + k8s.io/apimachinery/pkg/watch@0.23.1 + › + k8s.io/apimachinery/pkg/util/net@0.23.1 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/notifications-engine/pkg/cmd@#567361917320 + › + k8s.io/client-go/tools/clientcmd@0.23.1 + › + k8s.io/client-go/tools/clientcmd/api/latest@0.23.1 + › + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.23.1 + › + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.23.1 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + › + k8s.io/apimachinery/pkg/watch@0.23.1 + › + k8s.io/apimachinery/pkg/util/net@0.23.1 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + sigs.k8s.io/controller-runtime/pkg/client@0.11.0 + › + sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 + › + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 + › + k8s.io/client-go/restmapper@0.23.1 + › + k8s.io/client-go/discovery@0.23.1 + › + k8s.io/client-go/rest@0.23.1 + › + k8s.io/client-go/transport@0.23.1 + › + k8s.io/apimachinery/pkg/util/net@0.23.1 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + sigs.k8s.io/controller-runtime/pkg/cache@0.11.0 + › + sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 + › + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 + › + k8s.io/client-go/restmapper@0.23.1 + › + k8s.io/client-go/discovery@0.23.1 + › + k8s.io/client-go/rest@0.23.1 + › + k8s.io/client-go/transport@0.23.1 + › + k8s.io/apimachinery/pkg/util/net@0.23.1 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + sigs.k8s.io/controller-runtime/pkg/event@0.11.0 + › + sigs.k8s.io/controller-runtime/pkg/client@0.11.0 + › + sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 + › + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 + › + k8s.io/client-go/restmapper@0.23.1 + › + k8s.io/client-go/discovery@0.23.1 + › + k8s.io/client-go/rest@0.23.1 + › + k8s.io/client-go/transport@0.23.1 + › + k8s.io/apimachinery/pkg/util/net@0.23.1 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + sigs.k8s.io/controller-runtime/pkg/handler@0.11.0 + › + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.11.0 + › + sigs.k8s.io/controller-runtime/pkg/client@0.11.0 + › + sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 + › + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 + › + k8s.io/client-go/restmapper@0.23.1 + › + k8s.io/client-go/discovery@0.23.1 + › + k8s.io/client-go/rest@0.23.1 + › + k8s.io/client-go/transport@0.23.1 + › + k8s.io/apimachinery/pkg/util/net@0.23.1 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + sigs.k8s.io/controller-runtime/pkg/source@0.11.0 + › + sigs.k8s.io/controller-runtime/pkg/source/internal@0.11.0 + › + sigs.k8s.io/controller-runtime/pkg/predicate@0.11.0 + › + sigs.k8s.io/controller-runtime/pkg/event@0.11.0 + › + sigs.k8s.io/controller-runtime/pkg/client@0.11.0 + › + sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 + › + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 + › + k8s.io/client-go/restmapper@0.23.1 + › + k8s.io/client-go/discovery@0.23.1 + › + k8s.io/client-go/rest@0.23.1 + › + k8s.io/client-go/transport@0.23.1 + › + k8s.io/apimachinery/pkg/util/net@0.23.1 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

    +

    Details

    +

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    +

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    +

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    +

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    +

    Two common types of DoS vulnerabilities:

    +
      +

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      +
      • +

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      +
      • +
    +

    Remediation

    +

    Upgrade golang.org/x/net/http2/hpack to version 0.7.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +

    Server-side Request Forgery (SSRF)

    @@ -529,8 +2372,8 @@

    Detailed paths

    Overview

    -

    parse-url is an An advanced url parser supporting git urls too.

    -

    Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) due to improper detection of protocol, resource, and pathname fields. Exploiting this vulnerability results in bypassing protocol verification.

    +

    parse-url is an An advanced url parser supporting git urls too. + Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) due to improper detection of protocol, resource, and pathname fields. Exploiting this vulnerability results in bypassing protocol verification.

    PoC:

    import parseUrl from "parse-url";
         import fetch from 'node-fetch';
@@ -611,8 +2454,8 @@ 
    Detailed paths
    
               
    
               
               
    Overview
    
-        
    parse-url is an An advanced url parser supporting git urls too.
    
-        
    Affected versions of this package are vulnerable to Improper Input Validation due to incorrect parsing of URLs. This allows the attacker to craft a malformed URL which can lead to a phishing attack.
    
+        
    parse-url is an An advanced url parser supporting git urls too.
+        Affected versions of this package are vulnerable to Improper Input Validation due to incorrect parsing of URLs. This allows the attacker to craft a malformed URL which can lead to a phishing attack.
    
         
    
         const parseUrl = require("parse-url");
         const Url = require("url");
@@ -705,8 +2548,8 @@ 
    Detailed paths
    
               
    
               
               
    Overview
    
-        
    minimatch is a minimal matching utility.
    
-        
    Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the braceExpand function in minimatch.js.
    
+        
    minimatch is a minimal matching utility.
+        Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the braceExpand function in minimatch.js.
    
         
    Details
    
         
    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.
    
         
    The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.
    
@@ -4551,8 +6394,8 @@ 
    Detailed paths
    
               
    
               
               
    Overview
    
-        
    gopkg.in/yaml.v2 is a YAML support package for the Go language.
    
-        
    Affected versions of this package are vulnerable to Denial of Service (DoS). It is possible for authorized users to send malicious YAML payloads to cause kube-apiserver to consume excessive CPU cycles while parsing YAML.
    
+        
    gopkg.in/yaml.v2 is a YAML support package for the Go language.
+        Affected versions of this package are vulnerable to Denial of Service (DoS). It is possible for authorized users to send malicious YAML payloads to cause kube-apiserver to consume excessive CPU cycles while parsing YAML.
    
         
    Details
    
         
    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.
    
         
    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.
    
@@ -6721,8 +8564,8 @@ 
    Detailed paths
    
               
    
               
               
    Overview
    
-        
    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.
    
-        
    Affected versions of this package are vulnerable to Denial of Service (DoS) due to improper checks and limitations for the number of entries in the cache, which can allow an attacker to consume unbounded amounts of memory by sending a small number of very large keys.
    
+        
    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.
+        Affected versions of this package are vulnerable to Denial of Service (DoS) due to improper checks and limitations for the number of entries in the cache, which can allow an attacker to consume unbounded amounts of memory by sending a small number of very large keys.
    
         
    Details
    
         
    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.
    
         
    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.
    
@@ -6828,8 +8671,8 @@ 
    Detailed paths
    
               
    
               
               
    Overview
    
-        
    go.mongodb.org/mongo-driver/bson/bsonrw is a The MongoDB supported driver for Go.
    
-        
    Affected versions of this package are vulnerable to Improper Input Validation. Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents.
    
+        
    go.mongodb.org/mongo-driver/bson/bsonrw is a The MongoDB supported driver for Go.
+        Affected versions of this package are vulnerable to Improper Input Validation. Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents.
    
         
    Remediation
    
         
    Upgrade go.mongodb.org/mongo-driver/bson/bsonrw to version 1.5.1 or higher.
    
         
    References
    
diff --git a/docs/snyk/v2.5.12/ghcr.io_dexidp_dex_v2.35.3.html b/docs/snyk/v2.4.25/ghcr.io_dexidp_dex_v2.35.3.html
similarity index 91%
rename from docs/snyk/v2.5.12/ghcr.io_dexidp_dex_v2.35.3.html
rename to docs/snyk/v2.4.25/ghcr.io_dexidp_dex_v2.35.3.html
index 1b6c9d43d2a12..05cb82375bce1 100644
--- a/docs/snyk/v2.5.12/ghcr.io_dexidp_dex_v2.35.3.html
+++ b/docs/snyk/v2.4.25/ghcr.io_dexidp_dex_v2.35.3.html
@@ -7,7 +7,7 @@
   
   
   Snyk test report
-  
+  
   
   
@@ -456,7 +456,7 @@
               
    
                   
    Snyk test report
    
     
-                
    March 5th 2023, 12:23:13 am
    
+                
    March 12th 2023, 12:21:55 am
    
               
    
               
    
                 Scanned the following paths:
@@ -466,8 +466,8 @@ 
    Snyk test report
    
               
    
     
               
    
-                
    8 known vulnerabilities
    
-                
    35 vulnerable dependency paths
    
+                
    9 known vulnerabilities
    
+                
    37 vulnerable dependency paths
    
                 
    756 dependencies
    @@ -873,6 +873,94 @@

    References

    More about this vulnerability

    +
    +
    +

    Denial of Service (DoS)

    +
    + +
    + high severity +
    + +
    + +
      +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + golang.org/x/net/http2/hpack +
      • + +
    • Introduced through: + + github.com/hairyhenderson/gomplate/v3@* and golang.org/x/net/http2/hpack@v0.0.0-20220909164309-bea034e7d591 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/hairyhenderson/gomplate/v3@* + › + golang.org/x/net/http2/hpack@v0.0.0-20220909164309-bea034e7d591 + + + +
      • +
    • + Introduced through: + github.com/dexidp/dex@* + › + golang.org/x/net/http2/hpack@v0.0.0-20220927171203-f486391704dc + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

    +

    Details

    +

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    +

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    +

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    +

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    +

    Two common types of DoS vulnerabilities:

    +
      +

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      +
      • +

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      +
      • +
    +

    Remediation

    +

    Upgrade golang.org/x/net/http2/hpack to version 0.7.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    Denial of Service (DoS)

    @@ -932,8 +1020,8 @@

    Detailed paths

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    -

    Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

    +

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go. + Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

    Details

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    @@ -1293,8 +1381,8 @@

    Detailed paths

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    -

    Affected versions of this package are vulnerable to Denial of Service (DoS) due to improper checks and limitations for the number of entries in the cache, which can allow an attacker to consume unbounded amounts of memory by sending a small number of very large keys.

    +

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go. + Affected versions of this package are vulnerable to Denial of Service (DoS) due to improper checks and limitations for the number of entries in the cache, which can allow an attacker to consume unbounded amounts of memory by sending a small number of very large keys.

    Details

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    diff --git a/docs/snyk/v2.4.25/haproxy_2.0.31-alpine.html b/docs/snyk/v2.4.25/haproxy_2.0.31-alpine.html new file mode 100644 index 0000000000000..29f4bfc056341 --- /dev/null +++ b/docs/snyk/v2.4.25/haproxy_2.0.31-alpine.html @@ -0,0 +1,492 @@ + + + + + + + + + Snyk test report + + + + + + + + + +
    +
    +
    +
    + + + Snyk - Open Source Security + + + + + + + +
    +

    Snyk test report

    + +

    March 12th 2023, 12:22:02 am

    +
    +
    + Scanned the following path: +
      +
    • haproxy:2.0.31-alpine (apk)
      • +
    +
    + +
    +
    0 known vulnerabilities
    +
    0 vulnerable dependency paths
    +
    17 dependencies
    +
    +
    +
    +
    +
    + + + + + + + +
    Project docker-image|haproxy
    Path haproxy:2.0.31-alpine
    Package Manager apk
    +
    +
    + No known vulnerabilities detected. +
    +
    + + + diff --git a/docs/snyk/v2.5.12/quay.io_argoproj_argocd_v2.5.12.html b/docs/snyk/v2.4.25/quay.io_argoproj_argocd_v2.4.25.html similarity index 87% rename from docs/snyk/v2.5.12/quay.io_argoproj_argocd_v2.5.12.html rename to docs/snyk/v2.4.25/quay.io_argoproj_argocd_v2.4.25.html index c4def0ebcaee4..54687d66107f0 100644 --- a/docs/snyk/v2.5.12/quay.io_argoproj_argocd_v2.5.12.html +++ b/docs/snyk/v2.4.25/quay.io_argoproj_argocd_v2.4.25.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,19 +456,19 @@

    Snyk test report

    -

    March 5th 2023, 12:23:40 am

    +

    March 12th 2023, 12:22:23 am

    Scanned the following paths:
      -
    • quay.io/argoproj/argocd:v2.5.12/argoproj/argocd (deb)
    • quay.io/argoproj/argocd:v2.5.12/argoproj/argo-cd/v2 (gomodules)
    • quay.io/argoproj/argocd:v2.5.12/kustomize/kustomize/v4 (gomodules)
    • quay.io/argoproj/argocd:v2.5.12/helm/v3 (gomodules)
    • quay.io/argoproj/argocd:v2.5.12/git-lfs/git-lfs (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.4.25/argoproj/argocd (deb)
    • quay.io/argoproj/argocd:v2.4.25/argoproj/argo-cd/v2 (gomodules)
    • quay.io/argoproj/argocd:v2.4.25/kustomize/kustomize/v4 (gomodules)
    • quay.io/argoproj/argocd:v2.4.25/helm/v3 (gomodules)
    • quay.io/argoproj/argocd:v2.4.25/git-lfs/git-lfs (gomodules)
    -
    26 known vulnerabilities
    -
    112 vulnerable dependency paths
    -
    2047 dependencies
    +
    27 known vulnerabilities
    +
    102 vulnerable dependency paths
    +
    1963 dependencies
    @@ -498,7 +498,7 @@

    Denial of Service (DoS)

  • Introduced through: - sigs.k8s.io/kustomize/kustomize/v4@* and gopkg.in/yaml.v3@v3.0.0-20210107192922-496545a6307b + sigs.k8s.io/kustomize/kustomize/v4@* and gopkg.in/yaml.v3@v3.0.0-20200615113413-eeeca48fe776
    • @@ -513,6 +513,15 @@

    Detailed paths

    Introduced through: sigs.k8s.io/kustomize/kustomize/v4@* › + gopkg.in/yaml.v3@v3.0.0-20200615113413-eeeca48fe776 + + + + +
  • + Introduced through: + helm.sh/helm/v3@* + › gopkg.in/yaml.v3@v3.0.0-20210107192922-496545a6307b @@ -525,8 +534,8 @@

    Detailed paths

    Overview

    -

    gopkg.in/yaml.v3 is a YAML support package for the Go language.

    -

    Affected versions of this package are vulnerable to Denial of Service (DoS) via the Unmarshal function, which causes the program to crash when attempting to deserialize invalid input.

    +

    gopkg.in/yaml.v3 is a YAML support package for the Go language. + Affected versions of this package are vulnerable to Denial of Service (DoS) via the Unmarshal function, which causes the program to crash when attempting to deserialize invalid input.

    PoC

    package main
         
@@ -588,7 +597,7 @@ 
    NULL Pointer Dereference
    
         
                     
  • Introduced through:
         
-                                sigs.k8s.io/kustomize/kustomize/v4@* and gopkg.in/yaml.v3@v3.0.0-20210107192922-496545a6307b
+                                sigs.k8s.io/kustomize/kustomize/v4@* and gopkg.in/yaml.v3@v3.0.0-20200615113413-eeeca48fe776
         
                     
    • 
                 
@@ -603,6 +612,15 @@ 
    Detailed paths
    
                                 Introduced through:
                                         sigs.k8s.io/kustomize/kustomize/v4@*
                                          › 
+                                        gopkg.in/yaml.v3@v3.0.0-20200615113413-eeeca48fe776
+                                        
+                                
+        
+
    • +
  • + Introduced through: + helm.sh/helm/v3@* + › gopkg.in/yaml.v3@v3.0.0-20210107192922-496545a6307b @@ -615,8 +633,8 @@

    Detailed paths

    Overview

    -

    gopkg.in/yaml.v3 is a YAML support package for the Go language.

    -

    Affected versions of this package are vulnerable to NULL Pointer Dereference when parsing #\n-\n-\n0 via the parserc.go parser.

    +

    gopkg.in/yaml.v3 is a YAML support package for the Go language. + Affected versions of this package are vulnerable to NULL Pointer Dereference when parsing #\n-\n-\n0 via the parserc.go parser.

    PoC

    package main
         
@@ -643,6 +661,103 @@ 
    References
    
                 
    More about this vulnerability
    • + +
    +

    Denial of Service (DoS)

    +
    + +
    + high severity +
    + +
    + +
      +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + golang.org/x/net/http2/hpack +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@* and golang.org/x/net/http2/hpack@v0.0.0-20220621193019-9d032be2e588 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@* + › + golang.org/x/net/http2/hpack@v0.0.0-20220621193019-9d032be2e588 + + + +
      • +
    • + Introduced through: + sigs.k8s.io/kustomize/kustomize/v4@* + › + golang.org/x/net/http2/hpack@v0.0.0-20201110031124-69a78807bb2b + + + +
      • +
    • + Introduced through: + helm.sh/helm/v3@* + › + golang.org/x/net/http2/hpack@v0.0.0-20220107192237-5cfca573fb4d + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

    +

    Details

    +

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    +

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    +

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    +

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    +

    Two common types of DoS vulnerabilities:

    +
      +

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      +
      • +

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      +
      • +
    +

    Remediation

    +

    Upgrade golang.org/x/net/http2/hpack to version 0.7.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    Denial of Service

    @@ -690,7 +805,7 @@

    Detailed paths

    Introduced through: helm.sh/helm/v3@* › - golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b + golang.org/x/net/http2@v0.0.0-20220107192237-5cfca573fb4d @@ -702,8 +817,8 @@

    Detailed paths

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    -

    Affected versions of this package are vulnerable to Denial of Service as an HTTP/2 connection can hang during closing if a shutdown was preempted by a fatal error.

    +

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go. + Affected versions of this package are vulnerable to Denial of Service as an HTTP/2 connection can hang during closing if a shutdown was preempted by a fatal error.

    Remediation

    Upgrade golang.org/x/net/http2 to version 0.0.0-20220906165146-f3363e06e74c, 1.18.6, 1.19.1 or higher.

    References

    @@ -765,7 +880,7 @@

    Detailed paths

    Introduced through: helm.sh/helm/v3@* › - golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b + golang.org/x/net/http2@v0.0.0-20220107192237-5cfca573fb4d @@ -777,8 +892,8 @@

    Detailed paths

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    -

    Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

    +

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go. + Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

    Details

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    @@ -808,30 +923,30 @@

    References

    -
    -

    Out-of-bounds Read

    +
    +

    Denial of Service (DoS)

    -
    - medium severity +
    + high severity
    • - Package Manager: ubuntu:22.04 + Package Manager: golang
    • Vulnerable module: - tar + github.com/prometheus/client_golang/prometheus/promhttp
    • Introduced through: + helm.sh/helm/v3@* and github.com/prometheus/client_golang/prometheus/promhttp@v1.11.0 - docker-image|quay.io/argoproj/argocd@v2.5.12, meta-common-packages@meta and others
    @@ -843,11 +958,9 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 - › - meta-common-packages@meta + helm.sh/helm/v3@* › - tar@1.34+dfsg-1build3 + github.com/prometheus/client_golang/prometheus/promhttp@v1.11.0 @@ -858,49 +971,83 @@

      Detailed paths

      -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream tar package and not the tar package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters.

      +

      Overview

      +

      Affected versions of this package are vulnerable to Denial of Service (DoS) when handling requests with non-standard HTTP methods.

      +

      Note: In order to be affected, an instrumented software must:

      +
        +

      1. use promhttp.InstrumentHandler* middleware except RequestsInFlight

        +
        2. +

      2. not filter any specific methods (e.g GET) before middleware

        +
        3. +

      3. pass metric with method label name to the middleware

        +
        4. +

      4. not have any firewall/LB/proxy that filters away requests with unknown method.

        +
        5. +
      +

      Workarounds:

      +
        +

      1. removing the method label name from counter/gauge used in the InstrumentHandler

        +
        2. +

      2. turning off affected promhttp handlers

        +
        3. +

      3. adding custom middleware before promhttp handler that will sanitize the request method given by Go http.Request

        +
        4. +

      4. using a reverse proxy or web application firewall, configured to only allow a limited set of methods.

        +
        5. +
      +

      Details

      +

      Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

      +

      Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

      +

      One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

      +

      When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

      +

      Two common types of DoS vulnerabilities:

      +
        +

      • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

        +
        • +

      • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

        +
        • +

      Remediation

      -

      Upgrade Ubuntu:22.04 tar to version 1.34+dfsg-1ubuntu0.1.22.04.1 or higher.

      +

      Upgrade github.com/prometheus/client_golang/prometheus/promhttp to version 1.11.1 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -
    -

    Off-by-one Error

    +
    +

    Authorization Bypass

    -
    - medium severity +
    + high severity
    • - Package Manager: ubuntu:22.04 + Package Manager: golang
    • Vulnerable module: - systemd/libsystemd0 + github.com/emicklei/go-restful
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 and systemd/libsystemd0@249.11-0ubuntu3.6 + github.com/argoproj/argo-cd/v2@* and github.com/emicklei/go-restful@v2.9.5+incompatible
    @@ -913,110 +1060,9 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 - › - systemd/libsystemd0@249.11-0ubuntu3.6 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 - › - apt@2.4.8 - › - systemd/libsystemd0@249.11-0ubuntu3.6 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 - › - procps/libprocps8@2:3.3.17-6ubuntu2 - › - systemd/libsystemd0@249.11-0ubuntu3.6 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 - › - util-linux@2.37.2-4ubuntu3 - › - systemd/libsystemd0@249.11-0ubuntu3.6 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 - › - util-linux/bsdutils@1:2.37.2-4ubuntu3 - › - systemd/libsystemd0@249.11-0ubuntu3.6 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 - › - apt@2.4.8 - › - apt/libapt-pkg6.0@2.4.8 - › - systemd/libsystemd0@249.11-0ubuntu3.6 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 - › - systemd/libudev1@249.11-0ubuntu3.6 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 - › - libfido2/libfido2-1@1.10.0-1 - › - systemd/libudev1@249.11-0ubuntu3.6 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 - › - util-linux@2.37.2-4ubuntu3 - › - systemd/libudev1@249.11-0ubuntu3.6 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 - › - apt@2.4.8 - › - apt/libapt-pkg6.0@2.4.8 + github.com/argoproj/argo-cd/v2@* › - systemd/libudev1@249.11-0ubuntu3.6 + github.com/emicklei/go-restful@v2.9.5+incompatible @@ -1027,35 +1073,32 @@

      Detailed paths

      -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream systemd package and not the systemd package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.

      +

      Overview

      +

      Affected versions of this package are vulnerable to Authorization Bypass when using CORS Filter with a configurable AllowedDomains parameter (which is an array of domains allowed in CORS policy), with the same value as exists in allowedOriginPatterns parameter (used for matching origin using regular expression), it causes for all domains in AllowedDomains to be also used as regular expression for matching origin validation. + This behavior means that if example.com exists in AllowedDomains, all domains starting with example.com would be acceptable, including example.com.hacker.domain.

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 systemd.

      +

      Upgrade github.com/emicklei/go-restful to version 2.16.0 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -
    -

    Denial of Service (DoS)

    +
    +

    Command Injection

    -
    - medium severity +
    + high severity
    @@ -1067,12 +1110,12 @@

    Denial of Service (DoS)

  • Vulnerable module: - gopkg.in/yaml.v2 + github.com/Masterminds/vcs
  • Introduced through: - github.com/argoproj/argo-cd/v2@* and gopkg.in/yaml.v2@v2.2.4 + helm.sh/helm/v3@* and github.com/Masterminds/vcs@v1.13.1
    • @@ -1085,9 +1128,9 @@

    Detailed paths

    • Introduced through: - github.com/argoproj/argo-cd/v2@* + helm.sh/helm/v3@* › - gopkg.in/yaml.v2@v2.2.4 + github.com/Masterminds/vcs@v1.13.1 @@ -1099,38 +1142,37 @@

      Detailed paths

      Overview

      -

      gopkg.in/yaml.v2 is a YAML support package for the Go language.

      -

      Affected versions of this package are vulnerable to Denial of Service (DoS). It is possible for authorized users to send malicious YAML payloads to cause kube-apiserver to consume excessive CPU cycles while parsing YAML.

      -

      Details

      -

      Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

      -

      Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

      -

      One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

      -

      When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

      -

      Two common types of DoS vulnerabilities:

      -
        -

      • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

        -
        • -

      • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

        -
        • -
      +

      github.com/Masterminds/vcs is a VCS Repo management through a common interface in Go. + Affected versions of this package are vulnerable to Command Injection via argument injection. When hg is executed, argument strings are passed to hg in a way that additional flags can be set. The additional flags can be used to perform a command injection.

      +

      PoC

      + 
      package main
+        
+        import (
+            "github.com/Masterminds/vcs"
+        )
+        
+        func main(){
+              local := "--config=alias.init=!touch ./HELLO"
+            repo, _ := vcs.NewHgRepo("remote", local)
+            repo.Init()
+        }
+

      Remediation

      -

      Upgrade gopkg.in/yaml.v2 to version 2.2.8 or higher.

      +

      Upgrade github.com/Masterminds/vcs to version 1.13.3 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    Improper Input Validation

    +

    Denial of Service (DoS)

    @@ -1146,12 +1188,12 @@

    Improper Input Validation

  • Vulnerable module: - golang.org/x/text/language + gopkg.in/yaml.v2
  • Introduced through: - sigs.k8s.io/kustomize/kustomize/v4@* and golang.org/x/text/language@v0.3.7 + github.com/argoproj/argo-cd/v2@* and gopkg.in/yaml.v2@v2.2.4
    • @@ -1164,18 +1206,9 @@

    Detailed paths

    • Introduced through: - sigs.k8s.io/kustomize/kustomize/v4@* - › - golang.org/x/text/language@v0.3.7 - - - -
      • -
    • - Introduced through: - helm.sh/helm/v3@* + github.com/argoproj/argo-cd/v2@* › - golang.org/x/text/language@v0.3.7 + gopkg.in/yaml.v2@v2.2.4 @@ -1187,22 +1220,33 @@

      Detailed paths

      Overview

      -

      Affected versions of this package are vulnerable to Improper Input Validation due to the parser being, by design, exposed to untrusted user input, which can be leveraged to force a program to consume significant time parsing Accept-Language headers.

      +

      gopkg.in/yaml.v2 is a YAML support package for the Go language. + Affected versions of this package are vulnerable to Denial of Service (DoS). It is possible for authorized users to send malicious YAML payloads to cause kube-apiserver to consume excessive CPU cycles while parsing YAML.

      +

      Details

      +

      Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

      +

      Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

      +

      One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

      +

      When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

      +

      Two common types of DoS vulnerabilities:

      +
        +

      • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

        +
        • +

      • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

        +
        • +

      Remediation

      -

      Upgrade golang.org/x/text/language to version 0.3.8 or higher.

      +

      Upgrade gopkg.in/yaml.v2 to version 2.2.8 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    @@ -1252,7 +1296,7 @@

    Detailed paths

    Introduced through: helm.sh/helm/v3@* › - golang.org/x/sys/unix@v0.0.0-20220722155257-8c9f86f7a55f + golang.org/x/sys/unix@v0.0.0-20211216021012-1d35b9e2eb4e @@ -1326,7 +1370,7 @@

    Detailed paths

    Introduced through: helm.sh/helm/v3@* › - golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b + golang.org/x/net/http2@v0.0.0-20220107192237-5cfca573fb4d @@ -1338,8 +1382,8 @@

    Detailed paths

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    -

    Affected versions of this package are vulnerable to Denial of Service (DoS) due to improper checks and limitations for the number of entries in the cache, which can allow an attacker to consume unbounded amounts of memory by sending a small number of very large keys.

    +

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go. + Affected versions of this package are vulnerable to Denial of Service (DoS) due to improper checks and limitations for the number of entries in the cache, which can allow an attacker to consume unbounded amounts of memory by sending a small number of very large keys.

    Details

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    @@ -1370,7 +1414,7 @@

    References

    -

    Improper Input Validation

    +

    Denial of Service (DoS)

    @@ -1386,12 +1430,12 @@

    Improper Input Validation

  • Vulnerable module: - go.mongodb.org/mongo-driver/bson/bsonrw + golang.org/x/net/http/httpguts
  • Introduced through: - github.com/argoproj/argo-cd/v2@* and go.mongodb.org/mongo-driver/bson/bsonrw@v1.1.2 + sigs.k8s.io/kustomize/kustomize/v4@* and golang.org/x/net/http/httpguts@v0.0.0-20201110031124-69a78807bb2b
    • @@ -1404,9 +1448,9 @@

    Detailed paths

    • Introduced through: - github.com/argoproj/argo-cd/v2@* + sigs.k8s.io/kustomize/kustomize/v4@* › - go.mongodb.org/mongo-driver/bson/bsonrw@v1.1.2 + golang.org/x/net/http/httpguts@v0.0.0-20201110031124-69a78807bb2b @@ -1418,26 +1462,41 @@

      Detailed paths

      Overview

      -

      go.mongodb.org/mongo-driver/bson/bsonrw is a The MongoDB supported driver for Go.

      -

      Affected versions of this package are vulnerable to Improper Input Validation. Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents.

      +

      golang.org/x/net/http/httpguts is a package providing functions implementing various details of the HTTP specification + Affected versions of this package are vulnerable to Denial of Service (DoS) when processing a large header to ReadRequest or ReadResponse. Servers are only vulnerable if the default max header of 1MB is increased by setting Server.MaxHeaderBytes.

      +

      Details

      +

      Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

      +

      Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

      +

      One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

      +

      When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

      +

      Two common types of DoS vulnerabilities:

      +
        +

      • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

        +
        • +

      • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

        +
        • +

      Remediation

      -

      Upgrade go.mongodb.org/mongo-driver/bson/bsonrw to version 1.5.1 or higher.

      +

      Upgrade golang.org/x/net/http/httpguts to version 0.0.0-20210428140749-89ef3d95e781 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    Information Exposure

    +

    Improper Input Validation

    @@ -1448,17 +1507,17 @@

    Information Exposure

    • - Package Manager: ubuntu:22.04 + Package Manager: golang
    • Vulnerable module: - gnutls28/libgnutls30 + go.mongodb.org/mongo-driver/bson/bsonrw
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 and gnutls28/libgnutls30@3.7.3-4ubuntu1.1 + github.com/argoproj/argo-cd/v2@* and go.mongodb.org/mongo-driver/bson/bsonrw@v1.1.2
    @@ -1471,74 +1530,9 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 - › - gnutls28/libgnutls30@3.7.3-4ubuntu1.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 - › - apt@2.4.8 - › - gnutls28/libgnutls30@3.7.3-4ubuntu1.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 - › - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - › - gnutls28/libgnutls30@3.7.3-4ubuntu1.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 - › - git@1:2.34.1-1ubuntu1.8 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.8 - › - gnutls28/libgnutls30@3.7.3-4ubuntu1.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 - › - git@1:2.34.1-1ubuntu1.8 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.8 - › - openldap/libldap-2.5-0@2.5.13+dfsg-0ubuntu0.22.04.1 - › - gnutls28/libgnutls30@3.7.3-4ubuntu1.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 - › - git@1:2.34.1-1ubuntu1.8 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.8 - › - rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build4 + github.com/argoproj/argo-cd/v2@* › - gnutls28/libgnutls30@3.7.3-4ubuntu1.1 + go.mongodb.org/mongo-driver/bson/bsonrw@v1.1.2 @@ -1549,26 +1543,22 @@

      Detailed paths

      -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.

      +

      Overview

      +

      go.mongodb.org/mongo-driver/bson/bsonrw is a The MongoDB supported driver for Go. + Affected versions of this package are vulnerable to Improper Input Validation. Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents.

      Remediation

      -

      Upgrade Ubuntu:22.04 gnutls28 to version 3.7.3-4ubuntu1.2 or higher.

      +

      Upgrade go.mongodb.org/mongo-driver/bson/bsonrw to version 1.5.1 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    @@ -1595,7 +1585,7 @@

    CVE-2022-46908

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12, gnupg2/gpg@2.2.27-3ubuntu2.1 and others + docker-image|quay.io/argoproj/argocd@v2.4.25, gnupg2/gpg@2.2.27-3ubuntu2.1 and others
    • @@ -1607,7 +1597,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › gnupg2/gpg@2.2.27-3ubuntu2.1 › @@ -1666,7 +1656,7 @@

      Uncontrolled Recursion

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 + docker-image|quay.io/argoproj/argocd@v2.4.25 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1
    @@ -1679,7 +1669,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 @@ -1688,7 +1678,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › grep@3.7-1build1 › @@ -1748,7 +1738,7 @@

      Release of Invalid Pointer or Reference

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 and patch@2.7.6-7build2 + docker-image|quay.io/argoproj/argocd@v2.4.25 and patch@2.7.6-7build2
    @@ -1761,7 +1751,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › patch@2.7.6-7build2 @@ -1815,7 +1805,7 @@

      Double Free

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 and patch@2.7.6-7build2 + docker-image|quay.io/argoproj/argocd@v2.4.25 and patch@2.7.6-7build2
    @@ -1828,7 +1818,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › patch@2.7.6-7build2 @@ -1887,7 +1877,7 @@

      Improper Locking

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 and openssl/libssl3@3.0.2-0ubuntu1.8 + docker-image|quay.io/argoproj/argocd@v2.4.25 and openssl/libssl3@3.0.2-0ubuntu1.8
    @@ -1900,7 +1890,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › openssl/libssl3@3.0.2-0ubuntu1.8 @@ -1909,9 +1899,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.1 + cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 › openssl/libssl3@3.0.2-0ubuntu1.8 @@ -1920,7 +1910,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › libfido2/libfido2-1@1.10.0-1 › @@ -1931,7 +1921,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › openssh/openssh-client@1:8.9p1-3ubuntu0.1 › @@ -1942,7 +1932,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › ca-certificates@20211016ubuntu0.22.04.1 › @@ -1955,7 +1945,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › git@1:2.34.1-1ubuntu1.8 › @@ -1970,7 +1960,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › adduser@3.118ubuntu5 › @@ -1993,7 +1983,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › openssl@3.0.2-0ubuntu1.8 @@ -2002,7 +1992,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › ca-certificates@20211016ubuntu0.22.04.1 › @@ -2059,7 +2049,7 @@

      Improper Privilege Management

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 and openssh/openssh-client@1:8.9p1-3ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.4.25 and openssh/openssh-client@1:8.9p1-3ubuntu0.1
    @@ -2072,7 +2062,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › openssh/openssh-client@1:8.9p1-3ubuntu0.1 @@ -2137,7 +2127,7 @@

      Information Exposure

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 and openssh/openssh-client@1:8.9p1-3ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.4.25 and openssh/openssh-client@1:8.9p1-3ubuntu0.1
    @@ -2150,7 +2140,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › openssh/openssh-client@1:8.9p1-3ubuntu0.1 @@ -2211,7 +2201,7 @@

      Out-of-bounds Read

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 and ncurses/libtinfo6@6.3-2 + docker-image|quay.io/argoproj/argocd@v2.4.25 and ncurses/libtinfo6@6.3-2
    @@ -2224,7 +2214,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › ncurses/libtinfo6@6.3-2 @@ -2233,7 +2223,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › bash@5.1-6ubuntu1 › @@ -2244,7 +2234,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › ncurses/libncursesw6@6.3-2 › @@ -2255,7 +2245,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › less@590-1ubuntu0.22.04.1 › @@ -2266,7 +2256,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › libedit/libedit2@3.1-20210910-1build1 › @@ -2277,7 +2267,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › ncurses/libncurses6@6.3-2 › @@ -2288,7 +2278,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › ncurses/ncurses-bin@6.3-2 › @@ -2299,7 +2289,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › procps@2:3.3.17-6ubuntu2 › @@ -2310,7 +2300,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › util-linux@2.37.2-4ubuntu3 › @@ -2321,7 +2311,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › gnupg2/gpg@2.2.27-3ubuntu2.1 › @@ -2336,7 +2326,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -2351,7 +2341,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › ncurses/libncursesw6@6.3-2 @@ -2360,7 +2350,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › procps@2:3.3.17-6ubuntu2 › @@ -2371,7 +2361,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -2386,7 +2376,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › ncurses/libncurses6@6.3-2 @@ -2395,7 +2385,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › procps@2:3.3.17-6ubuntu2 › @@ -2406,7 +2396,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › ncurses/ncurses-base@6.3-2 @@ -2415,7 +2405,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › ncurses/ncurses-bin@6.3-2 @@ -2473,7 +2463,7 @@

      Integer Overflow or Wraparound

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 and krb5/libk5crypto3@1.19.2-2ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.4.25 and krb5/libk5crypto3@1.19.2-2ubuntu0.1
    @@ -2486,7 +2476,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › krb5/libk5crypto3@1.19.2-2ubuntu0.1 @@ -2495,7 +2485,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › adduser@3.118ubuntu5 › @@ -2516,7 +2506,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › adduser@3.118ubuntu5 › @@ -2539,7 +2529,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › krb5/libkrb5-3@1.19.2-2ubuntu0.1 @@ -2548,7 +2538,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › adduser@3.118ubuntu5 › @@ -2569,7 +2559,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 @@ -2578,7 +2568,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › openssh/openssh-client@1:8.9p1-3ubuntu0.1 › @@ -2589,7 +2579,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › git@1:2.34.1-1ubuntu1.8 › @@ -2602,7 +2592,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › git@1:2.34.1-1ubuntu1.8 › @@ -2617,7 +2607,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › adduser@3.118ubuntu5 › @@ -2636,7 +2626,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › meta-common-packages@meta › @@ -2695,7 +2685,7 @@

      Out-of-bounds Write

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 and gnupg2/gpgv@2.2.27-3ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.4.25 and gnupg2/gpgv@2.2.27-3ubuntu2.1
    @@ -2708,7 +2698,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -2717,7 +2707,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › apt@2.4.8 › @@ -2728,7 +2718,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -2739,7 +2729,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › gnupg2/dirmngr@2.2.27-3ubuntu2.1 › @@ -2750,7 +2740,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › gnupg2/gpg@2.2.27-3ubuntu2.1 › @@ -2761,7 +2751,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -2774,7 +2764,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -2787,7 +2777,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -2796,7 +2786,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -2807,7 +2797,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -2820,7 +2810,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1 @@ -2829,7 +2819,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -2840,7 +2830,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 @@ -2849,7 +2839,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -2860,7 +2850,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -2869,7 +2859,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -2880,7 +2870,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -2893,7 +2883,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -2906,7 +2896,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › gnupg2/gpg-agent@2.2.27-3ubuntu2.1 @@ -2915,7 +2905,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -2926,7 +2916,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -2939,7 +2929,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -2952,7 +2942,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 @@ -2961,7 +2951,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -2972,7 +2962,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 @@ -2981,7 +2971,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -2992,7 +2982,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › gnupg2/gpgsm@2.2.27-3ubuntu2.1 @@ -3001,7 +2991,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -3012,7 +3002,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3070,7 +3060,7 @@

      Allocation of Resources Without Limits or Throttling

      Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 and glibc/libc-bin@2.35-0ubuntu3.1 + docker-image|quay.io/argoproj/argocd@v2.4.25 and glibc/libc-bin@2.35-0ubuntu3.1
    @@ -3083,7 +3073,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › glibc/libc-bin@2.35-0ubuntu3.1 @@ -3092,7 +3082,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › meta-common-packages@meta › @@ -3151,7 +3141,7 @@

      Improper Input Validation

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12, git@1:2.34.1-1ubuntu1.8 and others + docker-image|quay.io/argoproj/argocd@v2.4.25, git@1:2.34.1-1ubuntu1.8 and others
    @@ -3163,7 +3153,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › git@1:2.34.1-1ubuntu1.8 › @@ -3174,7 +3164,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › git@1:2.34.1-1ubuntu1.8 @@ -3183,7 +3173,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › git-lfs@3.0.2-1ubuntu0.1 › @@ -3240,7 +3230,7 @@

      Improper Input Validation

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 and coreutils@8.32-4.1ubuntu1 + docker-image|quay.io/argoproj/argocd@v2.4.25 and coreutils@8.32-4.1ubuntu1
    @@ -3253,7 +3243,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › coreutils@8.32-4.1ubuntu1 @@ -3310,7 +3300,7 @@

      Out-of-bounds Write

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 and bash@5.1-6ubuntu1 + docker-image|quay.io/argoproj/argocd@v2.4.25 and bash@5.1-6ubuntu1
    @@ -3323,7 +3313,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.12 + docker-image|quay.io/argoproj/argocd@v2.4.25 › bash@5.1-6ubuntu1 diff --git a/docs/snyk/v2.4.25/redis_7.0.8-alpine.html b/docs/snyk/v2.4.25/redis_7.0.8-alpine.html new file mode 100644 index 0000000000000..2a23dfc1dd5b5 --- /dev/null +++ b/docs/snyk/v2.4.25/redis_7.0.8-alpine.html @@ -0,0 +1,492 @@ + + + + + + + + + Snyk test report + + + + + + + + + +
      +
      +
      +
      + + + Snyk - Open Source Security + + + + + + + +
      +

      Snyk test report

      + +

      March 12th 2023, 12:22:28 am

      +
      +
      + Scanned the following path: +
        +
      • redis:7.0.8-alpine (apk)
        • +
      +
      + +
      +
      0 known vulnerabilities
      +
      0 vulnerable dependency paths
      +
      18 dependencies
      +
      +
      +
      +
      +
      + + + + + + + +
      Project docker-image|redis
      Path redis:7.0.8-alpine
      Package Manager apk
      +
      +
      + No known vulnerabilities detected. +
      +
      + + + diff --git a/docs/snyk/v2.5.12/haproxy_2.6.2-alpine.html b/docs/snyk/v2.5.12/haproxy_2.6.2-alpine.html deleted file mode 100644 index a83352f480e35..0000000000000 --- a/docs/snyk/v2.5.12/haproxy_2.6.2-alpine.html +++ /dev/null @@ -1,1109 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
      -
      -
      -
      - - - Snyk - Open Source Security - - - - - - - -
      -

      Snyk test report

      - -

      March 5th 2023, 12:23:17 am

      -
      -
      - Scanned the following path: -
        -
      • haproxy:2.6.2-alpine (apk)
        • -
      -
      - -
      -
      4 known vulnerabilities
      -
      36 vulnerable dependency paths
      -
      17 dependencies
      -
      -
      -
      -
      -
      - - - - - - - -
      Project docker-image|haproxy
      Path haproxy:2.6.2-alpine
      Package Manager apk
      -
      -
      -
      -
      -

      Double Free

      -
      - -
      - high severity -
      - -
      - -
        -
      • - Package Manager: alpine:3.16 -
        • -
      • - Vulnerable module: - - openssl/libcrypto1.1 -
        • - -
      • Introduced through: - - docker-image|haproxy@2.6.2-alpine and openssl/libcrypto1.1@1.1.1q-r0 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|haproxy@2.6.2-alpine - › - openssl/libcrypto1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.2-alpine - › - openssl/libssl1.1@1.1.1q-r0 - › - openssl/libcrypto1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.2-alpine - › - .haproxy-rundeps@20220809.192310 - › - openssl/libcrypto1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.2-alpine - › - apk-tools/apk-tools@2.12.9-r3 - › - openssl/libcrypto1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.2-alpine - › - busybox/ssl_client@1.35.0-r17 - › - openssl/libcrypto1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.2-alpine - › - openssl/libssl1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.2-alpine - › - .haproxy-rundeps@20220809.192310 - › - openssl/libssl1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.2-alpine - › - apk-tools/apk-tools@2.12.9-r3 - › - openssl/libssl1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.2-alpine - › - busybox/ssl_client@1.35.0-r17 - › - openssl/libssl1.1@1.1.1q-r0 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.16. - See How to fix? for Alpine:3.16 relevant fixed versions and status.

      -

      The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue.

      -

      Remediation

      -

      Upgrade Alpine:3.16 openssl to version 1.1.1t-r0 or higher.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -

      Access of Resource Using Incompatible Type ('Type Confusion')

      -
      - -
      - high severity -
      - -
      - -
        -
      • - Package Manager: alpine:3.16 -
        • -
      • - Vulnerable module: - - openssl/libcrypto1.1 -
        • - -
      • Introduced through: - - docker-image|haproxy@2.6.2-alpine and openssl/libcrypto1.1@1.1.1q-r0 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|haproxy@2.6.2-alpine - › - openssl/libcrypto1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.2-alpine - › - openssl/libssl1.1@1.1.1q-r0 - › - openssl/libcrypto1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.2-alpine - › - .haproxy-rundeps@20220809.192310 - › - openssl/libcrypto1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.2-alpine - › - apk-tools/apk-tools@2.12.9-r3 - › - openssl/libcrypto1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.2-alpine - › - busybox/ssl_client@1.35.0-r17 - › - openssl/libcrypto1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.2-alpine - › - openssl/libssl1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.2-alpine - › - .haproxy-rundeps@20220809.192310 - › - openssl/libssl1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.2-alpine - › - apk-tools/apk-tools@2.12.9-r3 - › - openssl/libssl1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.2-alpine - › - busybox/ssl_client@1.35.0-r17 - › - openssl/libssl1.1@1.1.1q-r0 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.16. - See How to fix? for Alpine:3.16 relevant fixed versions and status.

      -

      There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.

      -

      Remediation

      -

      Upgrade Alpine:3.16 openssl to version 1.1.1t-r0 or higher.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -

      Use After Free

      -
      - -
      - high severity -
      - -
      - -
        -
      • - Package Manager: alpine:3.16 -
        • -
      • - Vulnerable module: - - openssl/libcrypto1.1 -
        • - -
      • Introduced through: - - docker-image|haproxy@2.6.2-alpine and openssl/libcrypto1.1@1.1.1q-r0 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|haproxy@2.6.2-alpine - › - openssl/libcrypto1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.2-alpine - › - openssl/libssl1.1@1.1.1q-r0 - › - openssl/libcrypto1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.2-alpine - › - .haproxy-rundeps@20220809.192310 - › - openssl/libcrypto1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.2-alpine - › - apk-tools/apk-tools@2.12.9-r3 - › - openssl/libcrypto1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.2-alpine - › - busybox/ssl_client@1.35.0-r17 - › - openssl/libcrypto1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.2-alpine - › - openssl/libssl1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.2-alpine - › - .haproxy-rundeps@20220809.192310 - › - openssl/libssl1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.2-alpine - › - apk-tools/apk-tools@2.12.9-r3 - › - openssl/libssl1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.2-alpine - › - busybox/ssl_client@1.35.0-r17 - › - openssl/libssl1.1@1.1.1q-r0 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.16. - See How to fix? for Alpine:3.16 relevant fixed versions and status.

      -

      The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL cms and smime command line applications are similarly affected.

      -

      Remediation

      -

      Upgrade Alpine:3.16 openssl to version 1.1.1t-r0 or higher.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -

      CVE-2022-4304

      -
      - -
      - medium severity -
      - -
      - -
        -
      • - Package Manager: alpine:3.16 -
        • -
      • - Vulnerable module: - - openssl/libcrypto1.1 -
        • - -
      • Introduced through: - - docker-image|haproxy@2.6.2-alpine and openssl/libcrypto1.1@1.1.1q-r0 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|haproxy@2.6.2-alpine - › - openssl/libcrypto1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.2-alpine - › - openssl/libssl1.1@1.1.1q-r0 - › - openssl/libcrypto1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.2-alpine - › - .haproxy-rundeps@20220809.192310 - › - openssl/libcrypto1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.2-alpine - › - apk-tools/apk-tools@2.12.9-r3 - › - openssl/libcrypto1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.2-alpine - › - busybox/ssl_client@1.35.0-r17 - › - openssl/libcrypto1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.2-alpine - › - openssl/libssl1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.2-alpine - › - .haproxy-rundeps@20220809.192310 - › - openssl/libssl1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.2-alpine - › - apk-tools/apk-tools@2.12.9-r3 - › - openssl/libssl1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.2-alpine - › - busybox/ssl_client@1.35.0-r17 - › - openssl/libssl1.1@1.1.1q-r0 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.16. - See How to fix? for Alpine:3.16 relevant fixed versions and status.

      -

      A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.

      -

      Remediation

      -

      Upgrade Alpine:3.16 openssl to version 1.1.1t-r0 or higher.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -
      -
      - - - diff --git a/docs/snyk/v2.5.12/redis_7.0.7-alpine.html b/docs/snyk/v2.5.12/redis_7.0.7-alpine.html deleted file mode 100644 index 447ffdec8d28b..0000000000000 --- a/docs/snyk/v2.5.12/redis_7.0.7-alpine.html +++ /dev/null @@ -1,1721 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
      -
      -
      -
      - - - Snyk - Open Source Security - - - - - - - -
      -

      Snyk test report

      - -

      March 5th 2023, 12:23:45 am

      -
      -
      - Scanned the following path: -
        -
      • redis:7.0.7-alpine (apk)
        • -
      -
      - -
      -
      8 known vulnerabilities
      -
      72 vulnerable dependency paths
      -
      18 dependencies
      -
      -
      -
      -
      -
      - - - - - - - -
      Project docker-image|redis
      Path redis:7.0.7-alpine
      Package Manager apk
      -
      -
      -
      -
      -

      NULL Pointer Dereference

      -
      - -
      - high severity -
      - -
      - -
        -
      • - Package Manager: alpine:3.17 -
        • -
      • - Vulnerable module: - - openssl/libcrypto3 -
        • - -
      • Introduced through: - - docker-image|redis@7.0.7-alpine and openssl/libcrypto3@3.0.7-r2 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - openssl/libssl3@3.0.7-r2 - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - .redis-rundeps@20230109.200518 - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - apk-tools/apk-tools@2.12.10-r1 - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - busybox/ssl_client@1.35.0-r29 - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - openssl/libssl3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - .redis-rundeps@20230109.200518 - › - openssl/libssl3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - apk-tools/apk-tools@2.12.10-r1 - › - openssl/libssl3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - busybox/ssl_client@1.35.0-r29 - › - openssl/libssl3@3.0.7-r2 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. - See How to fix? for Alpine:3.17 relevant fixed versions and status.

      -

      A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail. There is a missing check for the return value from the initialization function which later leads to invalid usage of the digest API most likely leading to a crash. The unavailability of an algorithm can be caused by using FIPS enabled configuration of providers or more commonly by not loading the legacy provider. PKCS7 data is processed by the SMIME library calls and also by the time stamp (TS) library calls. The TLS implementation in OpenSSL does not call these functions however third party applications would be affected if they call these functions to verify signatures on untrusted data.

      -

      Remediation

      -

      Upgrade Alpine:3.17 openssl to version 3.0.8-r0 or higher.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -

      Use After Free

      -
      - -
      - high severity -
      - -
      - -
        -
      • - Package Manager: alpine:3.17 -
        • -
      • - Vulnerable module: - - openssl/libcrypto3 -
        • - -
      • Introduced through: - - docker-image|redis@7.0.7-alpine and openssl/libcrypto3@3.0.7-r2 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - openssl/libssl3@3.0.7-r2 - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - .redis-rundeps@20230109.200518 - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - apk-tools/apk-tools@2.12.10-r1 - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - busybox/ssl_client@1.35.0-r29 - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - openssl/libssl3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - .redis-rundeps@20230109.200518 - › - openssl/libssl3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - apk-tools/apk-tools@2.12.10-r1 - › - openssl/libssl3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - busybox/ssl_client@1.35.0-r29 - › - openssl/libssl3@3.0.7-r2 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. - See How to fix? for Alpine:3.17 relevant fixed versions and status.

      -

      The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL cms and smime command line applications are similarly affected.

      -

      Remediation

      -

      Upgrade Alpine:3.17 openssl to version 3.0.8-r0 or higher.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -

      Access of Resource Using Incompatible Type ('Type Confusion')

      -
      - -
      - high severity -
      - -
      - -
        -
      • - Package Manager: alpine:3.17 -
        • -
      • - Vulnerable module: - - openssl/libcrypto3 -
        • - -
      • Introduced through: - - docker-image|redis@7.0.7-alpine and openssl/libcrypto3@3.0.7-r2 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - openssl/libssl3@3.0.7-r2 - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - .redis-rundeps@20230109.200518 - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - apk-tools/apk-tools@2.12.10-r1 - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - busybox/ssl_client@1.35.0-r29 - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - openssl/libssl3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - .redis-rundeps@20230109.200518 - › - openssl/libssl3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - apk-tools/apk-tools@2.12.10-r1 - › - openssl/libssl3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - busybox/ssl_client@1.35.0-r29 - › - openssl/libssl3@3.0.7-r2 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. - See How to fix? for Alpine:3.17 relevant fixed versions and status.

      -

      There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.

      -

      Remediation

      -

      Upgrade Alpine:3.17 openssl to version 3.0.8-r0 or higher.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -

      Double Free

      -
      - -
      - high severity -
      - -
      - -
        -
      • - Package Manager: alpine:3.17 -
        • -
      • - Vulnerable module: - - openssl/libcrypto3 -
        • - -
      • Introduced through: - - docker-image|redis@7.0.7-alpine and openssl/libcrypto3@3.0.7-r2 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - openssl/libssl3@3.0.7-r2 - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - .redis-rundeps@20230109.200518 - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - apk-tools/apk-tools@2.12.10-r1 - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - busybox/ssl_client@1.35.0-r29 - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - openssl/libssl3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - .redis-rundeps@20230109.200518 - › - openssl/libssl3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - apk-tools/apk-tools@2.12.10-r1 - › - openssl/libssl3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - busybox/ssl_client@1.35.0-r29 - › - openssl/libssl3@3.0.7-r2 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. - See How to fix? for Alpine:3.17 relevant fixed versions and status.

      -

      The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue.

      -

      Remediation

      -

      Upgrade Alpine:3.17 openssl to version 3.0.8-r0 or higher.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -

      NULL Pointer Dereference

      -
      - -
      - high severity -
      - -
      - -
        -
      • - Package Manager: alpine:3.17 -
        • -
      • - Vulnerable module: - - openssl/libcrypto3 -
        • - -
      • Introduced through: - - docker-image|redis@7.0.7-alpine and openssl/libcrypto3@3.0.7-r2 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - openssl/libssl3@3.0.7-r2 - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - .redis-rundeps@20230109.200518 - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - apk-tools/apk-tools@2.12.10-r1 - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - busybox/ssl_client@1.35.0-r29 - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - openssl/libssl3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - .redis-rundeps@20230109.200518 - › - openssl/libssl3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - apk-tools/apk-tools@2.12.10-r1 - › - openssl/libssl3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - busybox/ssl_client@1.35.0-r29 - › - openssl/libssl3@3.0.7-r2 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. - See How to fix? for Alpine:3.17 relevant fixed versions and status.

      -

      An invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the d2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions. The result of the dereference is an application crash which could lead to a denial of service attack. The TLS implementation in OpenSSL does not call this function however third party applications might call these functions on untrusted data.

      -

      Remediation

      -

      Upgrade Alpine:3.17 openssl to version 3.0.8-r0 or higher.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -

      NULL Pointer Dereference

      -
      - -
      - high severity -
      - -
      - -
        -
      • - Package Manager: alpine:3.17 -
        • -
      • - Vulnerable module: - - openssl/libcrypto3 -
        • - -
      • Introduced through: - - docker-image|redis@7.0.7-alpine and openssl/libcrypto3@3.0.7-r2 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - openssl/libssl3@3.0.7-r2 - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - .redis-rundeps@20230109.200518 - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - apk-tools/apk-tools@2.12.10-r1 - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - busybox/ssl_client@1.35.0-r29 - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - openssl/libssl3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - .redis-rundeps@20230109.200518 - › - openssl/libssl3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - apk-tools/apk-tools@2.12.10-r1 - › - openssl/libssl3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - busybox/ssl_client@1.35.0-r29 - › - openssl/libssl3@3.0.7-r2 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. - See How to fix? for Alpine:3.17 relevant fixed versions and status.

      -

      An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVP_PKEY_public_check() function. This will most likely lead to an application crash. This function can be called on public keys supplied from untrusted sources which could allow an attacker to cause a denial of service attack. The TLS implementation in OpenSSL does not call this function but applications might call the function if there are additional security requirements imposed by standards such as FIPS 140-3.

      -

      Remediation

      -

      Upgrade Alpine:3.17 openssl to version 3.0.8-r0 or higher.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -

      CVE-2022-4304

      -
      - -
      - medium severity -
      - -
      - -
        -
      • - Package Manager: alpine:3.17 -
        • -
      • - Vulnerable module: - - openssl/libcrypto3 -
        • - -
      • Introduced through: - - docker-image|redis@7.0.7-alpine and openssl/libcrypto3@3.0.7-r2 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - openssl/libssl3@3.0.7-r2 - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - .redis-rundeps@20230109.200518 - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - apk-tools/apk-tools@2.12.10-r1 - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - busybox/ssl_client@1.35.0-r29 - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - openssl/libssl3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - .redis-rundeps@20230109.200518 - › - openssl/libssl3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - apk-tools/apk-tools@2.12.10-r1 - › - openssl/libssl3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - busybox/ssl_client@1.35.0-r29 - › - openssl/libssl3@3.0.7-r2 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. - See How to fix? for Alpine:3.17 relevant fixed versions and status.

      -

      A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.

      -

      Remediation

      -

      Upgrade Alpine:3.17 openssl to version 3.0.8-r0 or higher.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -

      CVE-2022-4203

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Package Manager: alpine:3.17 -
        • -
      • - Vulnerable module: - - openssl/libcrypto3 -
        • - -
      • Introduced through: - - docker-image|redis@7.0.7-alpine and openssl/libcrypto3@3.0.7-r2 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - openssl/libssl3@3.0.7-r2 - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - .redis-rundeps@20230109.200518 - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - apk-tools/apk-tools@2.12.10-r1 - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - busybox/ssl_client@1.35.0-r29 - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - openssl/libssl3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - .redis-rundeps@20230109.200518 - › - openssl/libssl3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - apk-tools/apk-tools@2.12.10-r1 - › - openssl/libssl3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - busybox/ssl_client@1.35.0-r29 - › - openssl/libssl3@3.0.7-r2 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. - See How to fix? for Alpine:3.17 relevant fixed versions and status.

      -

      A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. The read buffer overrun might result in a crash which could lead to a denial of service attack. In theory it could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext) although we are not aware of any working exploit leading to memory contents disclosure as of the time of release of this advisory. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects.

      -

      Remediation

      -

      Upgrade Alpine:3.17 openssl to version 3.0.8-r0 or higher.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -
      -
      - - - diff --git a/docs/snyk/v2.5.12/argocd-iac-install.html b/docs/snyk/v2.5.13/argocd-iac-install.html similarity index 79% rename from docs/snyk/v2.5.12/argocd-iac-install.html rename to docs/snyk/v2.5.13/argocd-iac-install.html index a29935382f372..c7db8ef96f648 100644 --- a/docs/snyk/v2.5.12/argocd-iac-install.html +++ b/docs/snyk/v2.5.13/argocd-iac-install.html @@ -456,7 +456,7 @@

      Snyk test report

      -

      March 5th 2023, 12:24:45 am

      +

      March 12th 2023, 12:21:20 am

      Scanned the following path: @@ -466,7 +466,7 @@

      Snyk test report

      -
      32 total issues
      +
      41 total issues
    @@ -2222,6 +2222,510 @@

    Remediation

    +
    +

    Container's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 42] + › + input + › + spec + › + template + › + spec + › + containers[argocd-applicationset-controller] + › + securityContext + › + runAsUser + +
      • + +
    • + Line number: 9966 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 43] + › + input + › + spec + › + template + › + spec + › + initContainers[copyutil] + › + securityContext + › + runAsUser + +
      • + +
    • + Line number: 10071 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 43] + › + input + › + spec + › + template + › + spec + › + containers[dex] + › + securityContext + › + runAsUser + +
      • + +
    • + Line number: 10046 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 44] + › + input + › + spec + › + template + › + spec + › + containers[argocd-notifications-controller] + › + securityContext + › + runAsUser + +
      • + +
    • + Line number: 10127 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 45] + › + input + › + spec + › + template + › + spec + › + containers[redis] + › + securityContext + › + runAsUser + +
      • + +
    • + Line number: 10203 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 46] + › + input + › + spec + › + template + › + spec + › + initContainers[copyutil] + › + securityContext + › + runAsUser + +
      • + +
    • + Line number: 10427 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 46] + › + input + › + spec + › + template + › + spec + › + containers[argocd-repo-server] + › + securityContext + › + runAsUser + +
      • + +
    • + Line number: 10393 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 47] + › + input + › + spec + › + template + › + spec + › + containers[argocd-server] + › + securityContext + › + runAsUser + +
      • + +
    • + Line number: 10712 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 48] + › + input + › + spec + › + template + › + spec + › + containers[argocd-application-controller] + › + securityContext + › + runAsUser + +
      • + +
    • + Line number: 10938 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    diff --git a/docs/snyk/v2.5.12/argocd-iac-namespace-install.html b/docs/snyk/v2.5.13/argocd-iac-namespace-install.html similarity index 79% rename from docs/snyk/v2.5.12/argocd-iac-namespace-install.html rename to docs/snyk/v2.5.13/argocd-iac-namespace-install.html index fbbd677cec3a7..6d57bb795becc 100644 --- a/docs/snyk/v2.5.12/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.5.13/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    March 5th 2023, 12:24:55 am

    +

    March 12th 2023, 12:21:32 am

    Scanned the following path: @@ -466,7 +466,7 @@

    Snyk test report

    -
    32 total issues
    +
    41 total issues
    @@ -2222,6 +2222,510 @@

    Remediation

    +
    +

    Container's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 35] + › + input + › + spec + › + template + › + spec + › + containers[argocd-applicationset-controller] + › + securityContext + › + runAsUser + +
      • + +
    • + Line number: 632 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 36] + › + input + › + spec + › + template + › + spec + › + initContainers[copyutil] + › + securityContext + › + runAsUser + +
      • + +
    • + Line number: 737 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 36] + › + input + › + spec + › + template + › + spec + › + containers[dex] + › + securityContext + › + runAsUser + +
      • + +
    • + Line number: 712 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 37] + › + input + › + spec + › + template + › + spec + › + containers[argocd-notifications-controller] + › + securityContext + › + runAsUser + +
      • + +
    • + Line number: 793 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 38] + › + input + › + spec + › + template + › + spec + › + containers[redis] + › + securityContext + › + runAsUser + +
      • + +
    • + Line number: 869 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 39] + › + input + › + spec + › + template + › + spec + › + initContainers[copyutil] + › + securityContext + › + runAsUser + +
      • + +
    • + Line number: 1093 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 39] + › + input + › + spec + › + template + › + spec + › + containers[argocd-repo-server] + › + securityContext + › + runAsUser + +
      • + +
    • + Line number: 1059 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 40] + › + input + › + spec + › + template + › + spec + › + containers[argocd-server] + › + securityContext + › + runAsUser + +
      • + +
    • + Line number: 1378 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 41] + › + input + › + spec + › + template + › + spec + › + containers[argocd-application-controller] + › + securityContext + › + runAsUser + +
      • + +
    • + Line number: 1604 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    diff --git a/docs/snyk/v2.5.12/argocd-test.html b/docs/snyk/v2.5.13/argocd-test.html similarity index 78% rename from docs/snyk/v2.5.12/argocd-test.html rename to docs/snyk/v2.5.13/argocd-test.html index 72e6a8ed038ee..d43f006ceef68 100644 --- a/docs/snyk/v2.5.12/argocd-test.html +++ b/docs/snyk/v2.5.13/argocd-test.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    March 5th 2023, 12:23:05 am

    +

    March 12th 2023, 12:19:54 am

    Scanned the following paths: @@ -466,8 +466,8 @@

    Snyk test report

    -
    7 known vulnerabilities
    -
    332 vulnerable dependency paths
    +
    8 known vulnerabilities
    +
    421 vulnerable dependency paths
    1720 dependencies
    @@ -476,6 +476,1857 @@

    Snyk test report

    +
    +

    Denial of Service (DoS)

    +
    + +
    + high severity +
    + +
    + +
      +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + golang.org/x/net/http2/hpack +
      • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, github.com/soheilhy/cmux@0.1.5 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/soheilhy/cmux@0.1.5 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/soheilhy/cmux@0.1.5 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + google.golang.org/grpc@1.45.0 + › + google.golang.org/grpc/internal/transport@1.45.0 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/apimachinery/pkg/watch@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + google.golang.org/grpc@1.45.0 + › + google.golang.org/grpc/internal/transport@1.45.0 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/grpc-ecosystem/go-grpc-middleware@1.3.0 + › + google.golang.org/grpc@1.45.0 + › + google.golang.org/grpc/internal/transport@1.45.0 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/grpc-ecosystem/go-grpc-middleware/auth@1.3.0 + › + google.golang.org/grpc@1.45.0 + › + google.golang.org/grpc/internal/transport@1.45.0 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/grpc-ecosystem/go-grpc-middleware/retry@1.3.0 + › + google.golang.org/grpc@1.45.0 + › + google.golang.org/grpc/internal/transport@1.45.0 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 + › + google.golang.org/grpc@1.45.0 + › + google.golang.org/grpc/internal/transport@1.45.0 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + google.golang.org/grpc/health/grpc_health_v1@1.45.0 + › + google.golang.org/grpc@1.45.0 + › + google.golang.org/grpc/internal/transport@1.45.0 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.3.0 + › + google.golang.org/grpc@1.45.0 + › + google.golang.org/grpc/internal/transport@1.45.0 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/improbable-eng/grpc-web/go/grpcweb@#16092bd1d58a + › + google.golang.org/grpc@1.45.0 + › + google.golang.org/grpc/internal/transport@1.45.0 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.31.0 + › + google.golang.org/grpc@1.45.0 + › + google.golang.org/grpc/internal/transport@1.45.0 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.6.3 + › + google.golang.org/grpc@1.45.0 + › + google.golang.org/grpc/internal/transport@1.45.0 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + › + k8s.io/apimachinery/pkg/watch@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/client-go/rest@0.24.2 + › + k8s.io/client-go/transport@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/grpc-ecosystem/go-grpc-middleware@1.3.0 + › + google.golang.org/grpc@1.45.0 + › + google.golang.org/grpc/internal/transport@1.45.0 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/grpc-ecosystem/go-grpc-middleware/auth@1.3.0 + › + google.golang.org/grpc@1.45.0 + › + google.golang.org/grpc/internal/transport@1.45.0 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/grpc-ecosystem/go-grpc-middleware/retry@1.3.0 + › + google.golang.org/grpc@1.45.0 + › + google.golang.org/grpc/internal/transport@1.45.0 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 + › + google.golang.org/grpc@1.45.0 + › + google.golang.org/grpc/internal/transport@1.45.0 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + google.golang.org/grpc/health/grpc_health_v1@1.45.0 + › + google.golang.org/grpc@1.45.0 + › + google.golang.org/grpc/internal/transport@1.45.0 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.3.0 + › + google.golang.org/grpc@1.45.0 + › + google.golang.org/grpc/internal/transport@1.45.0 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/improbable-eng/grpc-web/go/grpcweb@#16092bd1d58a + › + google.golang.org/grpc@1.45.0 + › + google.golang.org/grpc/internal/transport@1.45.0 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.31.0 + › + google.golang.org/grpc@1.45.0 + › + google.golang.org/grpc/internal/transport@1.45.0 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.6.3 + › + google.golang.org/grpc@1.45.0 + › + google.golang.org/grpc/internal/transport@1.45.0 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + google.golang.org/grpc/reflection@1.45.0 + › + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.45.0 + › + google.golang.org/grpc@1.45.0 + › + google.golang.org/grpc/internal/transport@1.45.0 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + google.golang.org/grpc/health@1.45.0 + › + google.golang.org/grpc/health/grpc_health_v1@1.45.0 + › + google.golang.org/grpc@1.45.0 + › + google.golang.org/grpc/internal/transport@1.45.0 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + › + k8s.io/apimachinery/pkg/watch@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/api/rbac/v1@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + › + k8s.io/apimachinery/pkg/watch@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + › + k8s.io/apimachinery/pkg/watch@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/api/core/v1@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + › + k8s.io/apimachinery/pkg/watch@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/apimachinery/pkg/api/errors@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + › + k8s.io/apimachinery/pkg/watch@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/apimachinery/pkg/api/equality@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + › + k8s.io/apimachinery/pkg/watch@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/client-go/discovery@0.24.2 + › + k8s.io/client-go/rest@0.24.2 + › + k8s.io/client-go/transport@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/client-go/dynamic@0.24.2 + › + k8s.io/client-go/rest@0.24.2 + › + k8s.io/client-go/transport@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/client-go/transport/spdy@0.24.2 + › + k8s.io/client-go/rest@0.24.2 + › + k8s.io/client-go/transport@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/pkg/kubeclientmetrics@#36c59d8fafe0 + › + k8s.io/client-go/rest@0.24.2 + › + k8s.io/client-go/transport@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/client-go/testing@0.24.2 + › + k8s.io/client-go/rest@0.24.2 + › + k8s.io/client-go/transport@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/client-go/kubernetes@0.24.2 + › + k8s.io/client-go/rest@0.24.2 + › + k8s.io/client-go/transport@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/client-go/plugin/pkg/client/auth/azure@0.24.2 + › + k8s.io/client-go/rest@0.24.2 + › + k8s.io/client-go/transport@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/client-go/plugin/pkg/client/auth/gcp@0.24.2 + › + k8s.io/client-go/rest@0.24.2 + › + k8s.io/client-go/transport@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/client-go/plugin/pkg/client/auth/oidc@0.24.2 + › + k8s.io/client-go/rest@0.24.2 + › + k8s.io/client-go/transport@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + google.golang.org/grpc/reflection@1.45.0 + › + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.45.0 + › + google.golang.org/grpc@1.45.0 + › + google.golang.org/grpc/internal/transport@1.45.0 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + google.golang.org/grpc/health@1.45.0 + › + google.golang.org/grpc/health/grpc_health_v1@1.45.0 + › + google.golang.org/grpc@1.45.0 + › + google.golang.org/grpc/internal/transport@1.45.0 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.3.0 + › + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.3.0 + › + github.com/grpc-ecosystem/go-grpc-middleware/tags@1.3.0 + › + google.golang.org/grpc@1.45.0 + › + google.golang.org/grpc/internal/transport@1.45.0 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/kubectl/pkg/util/openapi@0.24.2 + › + k8s.io/client-go/discovery@0.24.2 + › + k8s.io/client-go/rest@0.24.2 + › + k8s.io/client-go/transport@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/apimachinery/pkg/util/managedfields@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + › + k8s.io/apimachinery/pkg/watch@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/gitops-engine/pkg/sync/resource@#98ccd3d43fd9 + › + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + › + k8s.io/apimachinery/pkg/watch@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/gitops-engine/pkg/sync/common@#98ccd3d43fd9 + › + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + › + k8s.io/apimachinery/pkg/watch@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/gitops-engine/pkg/sync/hook@#98ccd3d43fd9 + › + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + › + k8s.io/apimachinery/pkg/watch@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/gitops-engine/pkg/sync/ignore@#98ccd3d43fd9 + › + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + › + k8s.io/apimachinery/pkg/watch@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#98ccd3d43fd9 + › + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + › + k8s.io/apimachinery/pkg/watch@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/gitops-engine/pkg/utils/testing@#98ccd3d43fd9 + › + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + › + k8s.io/apimachinery/pkg/watch@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/client-go/tools/record@0.24.2 + › + k8s.io/client-go/tools/reference@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + › + k8s.io/apimachinery/pkg/watch@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/client-go/tools/cache@0.24.2 + › + k8s.io/client-go/tools/pager@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + › + k8s.io/apimachinery/pkg/watch@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.24.2 + › + k8s.io/client-go/pkg/apis/clientauthentication@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + › + k8s.io/apimachinery/pkg/watch@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + sigs.k8s.io/controller-runtime@0.11.0 + › + sigs.k8s.io/controller-runtime/pkg/scheme@0.11.0 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + › + k8s.io/apimachinery/pkg/watch@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/client-go/util/retry@0.24.2 + › + k8s.io/apimachinery/pkg/api/errors@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + › + k8s.io/apimachinery/pkg/watch@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/kubectl/pkg/util/resource@0.24.2 + › + k8s.io/api/core/v1@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + › + k8s.io/apimachinery/pkg/watch@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/gitops-engine/pkg/health@#98ccd3d43fd9 + › + k8s.io/kubectl/pkg/util/podutils@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + › + k8s.io/apimachinery/pkg/watch@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/apimachinery/pkg/api/validation@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1/validation@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + › + k8s.io/apimachinery/pkg/watch@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/client-go/tools/portforward@0.24.2 + › + k8s.io/api/core/v1@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + › + k8s.io/apimachinery/pkg/watch@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/client-go/discovery/fake@0.24.2 + › + k8s.io/client-go/testing@0.24.2 + › + k8s.io/client-go/rest@0.24.2 + › + k8s.io/client-go/transport@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/client-go/kubernetes/fake@0.24.2 + › + k8s.io/client-go/testing@0.24.2 + › + k8s.io/client-go/rest@0.24.2 + › + k8s.io/client-go/transport@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/client-go/tools/remotecommand@0.24.2 + › + k8s.io/client-go/transport/spdy@0.24.2 + › + k8s.io/client-go/rest@0.24.2 + › + k8s.io/client-go/transport@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.3.0 + › + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.3.0 + › + github.com/grpc-ecosystem/go-grpc-middleware/tags@1.3.0 + › + google.golang.org/grpc@1.45.0 + › + google.golang.org/grpc/internal/transport@1.45.0 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/gitops-engine/pkg/cache@#98ccd3d43fd9 + › + k8s.io/kubectl/pkg/util/openapi@0.24.2 + › + k8s.io/client-go/discovery@0.24.2 + › + k8s.io/client-go/rest@0.24.2 + › + k8s.io/client-go/transport@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/gitops-engine/pkg/sync@#98ccd3d43fd9 + › + k8s.io/kubectl/pkg/util/openapi@0.24.2 + › + k8s.io/client-go/discovery@0.24.2 + › + k8s.io/client-go/rest@0.24.2 + › + k8s.io/client-go/transport@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/gitops-engine/pkg/utils/kube@#98ccd3d43fd9 + › + k8s.io/kubectl/pkg/util/openapi@0.24.2 + › + k8s.io/client-go/discovery@0.24.2 + › + k8s.io/client-go/rest@0.24.2 + › + k8s.io/client-go/transport@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/apimachinery/pkg/runtime/serializer@0.24.2 + › + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + › + k8s.io/apimachinery/pkg/watch@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/client-go/listers/core/v1@0.24.2 + › + k8s.io/client-go/tools/cache@0.24.2 + › + k8s.io/client-go/tools/pager@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + › + k8s.io/apimachinery/pkg/watch@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/notifications-engine/pkg/api@#4d8552b0775f + › + k8s.io/client-go/tools/cache@0.24.2 + › + k8s.io/client-go/tools/pager@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + › + k8s.io/apimachinery/pkg/watch@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/client-go/informers/core/v1@0.24.2 + › + k8s.io/client-go/tools/cache@0.24.2 + › + k8s.io/client-go/tools/pager@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + › + k8s.io/apimachinery/pkg/watch@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/client-go/informers@0.24.2 + › + k8s.io/client-go/tools/cache@0.24.2 + › + k8s.io/client-go/tools/pager@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + › + k8s.io/apimachinery/pkg/watch@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/notifications-engine/pkg/controller@#4d8552b0775f + › + k8s.io/client-go/tools/cache@0.24.2 + › + k8s.io/client-go/tools/pager@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + › + k8s.io/apimachinery/pkg/watch@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/kubectl/pkg/util/term@0.24.2 + › + k8s.io/client-go/tools/remotecommand@0.24.2 + › + k8s.io/client-go/transport/spdy@0.24.2 + › + k8s.io/client-go/rest@0.24.2 + › + k8s.io/client-go/transport@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/client-go/tools/clientcmd@0.24.2 + › + k8s.io/client-go/tools/clientcmd/api/latest@0.24.2 + › + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + › + k8s.io/apimachinery/pkg/watch@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/client-go/kubernetes/scheme@0.24.2 + › + k8s.io/apimachinery/pkg/runtime/serializer@0.24.2 + › + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + › + k8s.io/apimachinery/pkg/watch@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.11.0 + › + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 + › + k8s.io/client-go/restmapper@0.24.2 + › + k8s.io/client-go/discovery@0.24.2 + › + k8s.io/client-go/rest@0.24.2 + › + k8s.io/client-go/transport@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/gitops-engine/pkg/diff@#98ccd3d43fd9 + › + k8s.io/client-go/kubernetes/scheme@0.24.2 + › + k8s.io/apimachinery/pkg/runtime/serializer@0.24.2 + › + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + › + k8s.io/apimachinery/pkg/watch@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + sigs.k8s.io/controller-runtime/pkg/envtest@0.11.0 + › + sigs.k8s.io/controller-runtime/pkg/webhook/conversion@0.11.0 + › + k8s.io/apimachinery/pkg/runtime/serializer@0.24.2 + › + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + › + k8s.io/apimachinery/pkg/watch@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/notifications-engine/pkg/cmd@#4d8552b0775f + › + k8s.io/client-go/tools/clientcmd@0.24.2 + › + k8s.io/client-go/tools/clientcmd/api/latest@0.24.2 + › + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + › + k8s.io/apimachinery/pkg/watch@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#98ccd3d43fd9 + › + k8s.io/kubernetes/pkg/apis/storage/install@1.24.2 + › + k8s.io/kubernetes/pkg/apis/storage/v1beta1@1.24.2 + › + k8s.io/kubernetes/pkg/apis/storage@1.24.2 + › + k8s.io/kubernetes/pkg/apis/core@1.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + › + k8s.io/apimachinery/pkg/watch@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + sigs.k8s.io/controller-runtime/pkg/client@0.11.0 + › + sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 + › + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 + › + k8s.io/client-go/restmapper@0.24.2 + › + k8s.io/client-go/discovery@0.24.2 + › + k8s.io/client-go/rest@0.24.2 + › + k8s.io/client-go/transport@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + sigs.k8s.io/controller-runtime/pkg/cache@0.11.0 + › + sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 + › + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 + › + k8s.io/client-go/restmapper@0.24.2 + › + k8s.io/client-go/discovery@0.24.2 + › + k8s.io/client-go/rest@0.24.2 + › + k8s.io/client-go/transport@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + sigs.k8s.io/controller-runtime/pkg/event@0.11.0 + › + sigs.k8s.io/controller-runtime/pkg/client@0.11.0 + › + sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 + › + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 + › + k8s.io/client-go/restmapper@0.24.2 + › + k8s.io/client-go/discovery@0.24.2 + › + k8s.io/client-go/rest@0.24.2 + › + k8s.io/client-go/transport@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + sigs.k8s.io/controller-runtime/pkg/handler@0.11.0 + › + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.11.0 + › + sigs.k8s.io/controller-runtime/pkg/client@0.11.0 + › + sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 + › + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 + › + k8s.io/client-go/restmapper@0.24.2 + › + k8s.io/client-go/discovery@0.24.2 + › + k8s.io/client-go/rest@0.24.2 + › + k8s.io/client-go/transport@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + sigs.k8s.io/controller-runtime/pkg/source@0.11.0 + › + sigs.k8s.io/controller-runtime/pkg/source/internal@0.11.0 + › + sigs.k8s.io/controller-runtime/pkg/predicate@0.11.0 + › + sigs.k8s.io/controller-runtime/pkg/event@0.11.0 + › + sigs.k8s.io/controller-runtime/pkg/client@0.11.0 + › + sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 + › + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 + › + k8s.io/client-go/restmapper@0.24.2 + › + k8s.io/client-go/discovery@0.24.2 + › + k8s.io/client-go/rest@0.24.2 + › + k8s.io/client-go/transport@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@#9d032be2e588 + › + golang.org/x/net/http2/hpack@#9d032be2e588 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

    +

    Details

    +

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    +

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    +

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    +

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    +

    Two common types of DoS vulnerabilities:

    +
      +

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      +
      • +

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      +
      • +
    +

    Remediation

    +

    Upgrade golang.org/x/net/http2/hpack to version 0.7.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +

    Server-side Request Forgery (SSRF)

    @@ -529,8 +2380,8 @@

    Detailed paths

    Overview

    -

    parse-url is an An advanced url parser supporting git urls too.

    -

    Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) due to improper detection of protocol, resource, and pathname fields. Exploiting this vulnerability results in bypassing protocol verification.

    +

    parse-url is an An advanced url parser supporting git urls too. + Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) due to improper detection of protocol, resource, and pathname fields. Exploiting this vulnerability results in bypassing protocol verification.

    PoC:

    import parseUrl from "parse-url";
         import fetch from 'node-fetch';
@@ -611,8 +2462,8 @@ 
    Detailed paths
    
               
    
               
               
    Overview
    
-        
    parse-url is an An advanced url parser supporting git urls too.
    
-        
    Affected versions of this package are vulnerable to Improper Input Validation due to incorrect parsing of URLs. This allows the attacker to craft a malformed URL which can lead to a phishing attack.
    
+        
    parse-url is an An advanced url parser supporting git urls too.
+        Affected versions of this package are vulnerable to Improper Input Validation due to incorrect parsing of URLs. This allows the attacker to craft a malformed URL which can lead to a phishing attack.
    
         
    
         const parseUrl = require("parse-url");
         const Url = require("url");
@@ -705,8 +2556,8 @@ 
    Detailed paths
    
               
    
               
               
    Overview
    
-        
    minimatch is a minimal matching utility.
    
-        
    Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the braceExpand function in minimatch.js.
    
+        
    minimatch is a minimal matching utility.
+        Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the braceExpand function in minimatch.js.
    
         
    Details
    
         
    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.
    
         
    The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.
    
@@ -5056,8 +6907,8 @@ 
    Detailed paths
    
               
    
               
               
    Overview
    
-        
    gopkg.in/yaml.v2 is a YAML support package for the Go language.
    
-        
    Affected versions of this package are vulnerable to Denial of Service (DoS). It is possible for authorized users to send malicious YAML payloads to cause kube-apiserver to consume excessive CPU cycles while parsing YAML.
    
+        
    gopkg.in/yaml.v2 is a YAML support package for the Go language.
+        Affected versions of this package are vulnerable to Denial of Service (DoS). It is possible for authorized users to send malicious YAML payloads to cause kube-apiserver to consume excessive CPU cycles while parsing YAML.
    
         
    Details
    
         
    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.
    
         
    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.
    
@@ -7234,8 +9085,8 @@ 
    Detailed paths
    
               
    
               
               
    Overview
    
-        
    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.
    
-        
    Affected versions of this package are vulnerable to Denial of Service (DoS) due to improper checks and limitations for the number of entries in the cache, which can allow an attacker to consume unbounded amounts of memory by sending a small number of very large keys.
    
+        
    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.
+        Affected versions of this package are vulnerable to Denial of Service (DoS) due to improper checks and limitations for the number of entries in the cache, which can allow an attacker to consume unbounded amounts of memory by sending a small number of very large keys.
    
         
    Details
    
         
    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.
    
         
    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.
    
@@ -7341,8 +9192,8 @@ 
    Detailed paths
    
               
    
               
               
    Overview
    
-        
    go.mongodb.org/mongo-driver/bson/bsonrw is a The MongoDB supported driver for Go.
    
-        
    Affected versions of this package are vulnerable to Improper Input Validation. Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents.
    
+        
    go.mongodb.org/mongo-driver/bson/bsonrw is a The MongoDB supported driver for Go.
+        Affected versions of this package are vulnerable to Improper Input Validation. Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents.
    
         
    Remediation
    
         
    Upgrade go.mongodb.org/mongo-driver/bson/bsonrw to version 1.5.1 or higher.
    
         
    References
    
diff --git a/docs/snyk/v2.6.3/ghcr.io_dexidp_dex_v2.35.3.html b/docs/snyk/v2.5.13/ghcr.io_dexidp_dex_v2.35.3.html
similarity index 91%
rename from docs/snyk/v2.6.3/ghcr.io_dexidp_dex_v2.35.3.html
rename to docs/snyk/v2.5.13/ghcr.io_dexidp_dex_v2.35.3.html
index fe33f32907baf..3d2d890d7eb92 100644
--- a/docs/snyk/v2.6.3/ghcr.io_dexidp_dex_v2.35.3.html
+++ b/docs/snyk/v2.5.13/ghcr.io_dexidp_dex_v2.35.3.html
@@ -7,7 +7,7 @@
   
   
   Snyk test report
-  
+  
   
   
@@ -456,7 +456,7 @@
               
    
                   
    Snyk test report
    
     
-                
    March 5th 2023, 12:20:17 am
    
+                
    March 12th 2023, 12:20:02 am
    
               
    
               
    
                 Scanned the following paths:
@@ -466,8 +466,8 @@ 
    Snyk test report
    
               
    
     
               
    
-                
    8 known vulnerabilities
    
-                
    35 vulnerable dependency paths
    
+                
    9 known vulnerabilities
    
+                
    37 vulnerable dependency paths
    
                 
    756 dependencies
    @@ -873,6 +873,94 @@

    References

    More about this vulnerability

    +
    +
    +

    Denial of Service (DoS)

    +
    + +
    + high severity +
    + +
    + +
      +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + golang.org/x/net/http2/hpack +
      • + +
    • Introduced through: + + github.com/hairyhenderson/gomplate/v3@* and golang.org/x/net/http2/hpack@v0.0.0-20220909164309-bea034e7d591 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/hairyhenderson/gomplate/v3@* + › + golang.org/x/net/http2/hpack@v0.0.0-20220909164309-bea034e7d591 + + + +
      • +
    • + Introduced through: + github.com/dexidp/dex@* + › + golang.org/x/net/http2/hpack@v0.0.0-20220927171203-f486391704dc + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

    +

    Details

    +

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    +

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    +

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    +

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    +

    Two common types of DoS vulnerabilities:

    +
      +

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      +
      • +

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      +
      • +
    +

    Remediation

    +

    Upgrade golang.org/x/net/http2/hpack to version 0.7.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    Denial of Service (DoS)

    @@ -932,8 +1020,8 @@

    Detailed paths

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    -

    Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

    +

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go. + Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

    Details

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    @@ -1293,8 +1381,8 @@

    Detailed paths

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    -

    Affected versions of this package are vulnerable to Denial of Service (DoS) due to improper checks and limitations for the number of entries in the cache, which can allow an attacker to consume unbounded amounts of memory by sending a small number of very large keys.

    +

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go. + Affected versions of this package are vulnerable to Denial of Service (DoS) due to improper checks and limitations for the number of entries in the cache, which can allow an attacker to consume unbounded amounts of memory by sending a small number of very large keys.

    Details

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    diff --git a/docs/snyk/v2.5.13/haproxy_2.6.9-alpine.html b/docs/snyk/v2.5.13/haproxy_2.6.9-alpine.html new file mode 100644 index 0000000000000..0dbfcb4edd7a2 --- /dev/null +++ b/docs/snyk/v2.5.13/haproxy_2.6.9-alpine.html @@ -0,0 +1,492 @@ + + + + + + + + + Snyk test report + + + + + + + + + +
    +
    +
    +
    + + + Snyk - Open Source Security + + + + + + + +
    +

    Snyk test report

    + +

    March 12th 2023, 12:20:06 am

    +
    +
    + Scanned the following path: +
      +
    • haproxy:2.6.9-alpine (apk)
      • +
    +
    + +
    +
    0 known vulnerabilities
    +
    0 vulnerable dependency paths
    +
    18 dependencies
    +
    +
    +
    +
    +
    + + + + + + + +
    Project docker-image|haproxy
    Path haproxy:2.6.9-alpine
    Package Manager apk
    +
    +
    + No known vulnerabilities detected. +
    +
    + + + diff --git a/docs/snyk/v2.6.3/quay.io_argoproj_argocd_v2.6.3.html b/docs/snyk/v2.5.13/quay.io_argoproj_argocd_v2.5.13.html similarity index 87% rename from docs/snyk/v2.6.3/quay.io_argoproj_argocd_v2.6.3.html rename to docs/snyk/v2.5.13/quay.io_argoproj_argocd_v2.5.13.html index 9e07b1eeca83b..aa83bd3d9a4ea 100644 --- a/docs/snyk/v2.6.3/quay.io_argoproj_argocd_v2.6.3.html +++ b/docs/snyk/v2.5.13/quay.io_argoproj_argocd_v2.5.13.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,19 +456,19 @@

    Snyk test report

    -

    March 5th 2023, 12:20:53 am

    +

    March 12th 2023, 12:20:26 am

    Scanned the following paths:
      -
    • quay.io/argoproj/argocd:v2.6.3/argoproj/argocd (deb)
    • quay.io/argoproj/argocd:v2.6.3/argoproj/argo-cd/v2 (gomodules)
    • quay.io/argoproj/argocd:v2.6.3/kustomize/kustomize/v4 (gomodules)
    • quay.io/argoproj/argocd:v2.6.3/helm/v3 (gomodules)
    • quay.io/argoproj/argocd:v2.6.3/git-lfs/git-lfs (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.5.13/argoproj/argocd (deb)
    • quay.io/argoproj/argocd:v2.5.13/argoproj/argo-cd/v2 (gomodules)
    • quay.io/argoproj/argocd:v2.5.13/kustomize/kustomize/v4 (gomodules)
    • quay.io/argoproj/argocd:v2.5.13/helm/v3 (gomodules)
    • quay.io/argoproj/argocd:v2.5.13/git-lfs/git-lfs (gomodules)
    24 known vulnerabilities
    -
    107 vulnerable dependency paths
    -
    2063 dependencies
    +
    98 vulnerable dependency paths
    +
    2047 dependencies
    @@ -525,8 +525,8 @@

    Detailed paths

    Overview

    -

    gopkg.in/yaml.v3 is a YAML support package for the Go language.

    -

    Affected versions of this package are vulnerable to Denial of Service (DoS) via the Unmarshal function, which causes the program to crash when attempting to deserialize invalid input.

    +

    gopkg.in/yaml.v3 is a YAML support package for the Go language. + Affected versions of this package are vulnerable to Denial of Service (DoS) via the Unmarshal function, which causes the program to crash when attempting to deserialize invalid input.

    PoC

    package main
         
@@ -615,8 +615,8 @@ 
    Detailed paths
    
               
    
               
               
    Overview
    
-        
    gopkg.in/yaml.v3 is a YAML support package for the Go language.
    
-        
    Affected versions of this package are vulnerable to NULL Pointer Dereference when parsing #\n-\n-\n0 via the parserc.go parser.
    
+        
    gopkg.in/yaml.v3 is a YAML support package for the Go language.
+        Affected versions of this package are vulnerable to NULL Pointer Dereference when parsing #\n-\n-\n0 via the parserc.go parser.
    
         
    PoC
    
         
    package main
         
@@ -661,12 +661,12 @@ 
    Denial of Service (DoS)
    
                     
  • 
                             Vulnerable module:
         
-                            golang.org/x/net/http2
+                            golang.org/x/net/http2/hpack
                     
    • 
         
                     
  • Introduced through:
         
-                                github.com/argoproj/argo-cd/v2@* and golang.org/x/net/http2@v0.4.0
+                                github.com/argoproj/argo-cd/v2@* and golang.org/x/net/http2/hpack@v0.0.0-20220621193019-9d032be2e588
         
                     
    • 
                 
@@ -681,7 +681,16 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@*
                                          › 
-                                        golang.org/x/net/http2@v0.4.0
+                                        golang.org/x/net/http2/hpack@v0.0.0-20220621193019-9d032be2e588
+                                        
+                                
+        
+                            
+                                
  • 
+                                Introduced through:
+                                        sigs.k8s.io/kustomize/kustomize/v4@*
+                                         › 
+                                        golang.org/x/net/http2/hpack@v0.0.0-20220127200216-cd36cc0744dd
                                         
                                 
         
@@ -690,7 +699,7 @@ 
    Detailed paths
    
                                 Introduced through:
                                         helm.sh/helm/v3@*
                                          › 
-                                        golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b
+                                        golang.org/x/net/http2/hpack@v0.0.0-20220722155237-a158d28d115b
                                         
                                 
         
@@ -702,7 +711,6 @@ 
    Detailed paths
    
               
    
               
               
    Overview
    
-        
    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.
    
         
    Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.
    
         
    Details
    
         
    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.
    
@@ -717,7 +725,7 @@ 
    Details
    
         
    • 
         
         
    Remediation
    
-        
    Upgrade golang.org/x/net/http2 to version 0.7.0 or higher.
    
+        
    Upgrade golang.org/x/net/http2/hpack to version 0.7.0 or higher.
    
         
    References
    @@ -755,7 +763,7 @@

    Denial of Service

  • Introduced through: - helm.sh/helm/v3@* and golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b + github.com/argoproj/argo-cd/v2@* and golang.org/x/net/http2@v0.0.0-20220621193019-9d032be2e588
    • @@ -766,6 +774,15 @@

    Denial of Service

    Detailed paths

      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@* + › + golang.org/x/net/http2@v0.0.0-20220621193019-9d032be2e588 + + + +
    • Introduced through: helm.sh/helm/v3@* @@ -782,8 +799,8 @@

      Detailed paths

      Overview

      -

      golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

      -

      Affected versions of this package are vulnerable to Denial of Service as an HTTP/2 connection can hang during closing if a shutdown was preempted by a fatal error.

      +

      golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go. + Affected versions of this package are vulnerable to Denial of Service as an HTTP/2 connection can hang during closing if a shutdown was preempted by a fatal error.

      Remediation

      Upgrade golang.org/x/net/http2 to version 0.0.0-20220906165146-f3363e06e74c, 1.18.6, 1.19.1 or higher.

      References

      @@ -799,30 +816,30 @@

      References

    -
    -

    Out-of-bounds Read

    +
    +

    Denial of Service (DoS)

    -
    - medium severity +
    + high severity
    • - Package Manager: ubuntu:22.04 + Package Manager: golang
    • Vulnerable module: - tar + golang.org/x/net/http2
    • Introduced through: + github.com/argoproj/argo-cd/v2@* and golang.org/x/net/http2@v0.0.0-20220621193019-9d032be2e588 - docker-image|quay.io/argoproj/argocd@v2.6.3, meta-common-packages@meta and others
    @@ -834,11 +851,18 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + github.com/argoproj/argo-cd/v2@* › - meta-common-packages@meta + golang.org/x/net/http2@v0.0.0-20220621193019-9d032be2e588 + + + +
      • +
    • + Introduced through: + helm.sh/helm/v3@* › - tar@1.34+dfsg-1build3 + golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b @@ -849,28 +873,40 @@

      Detailed paths

      -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream tar package and not the tar package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters.

      +

      Overview

      +

      golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go. + Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

      +

      Details

      +

      Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

      +

      Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

      +

      One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

      +

      When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

      +

      Two common types of DoS vulnerabilities:

      +
        +

      • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

        +
        • +

      • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

        +
        • +

      Remediation

      -

      Upgrade Ubuntu:22.04 tar to version 1.34+dfsg-1ubuntu0.1.22.04.1 or higher.

      +

      Upgrade golang.org/x/net/http2 to version 0.7.0 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    Off-by-one Error

    +

    Denial of Service (DoS)

    @@ -881,17 +917,17 @@

    Off-by-one Error

    • - Package Manager: ubuntu:22.04 + Package Manager: golang
    • Vulnerable module: - systemd/libsystemd0 + gopkg.in/yaml.v2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 and systemd/libsystemd0@249.11-0ubuntu3.6 + github.com/argoproj/argo-cd/v2@* and gopkg.in/yaml.v2@v2.2.4
    @@ -904,110 +940,9 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 - › - systemd/libsystemd0@249.11-0ubuntu3.6 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 - › - apt@2.4.8 - › - systemd/libsystemd0@249.11-0ubuntu3.6 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 - › - procps/libprocps8@2:3.3.17-6ubuntu2 - › - systemd/libsystemd0@249.11-0ubuntu3.6 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 - › - util-linux@2.37.2-4ubuntu3 - › - systemd/libsystemd0@249.11-0ubuntu3.6 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 - › - util-linux/bsdutils@1:2.37.2-4ubuntu3 - › - systemd/libsystemd0@249.11-0ubuntu3.6 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 - › - apt@2.4.8 - › - apt/libapt-pkg6.0@2.4.8 - › - systemd/libsystemd0@249.11-0ubuntu3.6 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 - › - systemd/libudev1@249.11-0ubuntu3.6 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 - › - libfido2/libfido2-1@1.10.0-1 - › - systemd/libudev1@249.11-0ubuntu3.6 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 - › - util-linux@2.37.2-4ubuntu3 - › - systemd/libudev1@249.11-0ubuntu3.6 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 - › - apt@2.4.8 - › - apt/libapt-pkg6.0@2.4.8 + github.com/argoproj/argo-cd/v2@* › - systemd/libudev1@249.11-0ubuntu3.6 + gopkg.in/yaml.v2@v2.2.4 @@ -1018,26 +953,34 @@

      Detailed paths

      -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream systemd package and not the systemd package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.

      +

      Overview

      +

      gopkg.in/yaml.v2 is a YAML support package for the Go language. + Affected versions of this package are vulnerable to Denial of Service (DoS). It is possible for authorized users to send malicious YAML payloads to cause kube-apiserver to consume excessive CPU cycles while parsing YAML.

      +

      Details

      +

      Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

      +

      Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

      +

      One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

      +

      When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

      +

      Two common types of DoS vulnerabilities:

      +
        +

      • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

        +
        • +

      • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

        +
        • +

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 systemd.

      +

      Upgrade gopkg.in/yaml.v2 to version 2.2.8 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    @@ -1140,7 +1083,7 @@

    Incorrect Privilege Assignment

  • Introduced through: - helm.sh/helm/v3@* and golang.org/x/sys/unix@v0.0.0-20220722155257-8c9f86f7a55f + github.com/argoproj/argo-cd/v2@* and golang.org/x/sys/unix@v0.0.0-20220520151302-bc2c85ada10a
    • @@ -1151,6 +1094,15 @@

    Incorrect Privilege Assignment

    Detailed paths

      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@* + › + golang.org/x/sys/unix@v0.0.0-20220520151302-bc2c85ada10a + + + +
    • Introduced through: helm.sh/helm/v3@* @@ -1205,7 +1157,7 @@

      Denial of Service (DoS)

    • Introduced through: - helm.sh/helm/v3@* and golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b + github.com/argoproj/argo-cd/v2@* and golang.org/x/net/http2@v0.0.0-20220621193019-9d032be2e588
    @@ -1216,6 +1168,15 @@

    Denial of Service (DoS)

    Detailed paths

      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@* + › + golang.org/x/net/http2@v0.0.0-20220621193019-9d032be2e588 + + + +
    • Introduced through: helm.sh/helm/v3@* @@ -1232,8 +1193,8 @@

      Detailed paths

      Overview

      -

      golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

      -

      Affected versions of this package are vulnerable to Denial of Service (DoS) due to improper checks and limitations for the number of entries in the cache, which can allow an attacker to consume unbounded amounts of memory by sending a small number of very large keys.

      +

      golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go. + Affected versions of this package are vulnerable to Denial of Service (DoS) due to improper checks and limitations for the number of entries in the cache, which can allow an attacker to consume unbounded amounts of memory by sending a small number of very large keys.

      Details

      Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

      Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

      @@ -1264,7 +1225,7 @@

      References

    -

    Information Exposure

    +

    Improper Input Validation

    @@ -1275,17 +1236,17 @@

    Information Exposure

    • - Package Manager: ubuntu:22.04 + Package Manager: golang
    • Vulnerable module: - gnutls28/libgnutls30 + go.mongodb.org/mongo-driver/bson/bsonrw
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 and gnutls28/libgnutls30@3.7.3-4ubuntu1.1 + github.com/argoproj/argo-cd/v2@* and go.mongodb.org/mongo-driver/bson/bsonrw@v1.1.2
    @@ -1298,74 +1259,9 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 - › - gnutls28/libgnutls30@3.7.3-4ubuntu1.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 - › - apt@2.4.8 - › - gnutls28/libgnutls30@3.7.3-4ubuntu1.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 - › - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - › - gnutls28/libgnutls30@3.7.3-4ubuntu1.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 - › - git@1:2.34.1-1ubuntu1.8 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.8 - › - gnutls28/libgnutls30@3.7.3-4ubuntu1.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 - › - git@1:2.34.1-1ubuntu1.8 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.8 - › - openldap/libldap-2.5-0@2.5.13+dfsg-0ubuntu0.22.04.1 - › - gnutls28/libgnutls30@3.7.3-4ubuntu1.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 - › - git@1:2.34.1-1ubuntu1.8 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.8 - › - rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build4 + github.com/argoproj/argo-cd/v2@* › - gnutls28/libgnutls30@3.7.3-4ubuntu1.1 + go.mongodb.org/mongo-driver/bson/bsonrw@v1.1.2 @@ -1376,26 +1272,22 @@

      Detailed paths

      -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.

      +

      Overview

      +

      go.mongodb.org/mongo-driver/bson/bsonrw is a The MongoDB supported driver for Go. + Affected versions of this package are vulnerable to Improper Input Validation. Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents.

      Remediation

      -

      Upgrade Ubuntu:22.04 gnutls28 to version 3.7.3-4ubuntu1.2 or higher.

      +

      Upgrade go.mongodb.org/mongo-driver/bson/bsonrw to version 1.5.1 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    @@ -1422,7 +1314,7 @@

    CVE-2022-46908

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3, gnupg2/gpg@2.2.27-3ubuntu2.1 and others + docker-image|quay.io/argoproj/argocd@v2.5.13, gnupg2/gpg@2.2.27-3ubuntu2.1 and others
    • @@ -1434,7 +1326,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › gnupg2/gpg@2.2.27-3ubuntu2.1 › @@ -1493,7 +1385,7 @@

      Uncontrolled Recursion

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 + docker-image|quay.io/argoproj/argocd@v2.5.13 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1
    @@ -1506,7 +1398,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 @@ -1515,7 +1407,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › grep@3.7-1build1 › @@ -1575,7 +1467,7 @@

      Release of Invalid Pointer or Reference

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 and patch@2.7.6-7build2 + docker-image|quay.io/argoproj/argocd@v2.5.13 and patch@2.7.6-7build2
    @@ -1588,7 +1480,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › patch@2.7.6-7build2 @@ -1642,7 +1534,7 @@

      Double Free

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 and patch@2.7.6-7build2 + docker-image|quay.io/argoproj/argocd@v2.5.13 and patch@2.7.6-7build2
    @@ -1655,7 +1547,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › patch@2.7.6-7build2 @@ -1714,7 +1606,7 @@

      Improper Locking

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 and openssl/libssl3@3.0.2-0ubuntu1.8 + docker-image|quay.io/argoproj/argocd@v2.5.13 and openssl/libssl3@3.0.2-0ubuntu1.8
    @@ -1727,7 +1619,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › openssl/libssl3@3.0.2-0ubuntu1.8 @@ -1736,9 +1628,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.1 + cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 › openssl/libssl3@3.0.2-0ubuntu1.8 @@ -1747,7 +1639,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › libfido2/libfido2-1@1.10.0-1 › @@ -1758,7 +1650,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › openssh/openssh-client@1:8.9p1-3ubuntu0.1 › @@ -1769,7 +1661,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › ca-certificates@20211016ubuntu0.22.04.1 › @@ -1782,7 +1674,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › git@1:2.34.1-1ubuntu1.8 › @@ -1797,7 +1689,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › adduser@3.118ubuntu5 › @@ -1820,7 +1712,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › openssl@3.0.2-0ubuntu1.8 @@ -1829,7 +1721,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › ca-certificates@20211016ubuntu0.22.04.1 › @@ -1886,7 +1778,7 @@

      Improper Privilege Management

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 and openssh/openssh-client@1:8.9p1-3ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.5.13 and openssh/openssh-client@1:8.9p1-3ubuntu0.1
    @@ -1899,7 +1791,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › openssh/openssh-client@1:8.9p1-3ubuntu0.1 @@ -1964,7 +1856,7 @@

      Information Exposure

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 and openssh/openssh-client@1:8.9p1-3ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.5.13 and openssh/openssh-client@1:8.9p1-3ubuntu0.1
    @@ -1977,7 +1869,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › openssh/openssh-client@1:8.9p1-3ubuntu0.1 @@ -2038,7 +1930,7 @@

      Out-of-bounds Read

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 and ncurses/libtinfo6@6.3-2 + docker-image|quay.io/argoproj/argocd@v2.5.13 and ncurses/libtinfo6@6.3-2
    @@ -2051,7 +1943,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › ncurses/libtinfo6@6.3-2 @@ -2060,7 +1952,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › bash@5.1-6ubuntu1 › @@ -2071,7 +1963,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › ncurses/libncursesw6@6.3-2 › @@ -2082,7 +1974,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › less@590-1ubuntu0.22.04.1 › @@ -2093,7 +1985,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › libedit/libedit2@3.1-20210910-1build1 › @@ -2104,7 +1996,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › ncurses/libncurses6@6.3-2 › @@ -2115,7 +2007,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › ncurses/ncurses-bin@6.3-2 › @@ -2126,7 +2018,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › procps@2:3.3.17-6ubuntu2 › @@ -2137,7 +2029,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › util-linux@2.37.2-4ubuntu3 › @@ -2148,7 +2040,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › gnupg2/gpg@2.2.27-3ubuntu2.1 › @@ -2163,7 +2055,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -2178,7 +2070,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › ncurses/libncursesw6@6.3-2 @@ -2187,7 +2079,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › procps@2:3.3.17-6ubuntu2 › @@ -2198,7 +2090,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -2213,7 +2105,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › ncurses/libncurses6@6.3-2 @@ -2222,7 +2114,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › procps@2:3.3.17-6ubuntu2 › @@ -2233,7 +2125,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › ncurses/ncurses-base@6.3-2 @@ -2242,7 +2134,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › ncurses/ncurses-bin@6.3-2 @@ -2300,7 +2192,7 @@

      Integer Overflow or Wraparound

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 and krb5/libk5crypto3@1.19.2-2ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.5.13 and krb5/libk5crypto3@1.19.2-2ubuntu0.1
    @@ -2313,7 +2205,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › krb5/libk5crypto3@1.19.2-2ubuntu0.1 @@ -2322,7 +2214,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › adduser@3.118ubuntu5 › @@ -2343,7 +2235,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › adduser@3.118ubuntu5 › @@ -2366,7 +2258,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › krb5/libkrb5-3@1.19.2-2ubuntu0.1 @@ -2375,7 +2267,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › adduser@3.118ubuntu5 › @@ -2396,7 +2288,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 @@ -2405,7 +2297,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › openssh/openssh-client@1:8.9p1-3ubuntu0.1 › @@ -2416,7 +2308,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › git@1:2.34.1-1ubuntu1.8 › @@ -2429,7 +2321,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › git@1:2.34.1-1ubuntu1.8 › @@ -2444,7 +2336,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › adduser@3.118ubuntu5 › @@ -2463,7 +2355,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › meta-common-packages@meta › @@ -2522,7 +2414,7 @@

      Out-of-bounds Write

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 and gnupg2/gpgv@2.2.27-3ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.5.13 and gnupg2/gpgv@2.2.27-3ubuntu2.1
    @@ -2535,7 +2427,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -2544,7 +2436,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › apt@2.4.8 › @@ -2555,7 +2447,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -2566,7 +2458,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › gnupg2/dirmngr@2.2.27-3ubuntu2.1 › @@ -2577,7 +2469,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › gnupg2/gpg@2.2.27-3ubuntu2.1 › @@ -2588,7 +2480,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -2601,7 +2493,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -2614,7 +2506,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -2623,7 +2515,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -2634,7 +2526,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -2647,7 +2539,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1 @@ -2656,7 +2548,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -2667,7 +2559,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 @@ -2676,7 +2568,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -2687,7 +2579,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -2696,7 +2588,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -2707,7 +2599,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -2720,7 +2612,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -2733,7 +2625,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › gnupg2/gpg-agent@2.2.27-3ubuntu2.1 @@ -2742,7 +2634,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -2753,7 +2645,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -2766,7 +2658,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -2779,7 +2671,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 @@ -2788,7 +2680,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -2799,7 +2691,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 @@ -2808,7 +2700,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -2819,7 +2711,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › gnupg2/gpgsm@2.2.27-3ubuntu2.1 @@ -2828,7 +2720,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -2839,7 +2731,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2897,7 +2789,7 @@

      Allocation of Resources Without Limits or Throttling

      Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 and glibc/libc-bin@2.35-0ubuntu3.1 + docker-image|quay.io/argoproj/argocd@v2.5.13 and glibc/libc-bin@2.35-0ubuntu3.1
    @@ -2910,7 +2802,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › glibc/libc-bin@2.35-0ubuntu3.1 @@ -2919,7 +2811,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › meta-common-packages@meta › @@ -2978,7 +2870,7 @@

      Improper Input Validation

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3, git@1:2.34.1-1ubuntu1.8 and others + docker-image|quay.io/argoproj/argocd@v2.5.13, git@1:2.34.1-1ubuntu1.8 and others
    @@ -2990,7 +2882,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › git@1:2.34.1-1ubuntu1.8 › @@ -3001,7 +2893,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › git@1:2.34.1-1ubuntu1.8 @@ -3010,7 +2902,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › git-lfs@3.0.2-1ubuntu0.1 › @@ -3067,7 +2959,7 @@

      Improper Input Validation

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 and coreutils@8.32-4.1ubuntu1 + docker-image|quay.io/argoproj/argocd@v2.5.13 and coreutils@8.32-4.1ubuntu1
    @@ -3080,7 +2972,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › coreutils@8.32-4.1ubuntu1 @@ -3137,7 +3029,7 @@

      Out-of-bounds Write

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 and bash@5.1-6ubuntu1 + docker-image|quay.io/argoproj/argocd@v2.5.13 and bash@5.1-6ubuntu1
    @@ -3150,7 +3042,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.3 + docker-image|quay.io/argoproj/argocd@v2.5.13 › bash@5.1-6ubuntu1 diff --git a/docs/snyk/v2.5.13/redis_7.0.8-alpine.html b/docs/snyk/v2.5.13/redis_7.0.8-alpine.html new file mode 100644 index 0000000000000..e96688eb553a5 --- /dev/null +++ b/docs/snyk/v2.5.13/redis_7.0.8-alpine.html @@ -0,0 +1,492 @@ + + + + + + + + + Snyk test report + + + + + + + + + +
      +
      +
      +
      + + + Snyk - Open Source Security + + + + + + + +
      +

      Snyk test report

      + +

      March 12th 2023, 12:20:30 am

      +
      +
      + Scanned the following path: +
        +
      • redis:7.0.8-alpine (apk)
        • +
      +
      + +
      +
      0 known vulnerabilities
      +
      0 vulnerable dependency paths
      +
      18 dependencies
      +
      +
      +
      +
      +
      + + + + + + + +
      Project docker-image|redis
      Path redis:7.0.8-alpine
      Package Manager apk
      +
      +
      + No known vulnerabilities detected. +
      +
      + + + diff --git a/docs/snyk/v2.6.3/haproxy_2.6.2-alpine.html b/docs/snyk/v2.6.3/haproxy_2.6.2-alpine.html deleted file mode 100644 index 1ba7575a330db..0000000000000 --- a/docs/snyk/v2.6.3/haproxy_2.6.2-alpine.html +++ /dev/null @@ -1,1109 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
      -
      -
      -
      - - - Snyk - Open Source Security - - - - - - - -
      -

      Snyk test report

      - -

      March 5th 2023, 12:20:23 am

      -
      -
      - Scanned the following path: -
        -
      • haproxy:2.6.2-alpine (apk)
        • -
      -
      - -
      -
      4 known vulnerabilities
      -
      36 vulnerable dependency paths
      -
      17 dependencies
      -
      -
      -
      -
      -
      - - - - - - - -
      Project docker-image|haproxy
      Path haproxy:2.6.2-alpine
      Package Manager apk
      -
      -
      -
      -
      -

      Double Free

      -
      - -
      - high severity -
      - -
      - -
        -
      • - Package Manager: alpine:3.16 -
        • -
      • - Vulnerable module: - - openssl/libcrypto1.1 -
        • - -
      • Introduced through: - - docker-image|haproxy@2.6.2-alpine and openssl/libcrypto1.1@1.1.1q-r0 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|haproxy@2.6.2-alpine - › - openssl/libcrypto1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.2-alpine - › - openssl/libssl1.1@1.1.1q-r0 - › - openssl/libcrypto1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.2-alpine - › - .haproxy-rundeps@20220809.192310 - › - openssl/libcrypto1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.2-alpine - › - apk-tools/apk-tools@2.12.9-r3 - › - openssl/libcrypto1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.2-alpine - › - busybox/ssl_client@1.35.0-r17 - › - openssl/libcrypto1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.2-alpine - › - openssl/libssl1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.2-alpine - › - .haproxy-rundeps@20220809.192310 - › - openssl/libssl1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.2-alpine - › - apk-tools/apk-tools@2.12.9-r3 - › - openssl/libssl1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.2-alpine - › - busybox/ssl_client@1.35.0-r17 - › - openssl/libssl1.1@1.1.1q-r0 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.16. - See How to fix? for Alpine:3.16 relevant fixed versions and status.

      -

      The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue.

      -

      Remediation

      -

      Upgrade Alpine:3.16 openssl to version 1.1.1t-r0 or higher.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -

      Access of Resource Using Incompatible Type ('Type Confusion')

      -
      - -
      - high severity -
      - -
      - -
        -
      • - Package Manager: alpine:3.16 -
        • -
      • - Vulnerable module: - - openssl/libcrypto1.1 -
        • - -
      • Introduced through: - - docker-image|haproxy@2.6.2-alpine and openssl/libcrypto1.1@1.1.1q-r0 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|haproxy@2.6.2-alpine - › - openssl/libcrypto1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.2-alpine - › - openssl/libssl1.1@1.1.1q-r0 - › - openssl/libcrypto1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.2-alpine - › - .haproxy-rundeps@20220809.192310 - › - openssl/libcrypto1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.2-alpine - › - apk-tools/apk-tools@2.12.9-r3 - › - openssl/libcrypto1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.2-alpine - › - busybox/ssl_client@1.35.0-r17 - › - openssl/libcrypto1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.2-alpine - › - openssl/libssl1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.2-alpine - › - .haproxy-rundeps@20220809.192310 - › - openssl/libssl1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.2-alpine - › - apk-tools/apk-tools@2.12.9-r3 - › - openssl/libssl1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.2-alpine - › - busybox/ssl_client@1.35.0-r17 - › - openssl/libssl1.1@1.1.1q-r0 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.16. - See How to fix? for Alpine:3.16 relevant fixed versions and status.

      -

      There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.

      -

      Remediation

      -

      Upgrade Alpine:3.16 openssl to version 1.1.1t-r0 or higher.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -

      Use After Free

      -
      - -
      - high severity -
      - -
      - -
        -
      • - Package Manager: alpine:3.16 -
        • -
      • - Vulnerable module: - - openssl/libcrypto1.1 -
        • - -
      • Introduced through: - - docker-image|haproxy@2.6.2-alpine and openssl/libcrypto1.1@1.1.1q-r0 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|haproxy@2.6.2-alpine - › - openssl/libcrypto1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.2-alpine - › - openssl/libssl1.1@1.1.1q-r0 - › - openssl/libcrypto1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.2-alpine - › - .haproxy-rundeps@20220809.192310 - › - openssl/libcrypto1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.2-alpine - › - apk-tools/apk-tools@2.12.9-r3 - › - openssl/libcrypto1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.2-alpine - › - busybox/ssl_client@1.35.0-r17 - › - openssl/libcrypto1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.2-alpine - › - openssl/libssl1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.2-alpine - › - .haproxy-rundeps@20220809.192310 - › - openssl/libssl1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.2-alpine - › - apk-tools/apk-tools@2.12.9-r3 - › - openssl/libssl1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.2-alpine - › - busybox/ssl_client@1.35.0-r17 - › - openssl/libssl1.1@1.1.1q-r0 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.16. - See How to fix? for Alpine:3.16 relevant fixed versions and status.

      -

      The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL cms and smime command line applications are similarly affected.

      -

      Remediation

      -

      Upgrade Alpine:3.16 openssl to version 1.1.1t-r0 or higher.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -

      CVE-2022-4304

      -
      - -
      - medium severity -
      - -
      - -
        -
      • - Package Manager: alpine:3.16 -
        • -
      • - Vulnerable module: - - openssl/libcrypto1.1 -
        • - -
      • Introduced through: - - docker-image|haproxy@2.6.2-alpine and openssl/libcrypto1.1@1.1.1q-r0 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|haproxy@2.6.2-alpine - › - openssl/libcrypto1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.2-alpine - › - openssl/libssl1.1@1.1.1q-r0 - › - openssl/libcrypto1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.2-alpine - › - .haproxy-rundeps@20220809.192310 - › - openssl/libcrypto1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.2-alpine - › - apk-tools/apk-tools@2.12.9-r3 - › - openssl/libcrypto1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.2-alpine - › - busybox/ssl_client@1.35.0-r17 - › - openssl/libcrypto1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.2-alpine - › - openssl/libssl1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.2-alpine - › - .haproxy-rundeps@20220809.192310 - › - openssl/libssl1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.2-alpine - › - apk-tools/apk-tools@2.12.9-r3 - › - openssl/libssl1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.2-alpine - › - busybox/ssl_client@1.35.0-r17 - › - openssl/libssl1.1@1.1.1q-r0 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.16. - See How to fix? for Alpine:3.16 relevant fixed versions and status.

      -

      A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.

      -

      Remediation

      -

      Upgrade Alpine:3.16 openssl to version 1.1.1t-r0 or higher.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -
      -
      - - - diff --git a/docs/snyk/v2.6.3/redis_7.0.7-alpine.html b/docs/snyk/v2.6.3/redis_7.0.7-alpine.html deleted file mode 100644 index 3f860a0ba90f1..0000000000000 --- a/docs/snyk/v2.6.3/redis_7.0.7-alpine.html +++ /dev/null @@ -1,1721 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
      -
      -
      -
      - - - Snyk - Open Source Security - - - - - - - -
      -

      Snyk test report

      - -

      March 5th 2023, 12:21:02 am

      -
      -
      - Scanned the following path: -
        -
      • redis:7.0.7-alpine (apk)
        • -
      -
      - -
      -
      8 known vulnerabilities
      -
      72 vulnerable dependency paths
      -
      18 dependencies
      -
      -
      -
      -
      -
      - - - - - - - -
      Project docker-image|redis
      Path redis:7.0.7-alpine
      Package Manager apk
      -
      -
      -
      -
      -

      NULL Pointer Dereference

      -
      - -
      - high severity -
      - -
      - -
        -
      • - Package Manager: alpine:3.17 -
        • -
      • - Vulnerable module: - - openssl/libcrypto3 -
        • - -
      • Introduced through: - - docker-image|redis@7.0.7-alpine and openssl/libcrypto3@3.0.7-r2 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - openssl/libssl3@3.0.7-r2 - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - .redis-rundeps@20230109.200518 - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - apk-tools/apk-tools@2.12.10-r1 - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - busybox/ssl_client@1.35.0-r29 - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - openssl/libssl3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - .redis-rundeps@20230109.200518 - › - openssl/libssl3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - apk-tools/apk-tools@2.12.10-r1 - › - openssl/libssl3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - busybox/ssl_client@1.35.0-r29 - › - openssl/libssl3@3.0.7-r2 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. - See How to fix? for Alpine:3.17 relevant fixed versions and status.

      -

      A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail. There is a missing check for the return value from the initialization function which later leads to invalid usage of the digest API most likely leading to a crash. The unavailability of an algorithm can be caused by using FIPS enabled configuration of providers or more commonly by not loading the legacy provider. PKCS7 data is processed by the SMIME library calls and also by the time stamp (TS) library calls. The TLS implementation in OpenSSL does not call these functions however third party applications would be affected if they call these functions to verify signatures on untrusted data.

      -

      Remediation

      -

      Upgrade Alpine:3.17 openssl to version 3.0.8-r0 or higher.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -

      Use After Free

      -
      - -
      - high severity -
      - -
      - -
        -
      • - Package Manager: alpine:3.17 -
        • -
      • - Vulnerable module: - - openssl/libcrypto3 -
        • - -
      • Introduced through: - - docker-image|redis@7.0.7-alpine and openssl/libcrypto3@3.0.7-r2 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - openssl/libssl3@3.0.7-r2 - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - .redis-rundeps@20230109.200518 - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - apk-tools/apk-tools@2.12.10-r1 - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - busybox/ssl_client@1.35.0-r29 - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - openssl/libssl3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - .redis-rundeps@20230109.200518 - › - openssl/libssl3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - apk-tools/apk-tools@2.12.10-r1 - › - openssl/libssl3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - busybox/ssl_client@1.35.0-r29 - › - openssl/libssl3@3.0.7-r2 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. - See How to fix? for Alpine:3.17 relevant fixed versions and status.

      -

      The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL cms and smime command line applications are similarly affected.

      -

      Remediation

      -

      Upgrade Alpine:3.17 openssl to version 3.0.8-r0 or higher.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -

      Access of Resource Using Incompatible Type ('Type Confusion')

      -
      - -
      - high severity -
      - -
      - -
        -
      • - Package Manager: alpine:3.17 -
        • -
      • - Vulnerable module: - - openssl/libcrypto3 -
        • - -
      • Introduced through: - - docker-image|redis@7.0.7-alpine and openssl/libcrypto3@3.0.7-r2 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - openssl/libssl3@3.0.7-r2 - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - .redis-rundeps@20230109.200518 - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - apk-tools/apk-tools@2.12.10-r1 - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - busybox/ssl_client@1.35.0-r29 - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - openssl/libssl3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - .redis-rundeps@20230109.200518 - › - openssl/libssl3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - apk-tools/apk-tools@2.12.10-r1 - › - openssl/libssl3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - busybox/ssl_client@1.35.0-r29 - › - openssl/libssl3@3.0.7-r2 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. - See How to fix? for Alpine:3.17 relevant fixed versions and status.

      -

      There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.

      -

      Remediation

      -

      Upgrade Alpine:3.17 openssl to version 3.0.8-r0 or higher.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -

      Double Free

      -
      - -
      - high severity -
      - -
      - -
        -
      • - Package Manager: alpine:3.17 -
        • -
      • - Vulnerable module: - - openssl/libcrypto3 -
        • - -
      • Introduced through: - - docker-image|redis@7.0.7-alpine and openssl/libcrypto3@3.0.7-r2 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - openssl/libssl3@3.0.7-r2 - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - .redis-rundeps@20230109.200518 - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - apk-tools/apk-tools@2.12.10-r1 - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - busybox/ssl_client@1.35.0-r29 - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - openssl/libssl3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - .redis-rundeps@20230109.200518 - › - openssl/libssl3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - apk-tools/apk-tools@2.12.10-r1 - › - openssl/libssl3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - busybox/ssl_client@1.35.0-r29 - › - openssl/libssl3@3.0.7-r2 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. - See How to fix? for Alpine:3.17 relevant fixed versions and status.

      -

      The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue.

      -

      Remediation

      -

      Upgrade Alpine:3.17 openssl to version 3.0.8-r0 or higher.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -

      NULL Pointer Dereference

      -
      - -
      - high severity -
      - -
      - -
        -
      • - Package Manager: alpine:3.17 -
        • -
      • - Vulnerable module: - - openssl/libcrypto3 -
        • - -
      • Introduced through: - - docker-image|redis@7.0.7-alpine and openssl/libcrypto3@3.0.7-r2 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - openssl/libssl3@3.0.7-r2 - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - .redis-rundeps@20230109.200518 - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - apk-tools/apk-tools@2.12.10-r1 - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - busybox/ssl_client@1.35.0-r29 - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - openssl/libssl3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - .redis-rundeps@20230109.200518 - › - openssl/libssl3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - apk-tools/apk-tools@2.12.10-r1 - › - openssl/libssl3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - busybox/ssl_client@1.35.0-r29 - › - openssl/libssl3@3.0.7-r2 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. - See How to fix? for Alpine:3.17 relevant fixed versions and status.

      -

      An invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the d2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions. The result of the dereference is an application crash which could lead to a denial of service attack. The TLS implementation in OpenSSL does not call this function however third party applications might call these functions on untrusted data.

      -

      Remediation

      -

      Upgrade Alpine:3.17 openssl to version 3.0.8-r0 or higher.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -

      NULL Pointer Dereference

      -
      - -
      - high severity -
      - -
      - -
        -
      • - Package Manager: alpine:3.17 -
        • -
      • - Vulnerable module: - - openssl/libcrypto3 -
        • - -
      • Introduced through: - - docker-image|redis@7.0.7-alpine and openssl/libcrypto3@3.0.7-r2 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - openssl/libssl3@3.0.7-r2 - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - .redis-rundeps@20230109.200518 - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - apk-tools/apk-tools@2.12.10-r1 - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - busybox/ssl_client@1.35.0-r29 - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - openssl/libssl3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - .redis-rundeps@20230109.200518 - › - openssl/libssl3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - apk-tools/apk-tools@2.12.10-r1 - › - openssl/libssl3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - busybox/ssl_client@1.35.0-r29 - › - openssl/libssl3@3.0.7-r2 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. - See How to fix? for Alpine:3.17 relevant fixed versions and status.

      -

      An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVP_PKEY_public_check() function. This will most likely lead to an application crash. This function can be called on public keys supplied from untrusted sources which could allow an attacker to cause a denial of service attack. The TLS implementation in OpenSSL does not call this function but applications might call the function if there are additional security requirements imposed by standards such as FIPS 140-3.

      -

      Remediation

      -

      Upgrade Alpine:3.17 openssl to version 3.0.8-r0 or higher.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -

      CVE-2022-4304

      -
      - -
      - medium severity -
      - -
      - -
        -
      • - Package Manager: alpine:3.17 -
        • -
      • - Vulnerable module: - - openssl/libcrypto3 -
        • - -
      • Introduced through: - - docker-image|redis@7.0.7-alpine and openssl/libcrypto3@3.0.7-r2 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - openssl/libssl3@3.0.7-r2 - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - .redis-rundeps@20230109.200518 - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - apk-tools/apk-tools@2.12.10-r1 - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - busybox/ssl_client@1.35.0-r29 - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - openssl/libssl3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - .redis-rundeps@20230109.200518 - › - openssl/libssl3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - apk-tools/apk-tools@2.12.10-r1 - › - openssl/libssl3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - busybox/ssl_client@1.35.0-r29 - › - openssl/libssl3@3.0.7-r2 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. - See How to fix? for Alpine:3.17 relevant fixed versions and status.

      -

      A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.

      -

      Remediation

      -

      Upgrade Alpine:3.17 openssl to version 3.0.8-r0 or higher.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -

      CVE-2022-4203

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Package Manager: alpine:3.17 -
        • -
      • - Vulnerable module: - - openssl/libcrypto3 -
        • - -
      • Introduced through: - - docker-image|redis@7.0.7-alpine and openssl/libcrypto3@3.0.7-r2 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - openssl/libssl3@3.0.7-r2 - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - .redis-rundeps@20230109.200518 - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - apk-tools/apk-tools@2.12.10-r1 - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - busybox/ssl_client@1.35.0-r29 - › - openssl/libcrypto3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - openssl/libssl3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - .redis-rundeps@20230109.200518 - › - openssl/libssl3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - apk-tools/apk-tools@2.12.10-r1 - › - openssl/libssl3@3.0.7-r2 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.7-alpine - › - busybox/ssl_client@1.35.0-r29 - › - openssl/libssl3@3.0.7-r2 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. - See How to fix? for Alpine:3.17 relevant fixed versions and status.

      -

      A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. The read buffer overrun might result in a crash which could lead to a denial of service attack. In theory it could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext) although we are not aware of any working exploit leading to memory contents disclosure as of the time of release of this advisory. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects.

      -

      Remediation

      -

      Upgrade Alpine:3.17 openssl to version 3.0.8-r0 or higher.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -
      -
      - - - diff --git a/docs/snyk/v2.6.3/argocd-iac-install.html b/docs/snyk/v2.6.4/argocd-iac-install.html similarity index 79% rename from docs/snyk/v2.6.3/argocd-iac-install.html rename to docs/snyk/v2.6.4/argocd-iac-install.html index acf1e4d17b4e7..44de1f6d67954 100644 --- a/docs/snyk/v2.6.3/argocd-iac-install.html +++ b/docs/snyk/v2.6.4/argocd-iac-install.html @@ -456,7 +456,7 @@

      Snyk test report

      -

      March 5th 2023, 12:22:34 am

      +

      March 12th 2023, 12:19:24 am

      Scanned the following path: @@ -466,7 +466,7 @@

      Snyk test report

      -
      32 total issues
      +
      41 total issues
    @@ -2222,6 +2222,510 @@

    Remediation

    +
    +

    Container's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 42] + › + input + › + spec + › + template + › + spec + › + containers[argocd-applicationset-controller] + › + securityContext + › + runAsUser + +
      • + +
    • + Line number: 15888 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 43] + › + input + › + spec + › + template + › + spec + › + initContainers[copyutil] + › + securityContext + › + runAsUser + +
      • + +
    • + Line number: 15993 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 43] + › + input + › + spec + › + template + › + spec + › + containers[dex] + › + securityContext + › + runAsUser + +
      • + +
    • + Line number: 15968 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 44] + › + input + › + spec + › + template + › + spec + › + containers[argocd-notifications-controller] + › + securityContext + › + runAsUser + +
      • + +
    • + Line number: 16049 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 45] + › + input + › + spec + › + template + › + spec + › + containers[redis] + › + securityContext + › + runAsUser + +
      • + +
    • + Line number: 16125 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 46] + › + input + › + spec + › + template + › + spec + › + initContainers[copyutil] + › + securityContext + › + runAsUser + +
      • + +
    • + Line number: 16356 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 46] + › + input + › + spec + › + template + › + spec + › + containers[argocd-repo-server] + › + securityContext + › + runAsUser + +
      • + +
    • + Line number: 16322 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 47] + › + input + › + spec + › + template + › + spec + › + containers[argocd-server] + › + securityContext + › + runAsUser + +
      • + +
    • + Line number: 16648 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 48] + › + input + › + spec + › + template + › + spec + › + containers[argocd-application-controller] + › + securityContext + › + runAsUser + +
      • + +
    • + Line number: 16874 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    diff --git a/docs/snyk/v2.6.3/argocd-iac-namespace-install.html b/docs/snyk/v2.6.4/argocd-iac-namespace-install.html similarity index 79% rename from docs/snyk/v2.6.3/argocd-iac-namespace-install.html rename to docs/snyk/v2.6.4/argocd-iac-namespace-install.html index 8b43c35a7b92a..7314d6ca049df 100644 --- a/docs/snyk/v2.6.3/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.6.4/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    March 5th 2023, 12:22:45 am

    +

    March 12th 2023, 12:19:36 am

    Scanned the following path: @@ -466,7 +466,7 @@

    Snyk test report

    -
    32 total issues
    +
    41 total issues
    @@ -2222,6 +2222,510 @@

    Remediation

    +
    +

    Container's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 35] + › + input + › + spec + › + template + › + spec + › + containers[argocd-applicationset-controller] + › + securityContext + › + runAsUser + +
      • + +
    • + Line number: 692 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 36] + › + input + › + spec + › + template + › + spec + › + initContainers[copyutil] + › + securityContext + › + runAsUser + +
      • + +
    • + Line number: 797 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 36] + › + input + › + spec + › + template + › + spec + › + containers[dex] + › + securityContext + › + runAsUser + +
      • + +
    • + Line number: 772 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 37] + › + input + › + spec + › + template + › + spec + › + containers[argocd-notifications-controller] + › + securityContext + › + runAsUser + +
      • + +
    • + Line number: 853 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 38] + › + input + › + spec + › + template + › + spec + › + containers[redis] + › + securityContext + › + runAsUser + +
      • + +
    • + Line number: 929 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 39] + › + input + › + spec + › + template + › + spec + › + initContainers[copyutil] + › + securityContext + › + runAsUser + +
      • + +
    • + Line number: 1160 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 39] + › + input + › + spec + › + template + › + spec + › + containers[argocd-repo-server] + › + securityContext + › + runAsUser + +
      • + +
    • + Line number: 1126 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 40] + › + input + › + spec + › + template + › + spec + › + containers[argocd-server] + › + securityContext + › + runAsUser + +
      • + +
    • + Line number: 1452 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 41] + › + input + › + spec + › + template + › + spec + › + containers[argocd-application-controller] + › + securityContext + › + runAsUser + +
      • + +
    • + Line number: 1678 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    diff --git a/docs/snyk/v2.6.3/argocd-test.html b/docs/snyk/v2.6.4/argocd-test.html similarity index 55% rename from docs/snyk/v2.6.3/argocd-test.html rename to docs/snyk/v2.6.4/argocd-test.html index 72c468da76f7f..d58ddb5546cfa 100644 --- a/docs/snyk/v2.6.3/argocd-test.html +++ b/docs/snyk/v2.6.4/argocd-test.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    March 5th 2023, 12:20:11 am

    +

    March 12th 2023, 12:17:21 am

    Scanned the following paths: @@ -466,8 +466,8 @@

    Snyk test report

    -
    1 known vulnerabilities
    -
    116 vulnerable dependency paths
    +
    2 known vulnerabilities
    +
    205 vulnerable dependency paths
    1730 dependencies
    @@ -476,6 +476,1857 @@

    Snyk test report

    +
    +

    Denial of Service (DoS)

    +
    + +
    + high severity +
    + +
    + +
      +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + golang.org/x/net/http2/hpack +
      • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, github.com/soheilhy/cmux@0.1.5 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/soheilhy/cmux@0.1.5 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/soheilhy/cmux@0.1.5 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + google.golang.org/grpc@1.51.0 + › + google.golang.org/grpc/internal/transport@1.51.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/apimachinery/pkg/watch@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + google.golang.org/grpc@1.51.0 + › + google.golang.org/grpc/internal/transport@1.51.0 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/grpc-ecosystem/go-grpc-middleware@1.3.0 + › + google.golang.org/grpc@1.51.0 + › + google.golang.org/grpc/internal/transport@1.51.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/grpc-ecosystem/go-grpc-middleware/auth@1.3.0 + › + google.golang.org/grpc@1.51.0 + › + google.golang.org/grpc/internal/transport@1.51.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/grpc-ecosystem/go-grpc-middleware/retry@1.3.0 + › + google.golang.org/grpc@1.51.0 + › + google.golang.org/grpc/internal/transport@1.51.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 + › + google.golang.org/grpc@1.51.0 + › + google.golang.org/grpc/internal/transport@1.51.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + google.golang.org/grpc/health/grpc_health_v1@1.51.0 + › + google.golang.org/grpc@1.51.0 + › + google.golang.org/grpc/internal/transport@1.51.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.3.0 + › + google.golang.org/grpc@1.51.0 + › + google.golang.org/grpc/internal/transport@1.51.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/improbable-eng/grpc-web/go/grpcweb@#16092bd1d58a + › + google.golang.org/grpc@1.51.0 + › + google.golang.org/grpc/internal/transport@1.51.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.31.0 + › + google.golang.org/grpc@1.51.0 + › + google.golang.org/grpc/internal/transport@1.51.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.11.1 + › + google.golang.org/grpc@1.51.0 + › + google.golang.org/grpc/internal/transport@1.51.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/client-go/rest@0.24.2 + › + k8s.io/client-go/transport@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + › + k8s.io/apimachinery/pkg/watch@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/grpc-ecosystem/go-grpc-middleware@1.3.0 + › + google.golang.org/grpc@1.51.0 + › + google.golang.org/grpc/internal/transport@1.51.0 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/grpc-ecosystem/go-grpc-middleware/auth@1.3.0 + › + google.golang.org/grpc@1.51.0 + › + google.golang.org/grpc/internal/transport@1.51.0 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/grpc-ecosystem/go-grpc-middleware/retry@1.3.0 + › + google.golang.org/grpc@1.51.0 + › + google.golang.org/grpc/internal/transport@1.51.0 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 + › + google.golang.org/grpc@1.51.0 + › + google.golang.org/grpc/internal/transport@1.51.0 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + google.golang.org/grpc/health/grpc_health_v1@1.51.0 + › + google.golang.org/grpc@1.51.0 + › + google.golang.org/grpc/internal/transport@1.51.0 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.3.0 + › + google.golang.org/grpc@1.51.0 + › + google.golang.org/grpc/internal/transport@1.51.0 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/improbable-eng/grpc-web/go/grpcweb@#16092bd1d58a + › + google.golang.org/grpc@1.51.0 + › + google.golang.org/grpc/internal/transport@1.51.0 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.31.0 + › + google.golang.org/grpc@1.51.0 + › + google.golang.org/grpc/internal/transport@1.51.0 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.11.1 + › + google.golang.org/grpc@1.51.0 + › + google.golang.org/grpc/internal/transport@1.51.0 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + google.golang.org/grpc/reflection@1.51.0 + › + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.51.0 + › + google.golang.org/grpc@1.51.0 + › + google.golang.org/grpc/internal/transport@1.51.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + google.golang.org/grpc/health@1.51.0 + › + google.golang.org/grpc/health/grpc_health_v1@1.51.0 + › + google.golang.org/grpc@1.51.0 + › + google.golang.org/grpc/internal/transport@1.51.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/apimachinery/pkg/api/equality@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + › + k8s.io/apimachinery/pkg/watch@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/client-go/discovery@0.24.2 + › + k8s.io/client-go/rest@0.24.2 + › + k8s.io/client-go/transport@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/client-go/dynamic@0.24.2 + › + k8s.io/client-go/rest@0.24.2 + › + k8s.io/client-go/transport@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/client-go/transport/spdy@0.24.2 + › + k8s.io/client-go/rest@0.24.2 + › + k8s.io/client-go/transport@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/pkg/kubeclientmetrics@#44694015343d + › + k8s.io/client-go/rest@0.24.2 + › + k8s.io/client-go/transport@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/client-go/testing@0.24.2 + › + k8s.io/client-go/rest@0.24.2 + › + k8s.io/client-go/transport@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/client-go/kubernetes@0.24.2 + › + k8s.io/client-go/rest@0.24.2 + › + k8s.io/client-go/transport@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/client-go/plugin/pkg/client/auth/azure@0.24.2 + › + k8s.io/client-go/rest@0.24.2 + › + k8s.io/client-go/transport@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/client-go/plugin/pkg/client/auth/gcp@0.24.2 + › + k8s.io/client-go/rest@0.24.2 + › + k8s.io/client-go/transport@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/client-go/plugin/pkg/client/auth/oidc@0.24.2 + › + k8s.io/client-go/rest@0.24.2 + › + k8s.io/client-go/transport@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + › + k8s.io/apimachinery/pkg/watch@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/api/rbac/v1@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + › + k8s.io/apimachinery/pkg/watch@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + › + k8s.io/apimachinery/pkg/watch@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/api/core/v1@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + › + k8s.io/apimachinery/pkg/watch@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/apimachinery/pkg/api/errors@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + › + k8s.io/apimachinery/pkg/watch@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + google.golang.org/grpc/reflection@1.51.0 + › + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.51.0 + › + google.golang.org/grpc@1.51.0 + › + google.golang.org/grpc/internal/transport@1.51.0 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + google.golang.org/grpc/health@1.51.0 + › + google.golang.org/grpc/health/grpc_health_v1@1.51.0 + › + google.golang.org/grpc@1.51.0 + › + google.golang.org/grpc/internal/transport@1.51.0 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.3.0 + › + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.3.0 + › + github.com/grpc-ecosystem/go-grpc-middleware/tags@1.3.0 + › + google.golang.org/grpc@1.51.0 + › + google.golang.org/grpc/internal/transport@1.51.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/apimachinery/pkg/api/validation@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1/validation@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + › + k8s.io/apimachinery/pkg/watch@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/client-go/tools/portforward@0.24.2 + › + k8s.io/api/core/v1@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + › + k8s.io/apimachinery/pkg/watch@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/kubectl/pkg/util/openapi@0.24.2 + › + k8s.io/client-go/discovery@0.24.2 + › + k8s.io/client-go/rest@0.24.2 + › + k8s.io/client-go/transport@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/client-go/discovery/fake@0.24.2 + › + k8s.io/client-go/testing@0.24.2 + › + k8s.io/client-go/rest@0.24.2 + › + k8s.io/client-go/transport@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/client-go/kubernetes/fake@0.24.2 + › + k8s.io/client-go/testing@0.24.2 + › + k8s.io/client-go/rest@0.24.2 + › + k8s.io/client-go/transport@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/client-go/tools/remotecommand@0.24.2 + › + k8s.io/client-go/transport/spdy@0.24.2 + › + k8s.io/client-go/rest@0.24.2 + › + k8s.io/client-go/transport@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/apimachinery/pkg/util/managedfields@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + › + k8s.io/apimachinery/pkg/watch@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/gitops-engine/pkg/sync/resource@#917f5a0f16d5 + › + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + › + k8s.io/apimachinery/pkg/watch@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/gitops-engine/pkg/sync/common@#917f5a0f16d5 + › + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + › + k8s.io/apimachinery/pkg/watch@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/gitops-engine/pkg/sync/hook@#917f5a0f16d5 + › + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + › + k8s.io/apimachinery/pkg/watch@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/gitops-engine/pkg/sync/ignore@#917f5a0f16d5 + › + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + › + k8s.io/apimachinery/pkg/watch@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#917f5a0f16d5 + › + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + › + k8s.io/apimachinery/pkg/watch@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/gitops-engine/pkg/utils/testing@#917f5a0f16d5 + › + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + › + k8s.io/apimachinery/pkg/watch@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/client-go/tools/record@0.24.2 + › + k8s.io/client-go/tools/reference@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + › + k8s.io/apimachinery/pkg/watch@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/client-go/tools/cache@0.24.2 + › + k8s.io/client-go/tools/pager@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + › + k8s.io/apimachinery/pkg/watch@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.24.2 + › + k8s.io/client-go/pkg/apis/clientauthentication@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + › + k8s.io/apimachinery/pkg/watch@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + sigs.k8s.io/controller-runtime@0.11.0 + › + sigs.k8s.io/controller-runtime/pkg/scheme@0.11.0 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + › + k8s.io/apimachinery/pkg/watch@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/client-go/util/retry@0.24.2 + › + k8s.io/apimachinery/pkg/api/errors@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + › + k8s.io/apimachinery/pkg/watch@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/kubectl/pkg/util/resource@0.24.2 + › + k8s.io/api/core/v1@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + › + k8s.io/apimachinery/pkg/watch@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/gitops-engine/pkg/health@#917f5a0f16d5 + › + k8s.io/kubectl/pkg/util/podutils@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + › + k8s.io/apimachinery/pkg/watch@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.3.0 + › + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.3.0 + › + github.com/grpc-ecosystem/go-grpc-middleware/tags@1.3.0 + › + google.golang.org/grpc@1.51.0 + › + google.golang.org/grpc/internal/transport@1.51.0 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/gitops-engine/pkg/cache@#917f5a0f16d5 + › + k8s.io/kubectl/pkg/util/openapi@0.24.2 + › + k8s.io/client-go/discovery@0.24.2 + › + k8s.io/client-go/rest@0.24.2 + › + k8s.io/client-go/transport@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/gitops-engine/pkg/sync@#917f5a0f16d5 + › + k8s.io/kubectl/pkg/util/openapi@0.24.2 + › + k8s.io/client-go/discovery@0.24.2 + › + k8s.io/client-go/rest@0.24.2 + › + k8s.io/client-go/transport@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/gitops-engine/pkg/utils/kube@#917f5a0f16d5 + › + k8s.io/kubectl/pkg/util/openapi@0.24.2 + › + k8s.io/client-go/discovery@0.24.2 + › + k8s.io/client-go/rest@0.24.2 + › + k8s.io/client-go/transport@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/kubectl/pkg/util/term@0.24.2 + › + k8s.io/client-go/tools/remotecommand@0.24.2 + › + k8s.io/client-go/transport/spdy@0.24.2 + › + k8s.io/client-go/rest@0.24.2 + › + k8s.io/client-go/transport@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/apimachinery/pkg/runtime/serializer@0.24.2 + › + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + › + k8s.io/apimachinery/pkg/watch@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/client-go/listers/core/v1@0.24.2 + › + k8s.io/client-go/tools/cache@0.24.2 + › + k8s.io/client-go/tools/pager@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + › + k8s.io/apimachinery/pkg/watch@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/notifications-engine/pkg/api@#490d98afd1d6 + › + k8s.io/client-go/tools/cache@0.24.2 + › + k8s.io/client-go/tools/pager@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + › + k8s.io/apimachinery/pkg/watch@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/client-go/informers/core/v1@0.24.2 + › + k8s.io/client-go/tools/cache@0.24.2 + › + k8s.io/client-go/tools/pager@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + › + k8s.io/apimachinery/pkg/watch@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/client-go/informers@0.24.2 + › + k8s.io/client-go/tools/cache@0.24.2 + › + k8s.io/client-go/tools/pager@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + › + k8s.io/apimachinery/pkg/watch@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/notifications-engine/pkg/controller@#490d98afd1d6 + › + k8s.io/client-go/tools/cache@0.24.2 + › + k8s.io/client-go/tools/pager@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + › + k8s.io/apimachinery/pkg/watch@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.11.0 + › + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 + › + k8s.io/client-go/restmapper@0.24.2 + › + k8s.io/client-go/discovery@0.24.2 + › + k8s.io/client-go/rest@0.24.2 + › + k8s.io/client-go/transport@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/client-go/tools/clientcmd@0.24.2 + › + k8s.io/client-go/tools/clientcmd/api/latest@0.24.2 + › + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + › + k8s.io/apimachinery/pkg/watch@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + k8s.io/client-go/kubernetes/scheme@0.24.2 + › + k8s.io/apimachinery/pkg/runtime/serializer@0.24.2 + › + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + › + k8s.io/apimachinery/pkg/watch@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + sigs.k8s.io/controller-runtime/pkg/client@0.11.0 + › + sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 + › + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 + › + k8s.io/client-go/restmapper@0.24.2 + › + k8s.io/client-go/discovery@0.24.2 + › + k8s.io/client-go/rest@0.24.2 + › + k8s.io/client-go/transport@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + sigs.k8s.io/controller-runtime/pkg/cache@0.11.0 + › + sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 + › + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 + › + k8s.io/client-go/restmapper@0.24.2 + › + k8s.io/client-go/discovery@0.24.2 + › + k8s.io/client-go/rest@0.24.2 + › + k8s.io/client-go/transport@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/gitops-engine/pkg/diff@#917f5a0f16d5 + › + k8s.io/client-go/kubernetes/scheme@0.24.2 + › + k8s.io/apimachinery/pkg/runtime/serializer@0.24.2 + › + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + › + k8s.io/apimachinery/pkg/watch@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + sigs.k8s.io/controller-runtime/pkg/envtest@0.11.0 + › + sigs.k8s.io/controller-runtime/pkg/webhook/conversion@0.11.0 + › + k8s.io/apimachinery/pkg/runtime/serializer@0.24.2 + › + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + › + k8s.io/apimachinery/pkg/watch@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/notifications-engine/pkg/cmd@#490d98afd1d6 + › + k8s.io/client-go/tools/clientcmd@0.24.2 + › + k8s.io/client-go/tools/clientcmd/api/latest@0.24.2 + › + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + › + k8s.io/apimachinery/pkg/watch@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#917f5a0f16d5 + › + k8s.io/kubernetes/pkg/apis/storage/install@1.24.2 + › + k8s.io/kubernetes/pkg/apis/storage/v1beta1@1.24.2 + › + k8s.io/kubernetes/pkg/apis/storage@1.24.2 + › + k8s.io/kubernetes/pkg/apis/core@1.24.2 + › + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + › + k8s.io/apimachinery/pkg/watch@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + sigs.k8s.io/controller-runtime/pkg/event@0.11.0 + › + sigs.k8s.io/controller-runtime/pkg/client@0.11.0 + › + sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 + › + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 + › + k8s.io/client-go/restmapper@0.24.2 + › + k8s.io/client-go/discovery@0.24.2 + › + k8s.io/client-go/rest@0.24.2 + › + k8s.io/client-go/transport@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + sigs.k8s.io/controller-runtime/pkg/handler@0.11.0 + › + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.11.0 + › + sigs.k8s.io/controller-runtime/pkg/client@0.11.0 + › + sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 + › + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 + › + k8s.io/client-go/restmapper@0.24.2 + › + k8s.io/client-go/discovery@0.24.2 + › + k8s.io/client-go/rest@0.24.2 + › + k8s.io/client-go/transport@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + sigs.k8s.io/controller-runtime/pkg/source@0.11.0 + › + sigs.k8s.io/controller-runtime/pkg/source/internal@0.11.0 + › + sigs.k8s.io/controller-runtime/pkg/predicate@0.11.0 + › + sigs.k8s.io/controller-runtime/pkg/event@0.11.0 + › + sigs.k8s.io/controller-runtime/pkg/client@0.11.0 + › + sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 + › + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 + › + k8s.io/client-go/restmapper@0.24.2 + › + k8s.io/client-go/discovery@0.24.2 + › + k8s.io/client-go/rest@0.24.2 + › + k8s.io/client-go/transport@0.24.2 + › + k8s.io/apimachinery/pkg/util/net@0.24.2 + › + golang.org/x/net/http2@0.4.0 + › + golang.org/x/net/http2/hpack@0.4.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

    +

    Details

    +

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    +

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    +

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    +

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    +

    Two common types of DoS vulnerabilities:

    +
      +

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      +
      • +

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      +
      • +
    +

    Remediation

    +

    Upgrade golang.org/x/net/http2/hpack to version 0.7.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +

    Denial of Service (DoS)

    @@ -2624,8 +4475,8 @@

    Detailed paths

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    -

    Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

    +

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go. + Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

    Details

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    diff --git a/docs/snyk/v2.4.24/ghcr.io_dexidp_dex_v2.35.3.html b/docs/snyk/v2.6.4/ghcr.io_dexidp_dex_v2.35.3.html similarity index 91% rename from docs/snyk/v2.4.24/ghcr.io_dexidp_dex_v2.35.3.html rename to docs/snyk/v2.6.4/ghcr.io_dexidp_dex_v2.35.3.html index 0e88b5353bf75..4a7964a393c76 100644 --- a/docs/snyk/v2.4.24/ghcr.io_dexidp_dex_v2.35.3.html +++ b/docs/snyk/v2.6.4/ghcr.io_dexidp_dex_v2.35.3.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    March 5th 2023, 12:25:23 am

    +

    March 12th 2023, 12:17:30 am

    Scanned the following paths: @@ -466,8 +466,8 @@

    Snyk test report

    -
    8 known vulnerabilities
    -
    35 vulnerable dependency paths
    +
    9 known vulnerabilities
    +
    37 vulnerable dependency paths
    756 dependencies
    @@ -873,6 +873,94 @@

    References

    More about this vulnerability

    +
    +
    +

    Denial of Service (DoS)

    +
    + +
    + high severity +
    + +
    + +
      +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + golang.org/x/net/http2/hpack +
      • + +
    • Introduced through: + + github.com/hairyhenderson/gomplate/v3@* and golang.org/x/net/http2/hpack@v0.0.0-20220909164309-bea034e7d591 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/hairyhenderson/gomplate/v3@* + › + golang.org/x/net/http2/hpack@v0.0.0-20220909164309-bea034e7d591 + + + +
      • +
    • + Introduced through: + github.com/dexidp/dex@* + › + golang.org/x/net/http2/hpack@v0.0.0-20220927171203-f486391704dc + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

    +

    Details

    +

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    +

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    +

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    +

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    +

    Two common types of DoS vulnerabilities:

    +
      +

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      +
      • +

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      +
      • +
    +

    Remediation

    +

    Upgrade golang.org/x/net/http2/hpack to version 0.7.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    Denial of Service (DoS)

    @@ -932,8 +1020,8 @@

    Detailed paths

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    -

    Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

    +

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go. + Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

    Details

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    @@ -1293,8 +1381,8 @@

    Detailed paths

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    -

    Affected versions of this package are vulnerable to Denial of Service (DoS) due to improper checks and limitations for the number of entries in the cache, which can allow an attacker to consume unbounded amounts of memory by sending a small number of very large keys.

    +

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go. + Affected versions of this package are vulnerable to Denial of Service (DoS) due to improper checks and limitations for the number of entries in the cache, which can allow an attacker to consume unbounded amounts of memory by sending a small number of very large keys.

    Details

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    diff --git a/docs/snyk/v2.6.4/haproxy_2.6.9-alpine.html b/docs/snyk/v2.6.4/haproxy_2.6.9-alpine.html new file mode 100644 index 0000000000000..eeb007fa8d230 --- /dev/null +++ b/docs/snyk/v2.6.4/haproxy_2.6.9-alpine.html @@ -0,0 +1,492 @@ + + + + + + + + + Snyk test report + + + + + + + + + +
    +
    +
    +
    + + + Snyk - Open Source Security + + + + + + + +
    +

    Snyk test report

    + +

    March 12th 2023, 12:17:33 am

    +
    +
    + Scanned the following path: +
      +
    • haproxy:2.6.9-alpine (apk)
      • +
    +
    + +
    +
    0 known vulnerabilities
    +
    0 vulnerable dependency paths
    +
    18 dependencies
    +
    +
    +
    +
    +
    + + + + + + + +
    Project docker-image|haproxy
    Path haproxy:2.6.9-alpine
    Package Manager apk
    +
    +
    + No known vulnerabilities detected. +
    +
    + + + diff --git a/docs/snyk/v2.4.24/quay.io_argoproj_argocd_v2.4.24.html b/docs/snyk/v2.6.4/quay.io_argoproj_argocd_v2.6.4.html similarity index 74% rename from docs/snyk/v2.4.24/quay.io_argoproj_argocd_v2.4.24.html rename to docs/snyk/v2.6.4/quay.io_argoproj_argocd_v2.6.4.html index 59b799fe02c6e..7342e4feece21 100644 --- a/docs/snyk/v2.4.24/quay.io_argoproj_argocd_v2.4.24.html +++ b/docs/snyk/v2.6.4/quay.io_argoproj_argocd_v2.6.4.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,19 +456,19 @@

    Snyk test report

    -

    March 5th 2023, 12:25:54 am

    +

    March 12th 2023, 12:18:01 am

    Scanned the following paths:
      -
    • quay.io/argoproj/argocd:v2.4.24/argoproj/argocd (deb)
    • quay.io/argoproj/argocd:v2.4.24/argoproj/argo-cd/v2 (gomodules)
    • quay.io/argoproj/argocd:v2.4.24/kustomize/kustomize/v4 (gomodules)
    • quay.io/argoproj/argocd:v2.4.24/helm/v3 (gomodules)
    • quay.io/argoproj/argocd:v2.4.24/git-lfs/git-lfs (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.6.4/argoproj/argocd (deb)
    • quay.io/argoproj/argocd:v2.6.4/argoproj/argo-cd/v2 (gomodules)
    • quay.io/argoproj/argocd:v2.6.4/kustomize/kustomize/v4 (gomodules)
    • quay.io/argoproj/argocd:v2.6.4/helm/v3 (gomodules)
    • quay.io/argoproj/argocd:v2.6.4/git-lfs/git-lfs (gomodules)
    -
    29 known vulnerabilities
    -
    116 vulnerable dependency paths
    -
    1963 dependencies
    +
    22 known vulnerabilities
    +
    93 vulnerable dependency paths
    +
    2063 dependencies
    @@ -498,7 +498,7 @@

    Denial of Service (DoS)

  • Introduced through: - sigs.k8s.io/kustomize/kustomize/v4@* and gopkg.in/yaml.v3@v3.0.0-20200615113413-eeeca48fe776 + sigs.k8s.io/kustomize/kustomize/v4@* and gopkg.in/yaml.v3@v3.0.0-20210107192922-496545a6307b
    • @@ -513,15 +513,6 @@

    Detailed paths

    Introduced through: sigs.k8s.io/kustomize/kustomize/v4@* › - gopkg.in/yaml.v3@v3.0.0-20200615113413-eeeca48fe776 - - - - -
  • - Introduced through: - helm.sh/helm/v3@* - › gopkg.in/yaml.v3@v3.0.0-20210107192922-496545a6307b @@ -534,8 +525,8 @@

    Detailed paths

    Overview

    -

    gopkg.in/yaml.v3 is a YAML support package for the Go language.

    -

    Affected versions of this package are vulnerable to Denial of Service (DoS) via the Unmarshal function, which causes the program to crash when attempting to deserialize invalid input.

    +

    gopkg.in/yaml.v3 is a YAML support package for the Go language. + Affected versions of this package are vulnerable to Denial of Service (DoS) via the Unmarshal function, which causes the program to crash when attempting to deserialize invalid input.

    PoC

    package main
         
@@ -597,7 +588,7 @@ 
    NULL Pointer Dereference
    
         
                     
  • Introduced through:
         
-                                sigs.k8s.io/kustomize/kustomize/v4@* and gopkg.in/yaml.v3@v3.0.0-20200615113413-eeeca48fe776
+                                sigs.k8s.io/kustomize/kustomize/v4@* and gopkg.in/yaml.v3@v3.0.0-20210107192922-496545a6307b
         
                     
    • 
                 
@@ -612,15 +603,6 @@ 
    Detailed paths
    
                                 Introduced through:
                                         sigs.k8s.io/kustomize/kustomize/v4@*
                                          › 
-                                        gopkg.in/yaml.v3@v3.0.0-20200615113413-eeeca48fe776
-                                        
-                                
-        
-
    • -
  • - Introduced through: - helm.sh/helm/v3@* - › gopkg.in/yaml.v3@v3.0.0-20210107192922-496545a6307b @@ -633,8 +615,8 @@

    Detailed paths

    Overview

    -

    gopkg.in/yaml.v3 is a YAML support package for the Go language.

    -

    Affected versions of this package are vulnerable to NULL Pointer Dereference when parsing #\n-\n-\n0 via the parserc.go parser.

    +

    gopkg.in/yaml.v3 is a YAML support package for the Go language. + Affected versions of this package are vulnerable to NULL Pointer Dereference when parsing #\n-\n-\n0 via the parserc.go parser.

    PoC

    package main
         
@@ -663,7 +645,7 @@ 
    References
    • -

    Denial of Service

    +

    Denial of Service (DoS)

    @@ -679,12 +661,12 @@

    Denial of Service

  • Vulnerable module: - golang.org/x/net/http2 + golang.org/x/net/http2/hpack
  • Introduced through: - github.com/argoproj/argo-cd/v2@* and golang.org/x/net/http2@v0.0.0-20220621193019-9d032be2e588 + github.com/argoproj/argo-cd/v2@* and golang.org/x/net/http2/hpack@v0.4.0
    • @@ -699,82 +681,16 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@* › - golang.org/x/net/http2@v0.0.0-20220621193019-9d032be2e588 - - - - -
  • - Introduced through: - helm.sh/helm/v3@* - › - golang.org/x/net/http2@v0.0.0-20220107192237-5cfca573fb4d + golang.org/x/net/http2/hpack@v0.4.0
    • - - -
    - -
    - -

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    -

    Affected versions of this package are vulnerable to Denial of Service as an HTTP/2 connection can hang during closing if a shutdown was preempted by a fatal error.

    -

    Remediation

    -

    Upgrade golang.org/x/net/http2 to version 0.0.0-20220906165146-f3363e06e74c, 1.18.6, 1.19.1 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Denial of Service (DoS)

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/net/http2 -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and golang.org/x/net/http2@v0.0.0-20220621193019-9d032be2e588 - -
      • -
    - -
    - - -

    Detailed paths

    - -
    • Introduced through: - github.com/argoproj/argo-cd/v2@* + sigs.k8s.io/kustomize/kustomize/v4@* › - golang.org/x/net/http2@v0.0.0-20220621193019-9d032be2e588 + golang.org/x/net/http2/hpack@v0.0.0-20220127200216-cd36cc0744dd @@ -783,7 +699,7 @@

      Detailed paths

      Introduced through: helm.sh/helm/v3@* › - golang.org/x/net/http2@v0.0.0-20220107192237-5cfca573fb4d + golang.org/x/net/http2/hpack@v0.0.0-20220722155237-a158d28d115b @@ -795,7 +711,6 @@

      Detailed paths

      Overview

      -

      golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

      Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

      Details

      Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

      @@ -810,7 +725,7 @@

      Details

    Remediation

    -

    Upgrade golang.org/x/net/http2 to version 0.7.0 or higher.

    +

    Upgrade golang.org/x/net/http2/hpack to version 0.7.0 or higher.

    References

    @@ -843,12 +758,12 @@

    Denial of Service (DoS)

  • Vulnerable module: - github.com/prometheus/client_golang/prometheus/promhttp + golang.org/x/net/http2
  • Introduced through: - helm.sh/helm/v3@* and github.com/prometheus/client_golang/prometheus/promhttp@v1.11.0 + github.com/argoproj/argo-cd/v2@* and golang.org/x/net/http2@v0.4.0
    • @@ -859,11 +774,20 @@

    Denial of Service (DoS)

    Detailed paths

      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@* + › + golang.org/x/net/http2@v0.4.0 + + + +
    • Introduced through: helm.sh/helm/v3@* › - github.com/prometheus/client_golang/prometheus/promhttp@v1.11.0 + golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b @@ -875,29 +799,8 @@

      Detailed paths

      Overview

      -

      Affected versions of this package are vulnerable to Denial of Service (DoS) when handling requests with non-standard HTTP methods.

      -

      Note: In order to be affected, an instrumented software must:

      -
        -

      1. use promhttp.InstrumentHandler* middleware except RequestsInFlight

        -
        2. -

      2. not filter any specific methods (e.g GET) before middleware

        -
        3. -

      3. pass metric with method label name to the middleware

        -
        4. -

      4. not have any firewall/LB/proxy that filters away requests with unknown method.

        -
        5. -
      -

      Workarounds:

      -
        -

      1. removing the method label name from counter/gauge used in the InstrumentHandler

        -
        2. -

      2. turning off affected promhttp handlers

        -
        3. -

      3. adding custom middleware before promhttp handler that will sanitize the request method given by Go http.Request

        -
        4. -

      4. using a reverse proxy or web application firewall, configured to only allow a limited set of methods.

        -
        5. -
      +

      golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go. + Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

      Details

      Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

      Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

      @@ -911,25 +814,24 @@

      Details

    Remediation

    -

    Upgrade github.com/prometheus/client_golang/prometheus/promhttp to version 1.11.1 or higher.

    +

    Upgrade golang.org/x/net/http2 to version 0.7.0 or higher.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    -

    Authorization Bypass

    +

    Denial of Service

    @@ -945,12 +847,12 @@

    Authorization Bypass

  • Vulnerable module: - github.com/emicklei/go-restful + golang.org/x/net/http2
  • Introduced through: - github.com/argoproj/argo-cd/v2@* and github.com/emicklei/go-restful@v2.9.5+incompatible + helm.sh/helm/v3@* and golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b
    • @@ -963,9 +865,9 @@

    Detailed paths

    • Introduced through: - github.com/argoproj/argo-cd/v2@* + helm.sh/helm/v3@* › - github.com/emicklei/go-restful@v2.9.5+incompatible + golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b @@ -977,31 +879,29 @@

      Detailed paths

      Overview

      -

      Affected versions of this package are vulnerable to Authorization Bypass when using CORS Filter with a configurable AllowedDomains parameter (which is an array of domains allowed in CORS policy), with the same value as exists in allowedOriginPatterns parameter (used for matching origin using regular expression), it causes for all domains in AllowedDomains to be also used as regular expression for matching origin validation. - This behavior means that if example.com exists in AllowedDomains, all domains starting with example.com would be acceptable, including example.com.hacker.domain.

      +

      golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go. + Affected versions of this package are vulnerable to Denial of Service as an HTTP/2 connection can hang during closing if a shutdown was preempted by a fatal error.

      Remediation

      -

      Upgrade github.com/emicklei/go-restful to version 2.16.0 or higher.

      +

      Upgrade golang.org/x/net/http2 to version 0.0.0-20220906165146-f3363e06e74c, 1.18.6, 1.19.1 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -
    -

    Command Injection

    +
    +

    Improper Input Validation

    -
    - high severity +
    + medium severity
    @@ -1013,12 +913,12 @@

    Command Injection

  • Vulnerable module: - github.com/Masterminds/vcs + golang.org/x/text/language
  • Introduced through: - helm.sh/helm/v3@* and github.com/Masterminds/vcs@v1.13.1 + sigs.k8s.io/kustomize/kustomize/v4@* and golang.org/x/text/language@v0.3.7
    • @@ -1029,11 +929,20 @@

    Command Injection

    Detailed paths

      +
    • + Introduced through: + sigs.k8s.io/kustomize/kustomize/v4@* + › + golang.org/x/text/language@v0.3.7 + + + +
    • Introduced through: helm.sh/helm/v3@* › - github.com/Masterminds/vcs@v1.13.1 + golang.org/x/text/language@v0.3.7 @@ -1045,37 +954,27 @@

      Detailed paths

      Overview

      -

      github.com/Masterminds/vcs is a VCS Repo management through a common interface in Go.

      -

      Affected versions of this package are vulnerable to Command Injection via argument injection. When hg is executed, argument strings are passed to hg in a way that additional flags can be set. The additional flags can be used to perform a command injection.

      -

      PoC

      - 
      package main
-        
-        import (
-            "github.com/Masterminds/vcs"
-        )
-        
-        func main(){
-              local := "--config=alias.init=!touch ./HELLO"
-            repo, _ := vcs.NewHgRepo("remote", local)
-            repo.Init()
-        }
-
      +

      Affected versions of this package are vulnerable to Improper Input Validation due to the parser being, by design, exposed to untrusted user input, which can be leveraged to force a program to consume significant time parsing Accept-Language headers.

      Remediation

      -

      Upgrade github.com/Masterminds/vcs to version 1.13.3 or higher.

      +

      Upgrade golang.org/x/text/language to version 0.3.8 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    Out-of-bounds Read

    +

    Incorrect Privilege Assignment

    @@ -1086,18 +985,18 @@

    Out-of-bounds Read

    • - Package Manager: ubuntu:22.04 + Package Manager: golang
    • Vulnerable module: - tar + golang.org/x/sys/unix
    • Introduced through: + helm.sh/helm/v3@* and golang.org/x/sys/unix@v0.0.0-20220722155257-8c9f86f7a55f - docker-image|quay.io/argoproj/argocd@v2.4.24, meta-common-packages@meta and others
    @@ -1109,11 +1008,9 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 - › - meta-common-packages@meta + helm.sh/helm/v3@* › - tar@1.34+dfsg-1build3 + golang.org/x/sys/unix@v0.0.0-20220722155257-8c9f86f7a55f @@ -1124,28 +1021,25 @@

      Detailed paths

      -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream tar package and not the tar package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters.

      +

      Overview

      +

      Affected versions of this package are vulnerable to Incorrect Privilege Assignment such that when called with a non-zero flags parameter, the Faccessat function can incorrectly report that a file is accessible.

      Remediation

      -

      Upgrade Ubuntu:22.04 tar to version 1.34+dfsg-1ubuntu0.1.22.04.1 or higher.

      +

      Upgrade golang.org/x/sys/unix to version 0.1.0 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    Off-by-one Error

    +

    Denial of Service (DoS)

    @@ -1156,17 +1050,17 @@

    Off-by-one Error

    • - Package Manager: ubuntu:22.04 + Package Manager: golang
    • Vulnerable module: - systemd/libsystemd0 + golang.org/x/net/http2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 and systemd/libsystemd0@249.11-0ubuntu3.6 + helm.sh/helm/v3@* and golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b
    @@ -1179,110 +1073,9 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 - › - systemd/libsystemd0@249.11-0ubuntu3.6 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 - › - apt@2.4.8 - › - systemd/libsystemd0@249.11-0ubuntu3.6 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 - › - procps/libprocps8@2:3.3.17-6ubuntu2 - › - systemd/libsystemd0@249.11-0ubuntu3.6 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 - › - util-linux@2.37.2-4ubuntu3 - › - systemd/libsystemd0@249.11-0ubuntu3.6 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 - › - util-linux/bsdutils@1:2.37.2-4ubuntu3 - › - systemd/libsystemd0@249.11-0ubuntu3.6 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 - › - apt@2.4.8 - › - apt/libapt-pkg6.0@2.4.8 - › - systemd/libsystemd0@249.11-0ubuntu3.6 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 - › - systemd/libudev1@249.11-0ubuntu3.6 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 - › - libfido2/libfido2-1@1.10.0-1 - › - systemd/libudev1@249.11-0ubuntu3.6 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 - › - util-linux@2.37.2-4ubuntu3 - › - systemd/libudev1@249.11-0ubuntu3.6 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 - › - apt@2.4.8 - › - apt/libapt-pkg6.0@2.4.8 + helm.sh/helm/v3@* › - systemd/libudev1@249.11-0ubuntu3.6 + golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b @@ -1293,256 +1086,23 @@

      Detailed paths

      -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream systemd package and not the systemd package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.

      +

      Overview

      +

      golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go. + Affected versions of this package are vulnerable to Denial of Service (DoS) due to improper checks and limitations for the number of entries in the cache, which can allow an attacker to consume unbounded amounts of memory by sending a small number of very large keys.

      +

      Details

      +

      Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

      +

      Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

      +

      One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

      +

      When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

      +

      Two common types of DoS vulnerabilities:

      +
        +

      • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

        +
        • +

      • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

        +
        • +

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 systemd.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
    -
    -

    Denial of Service (DoS)

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - gopkg.in/yaml.v2 -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and gopkg.in/yaml.v2@v2.2.4 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@* - › - gopkg.in/yaml.v2@v2.2.4 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    gopkg.in/yaml.v2 is a YAML support package for the Go language.

    -

    Affected versions of this package are vulnerable to Denial of Service (DoS). It is possible for authorized users to send malicious YAML payloads to cause kube-apiserver to consume excessive CPU cycles while parsing YAML.

    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    -

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    -

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    -

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    -

    Two common types of DoS vulnerabilities:

    -
      -

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      -
      • -

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      -
      • -
    -

    Remediation

    -

    Upgrade gopkg.in/yaml.v2 to version 2.2.8 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Incorrect Privilege Assignment

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/sys/unix -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and golang.org/x/sys/unix@v0.0.0-20220520151302-bc2c85ada10a - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@* - › - golang.org/x/sys/unix@v0.0.0-20220520151302-bc2c85ada10a - - - -
      • -
    • - Introduced through: - helm.sh/helm/v3@* - › - golang.org/x/sys/unix@v0.0.0-20211216021012-1d35b9e2eb4e - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Incorrect Privilege Assignment such that when called with a non-zero flags parameter, the Faccessat function can incorrectly report that a file is accessible.

    -

    Remediation

    -

    Upgrade golang.org/x/sys/unix to version 0.1.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Denial of Service (DoS)

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/net/http2 -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and golang.org/x/net/http2@v0.0.0-20220621193019-9d032be2e588 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@* - › - golang.org/x/net/http2@v0.0.0-20220621193019-9d032be2e588 - - - -
      • -
    • - Introduced through: - helm.sh/helm/v3@* - › - golang.org/x/net/http2@v0.0.0-20220107192237-5cfca573fb4d - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    -

    Affected versions of this package are vulnerable to Denial of Service (DoS) due to improper checks and limitations for the number of entries in the cache, which can allow an attacker to consume unbounded amounts of memory by sending a small number of very large keys.

    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    -

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    -

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    -

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    -

    Two common types of DoS vulnerabilities:

    -
      -

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      -
      • -

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      -
      • -
    -

    Remediation

    -

    Upgrade golang.org/x/net/http2 to version 0.4.0 or higher.

    +

    Upgrade golang.org/x/net/http2 to version 0.4.0 or higher.

    References

    -
    -
    -

    Denial of Service (DoS)

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/net/http/httpguts -
      • - -
    • Introduced through: - - sigs.k8s.io/kustomize/kustomize/v4@* and golang.org/x/net/http/httpguts@v0.0.0-20201110031124-69a78807bb2b - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - sigs.k8s.io/kustomize/kustomize/v4@* - › - golang.org/x/net/http/httpguts@v0.0.0-20201110031124-69a78807bb2b - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    golang.org/x/net/http/httpguts is a package providing functions implementing various details of the HTTP specification

    -

    Affected versions of this package are vulnerable to Denial of Service (DoS) when processing a large header to ReadRequest or ReadResponse. Servers are only vulnerable if the default max header of 1MB is increased by setting Server.MaxHeaderBytes.

    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    -

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    -

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    -

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    -

    Two common types of DoS vulnerabilities:

    -
      -

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      -
      • -

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      -
      • -
    -

    Remediation

    -

    Upgrade golang.org/x/net/http/httpguts to version 0.0.0-20210428140749-89ef3d95e781 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Input Validation

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - go.mongodb.org/mongo-driver/bson/bsonrw -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and go.mongodb.org/mongo-driver/bson/bsonrw@v1.1.2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@* - › - go.mongodb.org/mongo-driver/bson/bsonrw@v1.1.2 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    go.mongodb.org/mongo-driver/bson/bsonrw is a The MongoDB supported driver for Go.

    -

    Affected versions of this package are vulnerable to Improper Input Validation. Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents.

    -

    Remediation

    -

    Upgrade go.mongodb.org/mongo-driver/bson/bsonrw to version 1.5.1 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Information Exposure

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - gnutls28/libgnutls30 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.4.24 and gnutls28/libgnutls30@3.7.3-4ubuntu1.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 - › - gnutls28/libgnutls30@3.7.3-4ubuntu1.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 - › - apt@2.4.8 - › - gnutls28/libgnutls30@3.7.3-4ubuntu1.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 - › - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - › - gnutls28/libgnutls30@3.7.3-4ubuntu1.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 - › - git@1:2.34.1-1ubuntu1.8 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.8 - › - gnutls28/libgnutls30@3.7.3-4ubuntu1.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 - › - git@1:2.34.1-1ubuntu1.8 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.8 - › - openldap/libldap-2.5-0@2.5.13+dfsg-0ubuntu0.22.04.1 - › - gnutls28/libgnutls30@3.7.3-4ubuntu1.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 - › - git@1:2.34.1-1ubuntu1.8 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.8 - › - rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build4 - › - gnutls28/libgnutls30@3.7.3-4ubuntu1.1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.

    -

    Remediation

    -

    Upgrade Ubuntu:22.04 gnutls28 to version 3.7.3-4ubuntu1.2 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    -

    CVE-2022-46908

    @@ -1866,7 +1141,7 @@

    CVE-2022-46908

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24, gnupg2/gpg@2.2.27-3ubuntu2.1 and others + docker-image|quay.io/argoproj/argocd@v2.6.4, gnupg2/gpg@2.2.27-3ubuntu2.1 and others
    • @@ -1878,7 +1153,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › gnupg2/gpg@2.2.27-3ubuntu2.1 › @@ -1937,7 +1212,7 @@

      Uncontrolled Recursion

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 + docker-image|quay.io/argoproj/argocd@v2.6.4 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1
    @@ -1950,7 +1225,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 @@ -1959,7 +1234,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › grep@3.7-1build1 › @@ -2019,7 +1294,7 @@

      Release of Invalid Pointer or Reference

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 and patch@2.7.6-7build2 + docker-image|quay.io/argoproj/argocd@v2.6.4 and patch@2.7.6-7build2
    @@ -2032,7 +1307,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › patch@2.7.6-7build2 @@ -2086,7 +1361,7 @@

      Double Free

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 and patch@2.7.6-7build2 + docker-image|quay.io/argoproj/argocd@v2.6.4 and patch@2.7.6-7build2
    @@ -2099,7 +1374,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › patch@2.7.6-7build2 @@ -2158,7 +1433,7 @@

      Improper Locking

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 and openssl/libssl3@3.0.2-0ubuntu1.8 + docker-image|quay.io/argoproj/argocd@v2.6.4 and openssl/libssl3@3.0.2-0ubuntu1.8
    @@ -2171,7 +1446,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › openssl/libssl3@3.0.2-0ubuntu1.8 @@ -2180,9 +1455,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.1 + cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 › openssl/libssl3@3.0.2-0ubuntu1.8 @@ -2191,7 +1466,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › libfido2/libfido2-1@1.10.0-1 › @@ -2202,7 +1477,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › openssh/openssh-client@1:8.9p1-3ubuntu0.1 › @@ -2213,7 +1488,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › ca-certificates@20211016ubuntu0.22.04.1 › @@ -2226,7 +1501,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › git@1:2.34.1-1ubuntu1.8 › @@ -2241,7 +1516,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › adduser@3.118ubuntu5 › @@ -2264,7 +1539,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › openssl@3.0.2-0ubuntu1.8 @@ -2273,7 +1548,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › ca-certificates@20211016ubuntu0.22.04.1 › @@ -2330,7 +1605,7 @@

      Improper Privilege Management

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 and openssh/openssh-client@1:8.9p1-3ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.6.4 and openssh/openssh-client@1:8.9p1-3ubuntu0.1
    @@ -2343,7 +1618,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › openssh/openssh-client@1:8.9p1-3ubuntu0.1 @@ -2408,7 +1683,7 @@

      Information Exposure

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 and openssh/openssh-client@1:8.9p1-3ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.6.4 and openssh/openssh-client@1:8.9p1-3ubuntu0.1
    @@ -2421,7 +1696,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › openssh/openssh-client@1:8.9p1-3ubuntu0.1 @@ -2482,7 +1757,7 @@

      Out-of-bounds Read

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 and ncurses/libtinfo6@6.3-2 + docker-image|quay.io/argoproj/argocd@v2.6.4 and ncurses/libtinfo6@6.3-2
    @@ -2495,7 +1770,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › ncurses/libtinfo6@6.3-2 @@ -2504,7 +1779,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › bash@5.1-6ubuntu1 › @@ -2515,7 +1790,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › ncurses/libncursesw6@6.3-2 › @@ -2526,7 +1801,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › less@590-1ubuntu0.22.04.1 › @@ -2537,7 +1812,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › libedit/libedit2@3.1-20210910-1build1 › @@ -2548,7 +1823,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › ncurses/libncurses6@6.3-2 › @@ -2559,7 +1834,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › ncurses/ncurses-bin@6.3-2 › @@ -2570,7 +1845,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › procps@2:3.3.17-6ubuntu2 › @@ -2581,7 +1856,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › util-linux@2.37.2-4ubuntu3 › @@ -2592,7 +1867,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › gnupg2/gpg@2.2.27-3ubuntu2.1 › @@ -2607,7 +1882,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -2622,7 +1897,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › ncurses/libncursesw6@6.3-2 @@ -2631,7 +1906,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › procps@2:3.3.17-6ubuntu2 › @@ -2642,7 +1917,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -2657,7 +1932,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › ncurses/libncurses6@6.3-2 @@ -2666,7 +1941,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › procps@2:3.3.17-6ubuntu2 › @@ -2677,7 +1952,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › ncurses/ncurses-base@6.3-2 @@ -2686,7 +1961,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › ncurses/ncurses-bin@6.3-2 @@ -2744,7 +2019,7 @@

      Integer Overflow or Wraparound

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 and krb5/libk5crypto3@1.19.2-2ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.6.4 and krb5/libk5crypto3@1.19.2-2ubuntu0.1
    @@ -2757,7 +2032,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › krb5/libk5crypto3@1.19.2-2ubuntu0.1 @@ -2766,7 +2041,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › adduser@3.118ubuntu5 › @@ -2787,7 +2062,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › adduser@3.118ubuntu5 › @@ -2810,7 +2085,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › krb5/libkrb5-3@1.19.2-2ubuntu0.1 @@ -2819,7 +2094,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › adduser@3.118ubuntu5 › @@ -2840,7 +2115,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 @@ -2849,7 +2124,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › openssh/openssh-client@1:8.9p1-3ubuntu0.1 › @@ -2860,7 +2135,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › git@1:2.34.1-1ubuntu1.8 › @@ -2873,7 +2148,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › git@1:2.34.1-1ubuntu1.8 › @@ -2888,7 +2163,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › adduser@3.118ubuntu5 › @@ -2907,7 +2182,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › meta-common-packages@meta › @@ -2966,7 +2241,7 @@

      Out-of-bounds Write

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 and gnupg2/gpgv@2.2.27-3ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.6.4 and gnupg2/gpgv@2.2.27-3ubuntu2.1
    @@ -2979,7 +2254,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -2988,7 +2263,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › apt@2.4.8 › @@ -2999,7 +2274,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -3010,7 +2285,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › gnupg2/dirmngr@2.2.27-3ubuntu2.1 › @@ -3021,7 +2296,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › gnupg2/gpg@2.2.27-3ubuntu2.1 › @@ -3032,7 +2307,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -3045,7 +2320,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -3058,7 +2333,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -3067,7 +2342,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -3078,7 +2353,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -3091,7 +2366,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1 @@ -3100,7 +2375,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -3111,7 +2386,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 @@ -3120,7 +2395,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -3131,7 +2406,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -3140,7 +2415,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -3151,7 +2426,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -3164,7 +2439,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -3177,7 +2452,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › gnupg2/gpg-agent@2.2.27-3ubuntu2.1 @@ -3186,7 +2461,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -3197,7 +2472,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -3210,7 +2485,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -3223,7 +2498,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 @@ -3232,7 +2507,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -3243,7 +2518,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 @@ -3252,7 +2527,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -3263,7 +2538,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › gnupg2/gpgsm@2.2.27-3ubuntu2.1 @@ -3272,7 +2547,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -3283,7 +2558,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3341,7 +2616,7 @@

      Allocation of Resources Without Limits or Throttling

      Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 and glibc/libc-bin@2.35-0ubuntu3.1 + docker-image|quay.io/argoproj/argocd@v2.6.4 and glibc/libc-bin@2.35-0ubuntu3.1
    @@ -3354,7 +2629,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › glibc/libc-bin@2.35-0ubuntu3.1 @@ -3363,7 +2638,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › meta-common-packages@meta › @@ -3422,7 +2697,7 @@

      Improper Input Validation

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24, git@1:2.34.1-1ubuntu1.8 and others + docker-image|quay.io/argoproj/argocd@v2.6.4, git@1:2.34.1-1ubuntu1.8 and others
    @@ -3434,7 +2709,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › git@1:2.34.1-1ubuntu1.8 › @@ -3445,7 +2720,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › git@1:2.34.1-1ubuntu1.8 @@ -3454,7 +2729,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › git-lfs@3.0.2-1ubuntu0.1 › @@ -3511,7 +2786,7 @@

      Improper Input Validation

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 and coreutils@8.32-4.1ubuntu1 + docker-image|quay.io/argoproj/argocd@v2.6.4 and coreutils@8.32-4.1ubuntu1
    @@ -3524,7 +2799,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › coreutils@8.32-4.1ubuntu1 @@ -3581,7 +2856,7 @@

      Out-of-bounds Write

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 and bash@5.1-6ubuntu1 + docker-image|quay.io/argoproj/argocd@v2.6.4 and bash@5.1-6ubuntu1
    @@ -3594,7 +2869,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.24 + docker-image|quay.io/argoproj/argocd@v2.6.4 › bash@5.1-6ubuntu1 diff --git a/docs/snyk/v2.6.4/redis_7.0.8-alpine.html b/docs/snyk/v2.6.4/redis_7.0.8-alpine.html new file mode 100644 index 0000000000000..8c8ab8c397b30 --- /dev/null +++ b/docs/snyk/v2.6.4/redis_7.0.8-alpine.html @@ -0,0 +1,492 @@ + + + + + + + + + Snyk test report + + + + + + + + + +
      +
      +
      +
      + + + Snyk - Open Source Security + + + + + + + +
      +

      Snyk test report

      + +

      March 12th 2023, 12:18:04 am

      +
      +
      + Scanned the following path: +
        +
      • redis:7.0.8-alpine (apk)
        • +
      +
      + +
      +
      0 known vulnerabilities
      +
      0 vulnerable dependency paths
      +
      18 dependencies
      +
      +
      +
      +
      +
      + + + + + + + +
      Project docker-image|redis
      Path redis:7.0.8-alpine
      Package Manager apk
      +
      +
      + No known vulnerabilities detected. +
      +
      + + + diff --git a/docs/understand_the_basics.md b/docs/understand_the_basics.md index f37b9e4b6ece8..0fd7218d5890b 100644 --- a/docs/understand_the_basics.md +++ b/docs/understand_the_basics.md @@ -13,4 +13,4 @@ Before effectively using Argo CD, it is necessary to understand the underlying t * [Helm](https://helm.sh) * If you're integrating with a CI tool: * [GitHub Actions Documentation](https://docs.github.com/en/actions) - * [Jenkins User Guide](https://jenkins.io](https://www.jenkins.io/doc/book/) + * [Jenkins User Guide](https://www.jenkins.io/doc/book/) diff --git a/docs/user-guide/application-set.md b/docs/user-guide/application-set.md index 58a3f58ed4470..682e3b1d44a1f 100644 --- a/docs/user-guide/application-set.md +++ b/docs/user-guide/application-set.md @@ -48,40 +48,4 @@ Within ApplicationSet there exist other more powerful generators in addition to To learn more about the ApplicationSet controller, check out [ApplicationSet documentation](../operator-manual/applicationset/index.md) to install the ApplicationSet controller alongside Argo CD. -**Note:** Starting `v2.3` of Argo CD, we don't need to install ApplicationSet Controller separately. It would be instead as part of Argo CD installation. - -#### Post Selector all generators - -The Selector allows to post-filter based on generated values using the kubernetes common labelSelector format. In the example, the list generator generates a set of two application which then filter by the key value to only select the `env` with value `staging`: - -```yaml -apiVersion: argoproj.io/v1alpha1 -kind: ApplicationSet -metadata: - name: guestbook -spec: - generators: - - list: - elements: - - cluster: engineering-dev - url: https://kubernetes.default.svc - env: staging - - cluster: engineering-prod - url: https://kubernetes.default.svc - env: prod - selector: - matchLabels: - env: staging - template: - metadata: - name: '{{cluster}}-guestbook' - spec: - project: default - source: - repoURL: https://github.com/argoproj-labs/applicationset.git - targetRevision: HEAD - path: examples/list-generator/guestbook/{{cluster}} - destination: - server: '{{url}}' - namespace: guestbook -``` \ No newline at end of file +**Note:** Starting `v2.3` of Argo CD, we don't need to install ApplicationSet Controller separately. It would be instead as part of Argo CD installation. \ No newline at end of file diff --git a/docs/user-guide/commands/argocd_admin_app_generate-spec.md b/docs/user-guide/commands/argocd_admin_app_generate-spec.md index fc5ff079954ad..f036835166f00 100644 --- a/docs/user-guide/commands/argocd_admin_app_generate-spec.md +++ b/docs/user-guide/commands/argocd_admin_app_generate-spec.md @@ -65,6 +65,7 @@ argocd admin app generate-spec APPNAME [flags] --kustomize-force-common-annotation Force common annotations in Kustomize --kustomize-force-common-label Force common labels in Kustomize --kustomize-image stringArray Kustomize images (e.g. --kustomize-image node:8.15.0 --kustomize-image mysql=mariadb,alpine@sha256:24a0c4b4a4c0eb97a1aabb8e29f18e917d05abfe1b7a7c07857230879ce7d3d) + --kustomize-namespace string Kustomize namespace --kustomize-version string Kustomize version -l, --label stringArray Labels to apply to the app --name string A name for the app, ignored if a file is set (DEPRECATED) diff --git a/docs/user-guide/commands/argocd_admin_cluster_generate-spec.md b/docs/user-guide/commands/argocd_admin_cluster_generate-spec.md index 8dc901a088dc1..8ba24b10a9058 100644 --- a/docs/user-guide/commands/argocd_admin_cluster_generate-spec.md +++ b/docs/user-guide/commands/argocd_admin_cluster_generate-spec.md @@ -13,6 +13,7 @@ argocd admin cluster generate-spec CONTEXT [flags] --aws-cluster-name string AWS Cluster name if set then aws cli eks token command will be used to access cluster --aws-role-arn string Optional AWS role arn. If set then AWS IAM Authenticator assumes a role to perform cluster operations instead of the default AWS credential provider chain. --bearer-token string Authentication token that should be used to access K8S API server + --cluster-endpoint string Cluster endpoint to use. Can be one of the following: 'kubeconfig', 'kube-public', or 'internal'. --cluster-resources Indicates if cluster level resources should be managed. The setting is used only if list of managed namespaces is not empty. --exec-command string Command to run to provide client credentials to the cluster. You may need to build a custom ArgoCD image to ensure the command is available at runtime. --exec-command-api-version string Preferred input version of the ExecInfo for the --exec-command executable diff --git a/docs/user-guide/commands/argocd_app_create.md b/docs/user-guide/commands/argocd_app_create.md index e4e5b1d10c6a8..7d7b73b35e607 100644 --- a/docs/user-guide/commands/argocd_app_create.md +++ b/docs/user-guide/commands/argocd_app_create.md @@ -63,6 +63,7 @@ argocd app create APPNAME [flags] --kustomize-force-common-annotation Force common annotations in Kustomize --kustomize-force-common-label Force common labels in Kustomize --kustomize-image stringArray Kustomize images (e.g. --kustomize-image node:8.15.0 --kustomize-image mysql=mariadb,alpine@sha256:24a0c4b4a4c0eb97a1aabb8e29f18e917d05abfe1b7a7c07857230879ce7d3d) + --kustomize-namespace string Kustomize namespace --kustomize-version string Kustomize version -l, --label stringArray Labels to apply to the app --name string A name for the app, ignored if a file is set (DEPRECATED) diff --git a/docs/user-guide/commands/argocd_app_set.md b/docs/user-guide/commands/argocd_app_set.md index 9e89957e07e9e..c0e9332f2a20f 100644 --- a/docs/user-guide/commands/argocd_app_set.md +++ b/docs/user-guide/commands/argocd_app_set.md @@ -38,6 +38,7 @@ argocd app set APPNAME [flags] --kustomize-force-common-annotation Force common annotations in Kustomize --kustomize-force-common-label Force common labels in Kustomize --kustomize-image stringArray Kustomize images (e.g. --kustomize-image node:8.15.0 --kustomize-image mysql=mariadb,alpine@sha256:24a0c4b4a4c0eb97a1aabb8e29f18e917d05abfe1b7a7c07857230879ce7d3d) + --kustomize-namespace string Kustomize namespace --kustomize-version string Kustomize version --nameprefix string Kustomize nameprefix --namesuffix string Kustomize namesuffix diff --git a/docs/user-guide/commands/argocd_app_unset.md b/docs/user-guide/commands/argocd_app_unset.md index 11d3ae0d7097f..3ae440e6c8de1 100644 --- a/docs/user-guide/commands/argocd_app_unset.md +++ b/docs/user-guide/commands/argocd_app_unset.md @@ -25,6 +25,7 @@ argocd app unset APPNAME parameters [flags] -h, --help help for unset --ignore-missing-value-files Unset the helm ignore-missing-value-files option (revert to false) --kustomize-image stringArray Kustomize images name (e.g. --kustomize-image node --kustomize-image mysql) + --kustomize-namespace Kustomize namespace --kustomize-version Kustomize version --nameprefix Kustomize nameprefix --namesuffix Kustomize namesuffix diff --git a/docs/user-guide/commands/argocd_cluster_add.md b/docs/user-guide/commands/argocd_cluster_add.md index 827b3344eb81c..1721dcffea367 100644 --- a/docs/user-guide/commands/argocd_cluster_add.md +++ b/docs/user-guide/commands/argocd_cluster_add.md @@ -12,6 +12,7 @@ argocd cluster add CONTEXT [flags] --annotation stringArray Set metadata annotations (e.g. --annotation key=value) --aws-cluster-name string AWS Cluster name if set then aws cli eks token command will be used to access cluster --aws-role-arn string Optional AWS role arn. If set then AWS IAM Authenticator assumes a role to perform cluster operations instead of the default AWS credential provider chain. + --cluster-endpoint string Cluster endpoint to use. Can be one of the following: 'kubeconfig', 'kube-public', or 'internal'. --cluster-resources Indicates if cluster level resources should be managed. The setting is used only if list of managed namespaces is not empty. --exec-command string Command to run to provide client credentials to the cluster. You may need to build a custom ArgoCD image to ensure the command is available at runtime. --exec-command-api-version string Preferred input version of the ExecInfo for the --exec-command executable diff --git a/docs/user-guide/kustomize.md b/docs/user-guide/kustomize.md index b940cc9a154e1..559dda4c04eb4 100644 --- a/docs/user-guide/kustomize.md +++ b/docs/user-guide/kustomize.md @@ -7,6 +7,7 @@ The following configuration options are available for Kustomize: * `images` is a list of Kustomize image overrides * `commonLabels` is a string map of additional labels * `commonAnnotations` is a string map of additional annotations +* `namespace` is a kubernetes resources namespace To use Kustomize with an overlay, point your path to the overlay. @@ -104,3 +105,10 @@ data: kustomize.buildOptions: --enable-helm ``` +## Setting the manifests' namespace + +The `spec.destination.namespace` field only adds a namespace when it's missing from the manifests generated by Kustomize. It also uses `kubectl` to set the namespace, which sometimes misses namespace fields in certain resources (for example, custom resources). In these cases, you might get an error like this: `ClusterRoleBinding.rbac.authorization.k8s.io "example" is invalid: subjects[0].namespace: Required value.` + +Using Kustomize directly to set the missing namespaces can resolve this problem. Setting `spec.source.kustomize.namespace` instructs Kustomize to set namespace fields to the given value. + +If `spec.destination.namespace` and `spec.source.kustomize.namespace` are both set, Argo CD will defer to the latter, the namespace value set by Kustomize. diff --git a/entrypoint.sh b/entrypoint.sh index 88515e217e4be..24862aca2172d 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/sh # If we're started as PID 1, we should wrap command execution through tini to # prevent leakage of orphaned processes ("zombies"). diff --git a/examples/k8s-rbac/argocd-server-applications/README.md b/examples/k8s-rbac/argocd-server-applications/README.md new file mode 100644 index 0000000000000..a5fc3553f68fe --- /dev/null +++ b/examples/k8s-rbac/argocd-server-applications/README.md @@ -0,0 +1,11 @@ +This folder contains example RBAC for Kubernetes to allow the Argo CD API +Server (`argocd-server`) to perform CRUD operations on `Application` CRs +in all namespaces on the cluster. + +Applying the `ClusterRole` and `ClusterRoleBinding` grant the Argo CD API +server read and write permissions cluster-wide, which may not be what you +want. Handle with care. + +Only apply these if you have installed Argo CD into the default namespace +`argocd`. Otherwise, you need to edit the cluster role binding to bind to +the service account in the correct namespace. \ No newline at end of file diff --git a/examples/k8s-rbac/argocd-server-applications/argocd-server-rbac-clusterrole.yaml b/examples/k8s-rbac/argocd-server-applications/argocd-server-rbac-clusterrole.yaml new file mode 100644 index 0000000000000..20e93dbada6d2 --- /dev/null +++ b/examples/k8s-rbac/argocd-server-applications/argocd-server-rbac-clusterrole.yaml @@ -0,0 +1,18 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: argocd-server-cluster-apps + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: server + name: argocd-server-cluster-apps +rules: +- apiGroups: + - "argoproj.io" + resources: + - "applications" + verbs: + - create + - delete + - update + - patch diff --git a/examples/k8s-rbac/argocd-server-applications/argocd-server-rbac-clusterrolebinding.yaml b/examples/k8s-rbac/argocd-server-applications/argocd-server-rbac-clusterrolebinding.yaml new file mode 100644 index 0000000000000..1e587a3e40a31 --- /dev/null +++ b/examples/k8s-rbac/argocd-server-applications/argocd-server-rbac-clusterrolebinding.yaml @@ -0,0 +1,16 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: argocd-server-cluster-apps + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: server + name: argocd-server-cluster-apps +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: argocd-server-cluster-apps +subjects: +- kind: ServiceAccount + name: argocd-server + namespace: argocd diff --git a/hack/installers/checksums/helm-v3.11.2-linux-amd64.tar.gz.sha256 b/hack/installers/checksums/helm-v3.11.2-linux-amd64.tar.gz.sha256 new file mode 100644 index 0000000000000..56e53bec70d0e --- /dev/null +++ b/hack/installers/checksums/helm-v3.11.2-linux-amd64.tar.gz.sha256 @@ -0,0 +1 @@ +781d826daec584f9d50a01f0f7dadfd25a3312217a14aa2fbb85107b014ac8ca helm-v3.11.2-linux-amd64.tar.gz diff --git a/hack/installers/checksums/helm-v3.11.2-linux-arm64.tar.gz.sha256 b/hack/installers/checksums/helm-v3.11.2-linux-arm64.tar.gz.sha256 new file mode 100644 index 0000000000000..c88970e874f59 --- /dev/null +++ b/hack/installers/checksums/helm-v3.11.2-linux-arm64.tar.gz.sha256 @@ -0,0 +1 @@ +0a60baac83c3106017666864e664f52a4e16fbd578ac009f9a85456a9241c5db helm-v3.11.2-linux-arm64.tar.gz diff --git a/hack/installers/checksums/helm-v3.11.2-linux-ppc64le.tar.gz.sha256 b/hack/installers/checksums/helm-v3.11.2-linux-ppc64le.tar.gz.sha256 new file mode 100644 index 0000000000000..ddcdbc4de06dd --- /dev/null +++ b/hack/installers/checksums/helm-v3.11.2-linux-ppc64le.tar.gz.sha256 @@ -0,0 +1 @@ +04cbb8d053f2d8023e5cc6b771e9fa384fdd341eb7193a0fb592b7e2a036bf3d helm-v3.11.2-linux-ppc64le.tar.gz diff --git a/hack/installers/checksums/helm-v3.11.2-linux-s390x.tar.gz.sha256 b/hack/installers/checksums/helm-v3.11.2-linux-s390x.tar.gz.sha256 new file mode 100644 index 0000000000000..b888b1a2166c9 --- /dev/null +++ b/hack/installers/checksums/helm-v3.11.2-linux-s390x.tar.gz.sha256 @@ -0,0 +1 @@ +9793b80711c2fd82dec6f9742415fffb762d41ca20033d4413364d372517f958 helm-v3.11.2-linux-s390x.tar.gz diff --git a/hack/tool-versions.sh b/hack/tool-versions.sh index 3379aef2ba570..1a34e19355c1c 100644 --- a/hack/tool-versions.sh +++ b/hack/tool-versions.sh @@ -11,7 +11,7 @@ # Use ./hack/installers/checksums/add-helm-checksums.sh and # add-kustomize-checksums.sh to help download checksums. ############################################################################### -helm3_version=3.11.1 +helm3_version=3.11.2 kubectl_version=1.17.8 kubectx_version=0.6.3 kustomize4_version=4.5.7 diff --git a/manifests/base/application-controller/argocd-application-controller-statefulset.yaml b/manifests/base/application-controller/argocd-application-controller-statefulset.yaml index d0c9ed68d7f1a..286a1d19126df 100644 --- a/manifests/base/application-controller/argocd-application-controller-statefulset.yaml +++ b/manifests/base/application-controller/argocd-application-controller-statefulset.yaml @@ -18,8 +18,8 @@ spec: app.kubernetes.io/name: argocd-application-controller spec: containers: - - command: - - argocd-application-controller + - args: + - /usr/local/bin/argocd-application-controller env: - name: ARGOCD_CONTROLLER_REPLICAS value: "1" diff --git a/manifests/base/applicationset-controller/argocd-applicationset-controller-deployment.yaml b/manifests/base/applicationset-controller/argocd-applicationset-controller-deployment.yaml index ed796dcf0a774..de42229ba5df6 100644 --- a/manifests/base/applicationset-controller/argocd-applicationset-controller-deployment.yaml +++ b/manifests/base/applicationset-controller/argocd-applicationset-controller-deployment.yaml @@ -16,9 +16,8 @@ spec: app.kubernetes.io/name: argocd-applicationset-controller spec: containers: - - command: - - entrypoint.sh - - argocd-applicationset-controller + - args: + - /usr/local/bin/argocd-applicationset-controller image: quay.io/argoproj/argocd:latest imagePullPolicy: Always name: argocd-applicationset-controller diff --git a/manifests/base/dex/argocd-dex-server-deployment.yaml b/manifests/base/dex/argocd-dex-server-deployment.yaml index dd2d37fea62e8..e2fd51d4ae5b2 100644 --- a/manifests/base/dex/argocd-dex-server-deployment.yaml +++ b/manifests/base/dex/argocd-dex-server-deployment.yaml @@ -20,7 +20,7 @@ spec: - name: copyutil image: quay.io/argoproj/argocd:latest imagePullPolicy: Always - command: [cp, -n, /usr/local/bin/argocd, /shared/argocd-dex] + command: [/bin/cp, -n, /usr/local/bin/argocd, /shared/argocd-dex] volumeMounts: - mountPath: /shared name: static-files diff --git a/manifests/base/notification/argocd-notifications-cm.yaml b/manifests/base/notification/argocd-notifications-cm.yaml index 8139efd7e701a..c022fa50ded35 100644 --- a/manifests/base/notification/argocd-notifications-cm.yaml +++ b/manifests/base/notification/argocd-notifications-cm.yaml @@ -1,4 +1,8 @@ apiVersion: v1 kind: ConfigMap metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd name: argocd-notifications-cm diff --git a/manifests/base/notification/argocd-notifications-controller-deployment.yaml b/manifests/base/notification/argocd-notifications-controller-deployment.yaml index 94d01e7343f8a..d49e565e2acd1 100644 --- a/manifests/base/notification/argocd-notifications-controller-deployment.yaml +++ b/manifests/base/notification/argocd-notifications-controller-deployment.yaml @@ -1,6 +1,10 @@ apiVersion: apps/v1 kind: Deployment metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd name: argocd-notifications-controller spec: strategy: @@ -29,8 +33,8 @@ spec: - key: ca.crt path: ca.crt containers: - - command: - - argocd-notifications + - args: + - /usr/local/bin/argocd-notifications workingDir: /app livenessProbe: tcpSocket: diff --git a/manifests/base/notification/argocd-notifications-controller-metrics-service.yaml b/manifests/base/notification/argocd-notifications-controller-metrics-service.yaml index c5ec6160cb310..2126735c7d274 100644 --- a/manifests/base/notification/argocd-notifications-controller-metrics-service.yaml +++ b/manifests/base/notification/argocd-notifications-controller-metrics-service.yaml @@ -2,7 +2,9 @@ apiVersion: v1 kind: Service metadata: labels: + app.kubernetes.io/component: notifications-controller app.kubernetes.io/name: argocd-notifications-controller-metrics + app.kubernetes.io/part-of: argocd name: argocd-notifications-controller-metrics spec: ports: diff --git a/manifests/base/notification/argocd-notifications-controller-network-policy.yaml b/manifests/base/notification/argocd-notifications-controller-network-policy.yaml index d7bb5d0679c2a..54a820c8b3243 100644 --- a/manifests/base/notification/argocd-notifications-controller-network-policy.yaml +++ b/manifests/base/notification/argocd-notifications-controller-network-policy.yaml @@ -1,6 +1,10 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd name: argocd-notifications-controller-network-policy spec: podSelector: diff --git a/manifests/base/notification/argocd-notifications-controller-role.yaml b/manifests/base/notification/argocd-notifications-controller-role.yaml index 9d0ff3b78ac74..11d561f4292ee 100644 --- a/manifests/base/notification/argocd-notifications-controller-role.yaml +++ b/manifests/base/notification/argocd-notifications-controller-role.yaml @@ -1,6 +1,10 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd name: argocd-notifications-controller rules: - apiGroups: diff --git a/manifests/base/notification/argocd-notifications-controller-rolebinding.yaml b/manifests/base/notification/argocd-notifications-controller-rolebinding.yaml index 0cacec4fd2820..d10904b3daa75 100644 --- a/manifests/base/notification/argocd-notifications-controller-rolebinding.yaml +++ b/manifests/base/notification/argocd-notifications-controller-rolebinding.yaml @@ -1,6 +1,10 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd name: argocd-notifications-controller roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/manifests/base/notification/argocd-notifications-secret.yaml b/manifests/base/notification/argocd-notifications-secret.yaml index a58f865becffa..fc54cfc18adfa 100644 --- a/manifests/base/notification/argocd-notifications-secret.yaml +++ b/manifests/base/notification/argocd-notifications-secret.yaml @@ -1,5 +1,9 @@ apiVersion: v1 kind: Secret metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd name: argocd-notifications-secret type: Opaque diff --git a/manifests/base/redis/argocd-redis-deployment.yaml b/manifests/base/redis/argocd-redis-deployment.yaml index 8aae3aeae7728..4fe9bc4d5bd6f 100644 --- a/manifests/base/redis/argocd-redis-deployment.yaml +++ b/manifests/base/redis/argocd-redis-deployment.yaml @@ -23,7 +23,7 @@ spec: serviceAccountName: argocd-redis containers: - name: redis - image: redis:7.0.8-alpine + image: redis:7.0.9-alpine imagePullPolicy: Always args: - "--save" diff --git a/manifests/base/repo-server/argocd-repo-server-deployment.yaml b/manifests/base/repo-server/argocd-repo-server-deployment.yaml index 4966ff9e65ae8..1f1b4f2c2ef5e 100644 --- a/manifests/base/repo-server/argocd-repo-server-deployment.yaml +++ b/manifests/base/repo-server/argocd-repo-server-deployment.yaml @@ -21,7 +21,10 @@ spec: - name: argocd-repo-server image: quay.io/argoproj/argocd:latest imagePullPolicy: Always - command: [ "sh", "-c", "entrypoint.sh argocd-repo-server --redis $(ARGOCD_REDIS_SERVICE):6379"] + args: + - /usr/local/bin/argocd-repo-server + - "--redis" + - "$(ARGOCD_REDIS_SERVICE):6379" env: - name: ARGOCD_RECONCILIATION_TIMEOUT valueFrom: @@ -194,7 +197,7 @@ spec: name: plugins initContainers: - command: - - cp + - /bin/cp - -n - /usr/local/bin/argocd - /var/run/argocd/argocd-cmp-server diff --git a/manifests/base/server/argocd-server-deployment.yaml b/manifests/base/server/argocd-server-deployment.yaml index b5a9e405bd4d0..6cfd2c1aa5522 100644 --- a/manifests/base/server/argocd-server-deployment.yaml +++ b/manifests/base/server/argocd-server-deployment.yaml @@ -20,7 +20,8 @@ spec: - name: argocd-server image: quay.io/argoproj/argocd:latest imagePullPolicy: Always - command: [argocd-server] + args: + - /usr/local/bin/argocd-server env: - name: ARGOCD_SERVER_INSECURE valueFrom: diff --git a/manifests/core-install.yaml b/manifests/core-install.yaml index 50f57bcfee1d6..8749815868391 100644 --- a/manifests/core-install.yaml +++ b/manifests/core-install.yaml @@ -334,6 +334,10 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string version: description: Version controls which version of Kustomize to use for rendering manifests @@ -597,6 +601,10 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string version: description: Version controls which version of Kustomize to use for rendering manifests @@ -973,6 +981,10 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that Kustomize adds + to all resources + type: string version: description: Version controls which version of Kustomize to use for rendering manifests @@ -1227,6 +1239,10 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string version: description: Version controls which version of Kustomize to use for rendering manifests @@ -1629,6 +1645,10 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string version: description: Version controls which version of Kustomize to use for rendering manifests @@ -1894,6 +1914,10 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string version: description: Version controls which version of Kustomize to use for rendering manifests @@ -2304,6 +2328,10 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that + Kustomize adds to all resources + type: string version: description: Version controls which version of Kustomize to use for rendering manifests @@ -2587,6 +2615,10 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that + Kustomize adds to all resources + type: string version: description: Version controls which version of Kustomize to use for rendering manifests @@ -2970,6 +3002,10 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string version: description: Version controls which version of Kustomize to use for rendering manifests @@ -3246,6 +3282,10 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string version: description: Version controls which version of Kustomize to use for rendering manifests @@ -3627,6 +3667,10 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string version: description: Version controls which version of Kustomize to use for rendering manifests @@ -3903,6 +3947,10 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string version: description: Version controls which version of Kustomize to use for rendering manifests @@ -4263,6 +4311,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -4421,6 +4471,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -4738,6 +4790,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -4896,6 +4950,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -5217,6 +5273,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -5375,6 +5433,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -5670,6 +5730,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -5828,6 +5890,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -6153,6 +6217,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -6311,6 +6377,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -6628,6 +6696,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -6786,6 +6856,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -7107,6 +7179,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -7265,6 +7339,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -7560,6 +7636,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -7718,6 +7796,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -8131,6 +8211,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -8289,6 +8371,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -8749,6 +8833,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -8907,6 +8993,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -9218,6 +9306,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -9376,6 +9466,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -9701,6 +9793,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -9859,6 +9953,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -10176,6 +10272,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -10334,6 +10432,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -10655,6 +10755,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -10813,6 +10915,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -11108,6 +11212,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -11266,6 +11372,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -11679,6 +11787,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -11837,6 +11947,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -12297,6 +12409,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -12455,6 +12569,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -12770,6 +12886,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -12928,6 +13046,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -13338,6 +13458,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -13496,6 +13618,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -13956,6 +14080,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -14114,6 +14240,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -14242,6 +14370,13 @@ spec: type: array goTemplate: type: boolean + preservedFields: + properties: + annotations: + items: + type: string + type: array + type: object strategy: properties: rollingSync: @@ -14463,6 +14598,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -14621,6 +14758,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -15489,9 +15628,8 @@ spec: app.kubernetes.io/name: argocd-applicationset-controller spec: containers: - - command: - - entrypoint.sh - - argocd-applicationset-controller + - args: + - /usr/local/bin/argocd-applicationset-controller env: - name: NAMESPACE valueFrom: @@ -15639,7 +15777,7 @@ spec: - "" - --appendonly - "no" - image: redis:7.0.8-alpine + image: redis:7.0.9-alpine imagePullPolicy: Always name: redis ports: @@ -15690,10 +15828,10 @@ spec: weight: 5 automountServiceAccountToken: false containers: - - command: - - sh - - -c - - entrypoint.sh argocd-repo-server --redis argocd-redis:6379 + - args: + - /usr/local/bin/argocd-repo-server + - --redis + - argocd-redis:6379 env: - name: ARGOCD_RECONCILIATION_TIMEOUT valueFrom: @@ -15869,7 +16007,7 @@ spec: name: plugins initContainers: - command: - - cp + - /bin/cp - -n - /usr/local/bin/argocd - /var/run/argocd/argocd-cmp-server @@ -15955,8 +16093,8 @@ spec: topologyKey: kubernetes.io/hostname weight: 5 containers: - - command: - - argocd-application-controller + - args: + - /usr/local/bin/argocd-application-controller env: - name: ARGOCD_CONTROLLER_REPLICAS value: "1" diff --git a/manifests/crds/application-crd.yaml b/manifests/crds/application-crd.yaml index d19394e84f8fd..dfbe11177faa9 100644 --- a/manifests/crds/application-crd.yaml +++ b/manifests/crds/application-crd.yaml @@ -333,6 +333,10 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string version: description: Version controls which version of Kustomize to use for rendering manifests @@ -596,6 +600,10 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string version: description: Version controls which version of Kustomize to use for rendering manifests @@ -972,6 +980,10 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that Kustomize adds + to all resources + type: string version: description: Version controls which version of Kustomize to use for rendering manifests @@ -1226,6 +1238,10 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string version: description: Version controls which version of Kustomize to use for rendering manifests @@ -1628,6 +1644,10 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string version: description: Version controls which version of Kustomize to use for rendering manifests @@ -1893,6 +1913,10 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string version: description: Version controls which version of Kustomize to use for rendering manifests @@ -2303,6 +2327,10 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that + Kustomize adds to all resources + type: string version: description: Version controls which version of Kustomize to use for rendering manifests @@ -2586,6 +2614,10 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that + Kustomize adds to all resources + type: string version: description: Version controls which version of Kustomize to use for rendering manifests @@ -2969,6 +3001,10 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string version: description: Version controls which version of Kustomize to use for rendering manifests @@ -3245,6 +3281,10 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string version: description: Version controls which version of Kustomize to use for rendering manifests @@ -3626,6 +3666,10 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string version: description: Version controls which version of Kustomize to use for rendering manifests @@ -3902,6 +3946,10 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string version: description: Version controls which version of Kustomize to use for rendering manifests diff --git a/manifests/crds/applicationset-crd.yaml b/manifests/crds/applicationset-crd.yaml index c92231734f93d..97d8818cb8785 100644 --- a/manifests/crds/applicationset-crd.yaml +++ b/manifests/crds/applicationset-crd.yaml @@ -249,6 +249,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -407,6 +409,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -724,6 +728,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -882,6 +888,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -1203,6 +1211,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -1361,6 +1371,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -1656,6 +1668,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -1814,6 +1828,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -2139,6 +2155,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -2297,6 +2315,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -2614,6 +2634,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -2772,6 +2794,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -3093,6 +3117,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -3251,6 +3277,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -3546,6 +3574,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -3704,6 +3734,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -4117,6 +4149,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -4275,6 +4309,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -4735,6 +4771,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -4893,6 +4931,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -5204,6 +5244,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -5362,6 +5404,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -5687,6 +5731,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -5845,6 +5891,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -6162,6 +6210,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -6320,6 +6370,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -6641,6 +6693,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -6799,6 +6853,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -7094,6 +7150,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -7252,6 +7310,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -7665,6 +7725,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -7823,6 +7885,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -8283,6 +8347,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -8441,6 +8507,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -8756,6 +8824,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -8914,6 +8984,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -9324,6 +9396,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -9482,6 +9556,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -9942,6 +10018,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -10100,6 +10178,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -10228,6 +10308,13 @@ spec: type: array goTemplate: type: boolean + preservedFields: + properties: + annotations: + items: + type: string + type: array + type: object strategy: properties: rollingSync: @@ -10449,6 +10536,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -10607,6 +10696,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object diff --git a/manifests/ha/base/overlays/argocd-application-controller-statefulset.yaml b/manifests/ha/base/overlays/argocd-application-controller-statefulset.yaml index 07b5c252c29cd..52300eb18a121 100644 --- a/manifests/ha/base/overlays/argocd-application-controller-statefulset.yaml +++ b/manifests/ha/base/overlays/argocd-application-controller-statefulset.yaml @@ -7,7 +7,7 @@ spec: spec: containers: - name: argocd-application-controller - command: - - argocd-application-controller + args: + - /usr/local/bin/argocd-application-controller - --redis - "argocd-redis-ha-haproxy:6379" diff --git a/manifests/ha/base/overlays/argocd-repo-server-deployment.yaml b/manifests/ha/base/overlays/argocd-repo-server-deployment.yaml index bcaadd2d1ea97..cb6c1cc05556d 100644 --- a/manifests/ha/base/overlays/argocd-repo-server-deployment.yaml +++ b/manifests/ha/base/overlays/argocd-repo-server-deployment.yaml @@ -22,8 +22,7 @@ spec: topologyKey: topology.kubernetes.io/zone containers: - name: argocd-repo-server - command: - - entrypoint.sh - - argocd-repo-server + args: + - /usr/local/bin/argocd-repo-server - --redis - "argocd-redis-ha-haproxy:6379" diff --git a/manifests/ha/base/overlays/argocd-server-deployment.yaml b/manifests/ha/base/overlays/argocd-server-deployment.yaml index 923b425f318c1..19ad165e81f68 100644 --- a/manifests/ha/base/overlays/argocd-server-deployment.yaml +++ b/manifests/ha/base/overlays/argocd-server-deployment.yaml @@ -25,7 +25,7 @@ spec: env: - name: ARGOCD_API_SERVER_REPLICAS value: '2' - command: - - argocd-server + args: + - /usr/local/bin/argocd-server - --redis - "argocd-redis-ha-haproxy:6379" diff --git a/manifests/ha/base/redis-ha/chart/upstream.yaml b/manifests/ha/base/redis-ha/chart/upstream.yaml index 355e93bef9336..481119908928d 100644 --- a/manifests/ha/base/redis-ha/chart/upstream.yaml +++ b/manifests/ha/base/redis-ha/chart/upstream.yaml @@ -1179,7 +1179,7 @@ spec: automountServiceAccountToken: false initContainers: - name: config-init - image: redis:7.0.8-alpine + image: redis:7.0.9-alpine imagePullPolicy: IfNotPresent resources: {} @@ -1206,7 +1206,7 @@ spec: containers: - name: redis - image: redis:7.0.8-alpine + image: redis:7.0.9-alpine imagePullPolicy: IfNotPresent command: - redis-server @@ -1256,7 +1256,7 @@ spec: - /bin/sh - /readonly-config/trigger-failover-if-master.sh - name: sentinel - image: redis:7.0.8-alpine + image: redis:7.0.9-alpine imagePullPolicy: IfNotPresent command: - redis-sentinel @@ -1300,7 +1300,7 @@ spec: {} - name: split-brain-fix - image: redis:7.0.8-alpine + image: redis:7.0.9-alpine imagePullPolicy: IfNotPresent command: - sh diff --git a/manifests/ha/base/redis-ha/chart/values.yaml b/manifests/ha/base/redis-ha/chart/values.yaml index 3bc835d8b31d3..875b4b7eead38 100644 --- a/manifests/ha/base/redis-ha/chart/values.yaml +++ b/manifests/ha/base/redis-ha/chart/values.yaml @@ -18,7 +18,7 @@ redis-ha: client: 6m checkInterval: 3s image: - tag: 7.0.8-alpine + tag: 7.0.9-alpine containerSecurityContext: null sentinel: bind: "0.0.0.0" diff --git a/manifests/ha/install.yaml b/manifests/ha/install.yaml index b1c7295f59c50..1959f566adb87 100644 --- a/manifests/ha/install.yaml +++ b/manifests/ha/install.yaml @@ -334,6 +334,10 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string version: description: Version controls which version of Kustomize to use for rendering manifests @@ -597,6 +601,10 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string version: description: Version controls which version of Kustomize to use for rendering manifests @@ -973,6 +981,10 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that Kustomize adds + to all resources + type: string version: description: Version controls which version of Kustomize to use for rendering manifests @@ -1227,6 +1239,10 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string version: description: Version controls which version of Kustomize to use for rendering manifests @@ -1629,6 +1645,10 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string version: description: Version controls which version of Kustomize to use for rendering manifests @@ -1894,6 +1914,10 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string version: description: Version controls which version of Kustomize to use for rendering manifests @@ -2304,6 +2328,10 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that + Kustomize adds to all resources + type: string version: description: Version controls which version of Kustomize to use for rendering manifests @@ -2587,6 +2615,10 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that + Kustomize adds to all resources + type: string version: description: Version controls which version of Kustomize to use for rendering manifests @@ -2970,6 +3002,10 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string version: description: Version controls which version of Kustomize to use for rendering manifests @@ -3246,6 +3282,10 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string version: description: Version controls which version of Kustomize to use for rendering manifests @@ -3627,6 +3667,10 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string version: description: Version controls which version of Kustomize to use for rendering manifests @@ -3903,6 +3947,10 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string version: description: Version controls which version of Kustomize to use for rendering manifests @@ -4263,6 +4311,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -4421,6 +4471,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -4738,6 +4790,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -4896,6 +4950,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -5217,6 +5273,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -5375,6 +5433,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -5670,6 +5730,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -5828,6 +5890,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -6153,6 +6217,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -6311,6 +6377,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -6628,6 +6696,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -6786,6 +6856,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -7107,6 +7179,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -7265,6 +7339,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -7560,6 +7636,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -7718,6 +7796,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -8131,6 +8211,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -8289,6 +8371,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -8749,6 +8833,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -8907,6 +8993,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -9218,6 +9306,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -9376,6 +9466,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -9701,6 +9793,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -9859,6 +9953,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -10176,6 +10272,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -10334,6 +10432,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -10655,6 +10755,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -10813,6 +10915,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -11108,6 +11212,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -11266,6 +11372,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -11679,6 +11787,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -11837,6 +11947,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -12297,6 +12409,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -12455,6 +12569,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -12770,6 +12886,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -12928,6 +13046,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -13338,6 +13458,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -13496,6 +13618,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -13956,6 +14080,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -14114,6 +14240,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -14242,6 +14370,13 @@ spec: type: array goTemplate: type: boolean + preservedFields: + properties: + annotations: + items: + type: string + type: array + type: object strategy: properties: rollingSync: @@ -14463,6 +14598,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -14621,6 +14758,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -15301,6 +15440,10 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd name: argocd-notifications-controller rules: - apiGroups: @@ -15525,6 +15668,10 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd name: argocd-notifications-controller roleRef: apiGroup: rbac.authorization.k8s.io @@ -15643,6 +15790,10 @@ metadata: apiVersion: v1 kind: ConfigMap metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd name: argocd-notifications-cm --- apiVersion: v1 @@ -16404,6 +16555,10 @@ metadata: apiVersion: v1 kind: Secret metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd name: argocd-notifications-secret type: Opaque --- @@ -16483,7 +16638,9 @@ apiVersion: v1 kind: Service metadata: labels: + app.kubernetes.io/component: notifications-controller app.kubernetes.io/name: argocd-notifications-controller-metrics + app.kubernetes.io/part-of: argocd name: argocd-notifications-controller-metrics spec: ports: @@ -16690,9 +16847,8 @@ spec: app.kubernetes.io/name: argocd-applicationset-controller spec: containers: - - command: - - entrypoint.sh - - argocd-applicationset-controller + - args: + - /usr/local/bin/argocd-applicationset-controller env: - name: NAMESPACE valueFrom: @@ -16864,7 +17020,7 @@ spec: name: argocd-dex-server-tls initContainers: - command: - - cp + - /bin/cp - -n - /usr/local/bin/argocd - /shared/argocd-dex @@ -16906,6 +17062,10 @@ spec: apiVersion: apps/v1 kind: Deployment metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd name: argocd-notifications-controller spec: selector: @@ -16919,8 +17079,8 @@ spec: app.kubernetes.io/name: argocd-notifications-controller spec: containers: - - command: - - argocd-notifications + - args: + - /usr/local/bin/argocd-notifications image: quay.io/argoproj/argocd:latest imagePullPolicy: Always livenessProbe: @@ -17092,9 +17252,8 @@ spec: topologyKey: kubernetes.io/hostname automountServiceAccountToken: false containers: - - command: - - entrypoint.sh - - argocd-repo-server + - args: + - /usr/local/bin/argocd-repo-server - --redis - argocd-redis-ha-haproxy:6379 env: @@ -17272,7 +17431,7 @@ spec: name: plugins initContainers: - command: - - cp + - /bin/cp - -n - /usr/local/bin/argocd - /var/run/argocd/argocd-cmp-server @@ -17356,8 +17515,8 @@ spec: app.kubernetes.io/name: argocd-server topologyKey: kubernetes.io/hostname containers: - - command: - - argocd-server + - args: + - /usr/local/bin/argocd-server - --redis - argocd-redis-ha-haproxy:6379 env: @@ -17664,8 +17823,8 @@ spec: topologyKey: kubernetes.io/hostname weight: 5 containers: - - command: - - argocd-application-controller + - args: + - /usr/local/bin/argocd-application-controller - --redis - argocd-redis-ha-haproxy:6379 env: @@ -17868,7 +18027,7 @@ spec: - /data/conf/redis.conf command: - redis-server - image: redis:7.0.8-alpine + image: redis:7.0.9-alpine imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -17921,7 +18080,7 @@ spec: - /data/conf/sentinel.conf command: - redis-sentinel - image: redis:7.0.8-alpine + image: redis:7.0.9-alpine imagePullPolicy: IfNotPresent lifecycle: {} livenessProbe: @@ -17973,7 +18132,7 @@ spec: value: 40000915ab58c3fa8fd888fb8b24711944e6cbb4 - name: SENTINEL_ID_2 value: 2bbec7894d954a8af3bb54d13eaec53cb024e2ca - image: redis:7.0.8-alpine + image: redis:7.0.9-alpine imagePullPolicy: IfNotPresent name: split-brain-fix resources: {} @@ -18002,7 +18161,7 @@ spec: value: 40000915ab58c3fa8fd888fb8b24711944e6cbb4 - name: SENTINEL_ID_2 value: 2bbec7894d954a8af3bb54d13eaec53cb024e2ca - image: redis:7.0.8-alpine + image: redis:7.0.9-alpine imagePullPolicy: IfNotPresent name: config-init securityContext: @@ -18101,6 +18260,10 @@ spec: apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd name: argocd-notifications-controller-network-policy spec: ingress: diff --git a/manifests/ha/namespace-install.yaml b/manifests/ha/namespace-install.yaml index 2b253ad85643c..60949fc193ff1 100644 --- a/manifests/ha/namespace-install.yaml +++ b/manifests/ha/namespace-install.yaml @@ -198,6 +198,10 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd name: argocd-notifications-controller rules: - apiGroups: @@ -363,6 +367,10 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd name: argocd-notifications-controller roleRef: apiGroup: rbac.authorization.k8s.io @@ -447,6 +455,10 @@ metadata: apiVersion: v1 kind: ConfigMap metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd name: argocd-notifications-cm --- apiVersion: v1 @@ -1208,6 +1220,10 @@ metadata: apiVersion: v1 kind: Secret metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd name: argocd-notifications-secret type: Opaque --- @@ -1287,7 +1303,9 @@ apiVersion: v1 kind: Service metadata: labels: + app.kubernetes.io/component: notifications-controller app.kubernetes.io/name: argocd-notifications-controller-metrics + app.kubernetes.io/part-of: argocd name: argocd-notifications-controller-metrics spec: ports: @@ -1494,9 +1512,8 @@ spec: app.kubernetes.io/name: argocd-applicationset-controller spec: containers: - - command: - - entrypoint.sh - - argocd-applicationset-controller + - args: + - /usr/local/bin/argocd-applicationset-controller env: - name: NAMESPACE valueFrom: @@ -1668,7 +1685,7 @@ spec: name: argocd-dex-server-tls initContainers: - command: - - cp + - /bin/cp - -n - /usr/local/bin/argocd - /shared/argocd-dex @@ -1710,6 +1727,10 @@ spec: apiVersion: apps/v1 kind: Deployment metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd name: argocd-notifications-controller spec: selector: @@ -1723,8 +1744,8 @@ spec: app.kubernetes.io/name: argocd-notifications-controller spec: containers: - - command: - - argocd-notifications + - args: + - /usr/local/bin/argocd-notifications image: quay.io/argoproj/argocd:latest imagePullPolicy: Always livenessProbe: @@ -1896,9 +1917,8 @@ spec: topologyKey: kubernetes.io/hostname automountServiceAccountToken: false containers: - - command: - - entrypoint.sh - - argocd-repo-server + - args: + - /usr/local/bin/argocd-repo-server - --redis - argocd-redis-ha-haproxy:6379 env: @@ -2076,7 +2096,7 @@ spec: name: plugins initContainers: - command: - - cp + - /bin/cp - -n - /usr/local/bin/argocd - /var/run/argocd/argocd-cmp-server @@ -2160,8 +2180,8 @@ spec: app.kubernetes.io/name: argocd-server topologyKey: kubernetes.io/hostname containers: - - command: - - argocd-server + - args: + - /usr/local/bin/argocd-server - --redis - argocd-redis-ha-haproxy:6379 env: @@ -2468,8 +2488,8 @@ spec: topologyKey: kubernetes.io/hostname weight: 5 containers: - - command: - - argocd-application-controller + - args: + - /usr/local/bin/argocd-application-controller - --redis - argocd-redis-ha-haproxy:6379 env: @@ -2672,7 +2692,7 @@ spec: - /data/conf/redis.conf command: - redis-server - image: redis:7.0.8-alpine + image: redis:7.0.9-alpine imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -2725,7 +2745,7 @@ spec: - /data/conf/sentinel.conf command: - redis-sentinel - image: redis:7.0.8-alpine + image: redis:7.0.9-alpine imagePullPolicy: IfNotPresent lifecycle: {} livenessProbe: @@ -2777,7 +2797,7 @@ spec: value: 40000915ab58c3fa8fd888fb8b24711944e6cbb4 - name: SENTINEL_ID_2 value: 2bbec7894d954a8af3bb54d13eaec53cb024e2ca - image: redis:7.0.8-alpine + image: redis:7.0.9-alpine imagePullPolicy: IfNotPresent name: split-brain-fix resources: {} @@ -2806,7 +2826,7 @@ spec: value: 40000915ab58c3fa8fd888fb8b24711944e6cbb4 - name: SENTINEL_ID_2 value: 2bbec7894d954a8af3bb54d13eaec53cb024e2ca - image: redis:7.0.8-alpine + image: redis:7.0.9-alpine imagePullPolicy: IfNotPresent name: config-init securityContext: @@ -2905,6 +2925,10 @@ spec: apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd name: argocd-notifications-controller-network-policy spec: ingress: diff --git a/manifests/install.yaml b/manifests/install.yaml index c1776ccc95f8b..cfcf5375aa708 100644 --- a/manifests/install.yaml +++ b/manifests/install.yaml @@ -334,6 +334,10 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string version: description: Version controls which version of Kustomize to use for rendering manifests @@ -597,6 +601,10 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string version: description: Version controls which version of Kustomize to use for rendering manifests @@ -973,6 +981,10 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that Kustomize adds + to all resources + type: string version: description: Version controls which version of Kustomize to use for rendering manifests @@ -1227,6 +1239,10 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string version: description: Version controls which version of Kustomize to use for rendering manifests @@ -1629,6 +1645,10 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string version: description: Version controls which version of Kustomize to use for rendering manifests @@ -1894,6 +1914,10 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string version: description: Version controls which version of Kustomize to use for rendering manifests @@ -2304,6 +2328,10 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that + Kustomize adds to all resources + type: string version: description: Version controls which version of Kustomize to use for rendering manifests @@ -2587,6 +2615,10 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that + Kustomize adds to all resources + type: string version: description: Version controls which version of Kustomize to use for rendering manifests @@ -2970,6 +3002,10 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string version: description: Version controls which version of Kustomize to use for rendering manifests @@ -3246,6 +3282,10 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string version: description: Version controls which version of Kustomize to use for rendering manifests @@ -3627,6 +3667,10 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string version: description: Version controls which version of Kustomize to use for rendering manifests @@ -3903,6 +3947,10 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string version: description: Version controls which version of Kustomize to use for rendering manifests @@ -4263,6 +4311,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -4421,6 +4471,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -4738,6 +4790,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -4896,6 +4950,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -5217,6 +5273,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -5375,6 +5433,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -5670,6 +5730,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -5828,6 +5890,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -6153,6 +6217,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -6311,6 +6377,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -6628,6 +6696,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -6786,6 +6856,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -7107,6 +7179,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -7265,6 +7339,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -7560,6 +7636,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -7718,6 +7796,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -8131,6 +8211,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -8289,6 +8371,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -8749,6 +8833,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -8907,6 +8993,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -9218,6 +9306,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -9376,6 +9466,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -9701,6 +9793,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -9859,6 +9953,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -10176,6 +10272,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -10334,6 +10432,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -10655,6 +10755,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -10813,6 +10915,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -11108,6 +11212,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -11266,6 +11372,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -11679,6 +11787,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -11837,6 +11947,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -12297,6 +12409,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -12455,6 +12569,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -12770,6 +12886,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -12928,6 +13046,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -13338,6 +13458,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -13496,6 +13618,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -13956,6 +14080,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -14114,6 +14240,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -14242,6 +14370,13 @@ spec: type: array goTemplate: type: boolean + preservedFields: + properties: + annotations: + items: + type: string + type: array + type: object strategy: properties: rollingSync: @@ -14463,6 +14598,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -14621,6 +14758,8 @@ spec: type: string nameSuffix: type: string + namespace: + type: string version: type: string type: object @@ -15292,6 +15431,10 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd name: argocd-notifications-controller rules: - apiGroups: @@ -15484,6 +15627,10 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd name: argocd-notifications-controller roleRef: apiGroup: rbac.authorization.k8s.io @@ -15586,6 +15733,10 @@ metadata: apiVersion: v1 kind: ConfigMap metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd name: argocd-notifications-cm --- apiVersion: v1 @@ -15626,6 +15777,10 @@ metadata: apiVersion: v1 kind: Secret metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd name: argocd-notifications-secret type: Opaque --- @@ -15705,7 +15860,9 @@ apiVersion: v1 kind: Service metadata: labels: + app.kubernetes.io/component: notifications-controller app.kubernetes.io/name: argocd-notifications-controller-metrics + app.kubernetes.io/part-of: argocd name: argocd-notifications-controller-metrics spec: ports: @@ -15809,9 +15966,8 @@ spec: app.kubernetes.io/name: argocd-applicationset-controller spec: containers: - - command: - - entrypoint.sh - - argocd-applicationset-controller + - args: + - /usr/local/bin/argocd-applicationset-controller env: - name: NAMESPACE valueFrom: @@ -15983,7 +16139,7 @@ spec: name: argocd-dex-server-tls initContainers: - command: - - cp + - /bin/cp - -n - /usr/local/bin/argocd - /shared/argocd-dex @@ -16025,6 +16181,10 @@ spec: apiVersion: apps/v1 kind: Deployment metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd name: argocd-notifications-controller spec: selector: @@ -16038,8 +16198,8 @@ spec: app.kubernetes.io/name: argocd-notifications-controller spec: containers: - - command: - - argocd-notifications + - args: + - /usr/local/bin/argocd-notifications image: quay.io/argoproj/argocd:latest imagePullPolicy: Always livenessProbe: @@ -16117,7 +16277,7 @@ spec: - "" - --appendonly - "no" - image: redis:7.0.8-alpine + image: redis:7.0.9-alpine imagePullPolicy: Always name: redis ports: @@ -16168,10 +16328,10 @@ spec: weight: 5 automountServiceAccountToken: false containers: - - command: - - sh - - -c - - entrypoint.sh argocd-repo-server --redis argocd-redis:6379 + - args: + - /usr/local/bin/argocd-repo-server + - --redis + - argocd-redis:6379 env: - name: ARGOCD_RECONCILIATION_TIMEOUT valueFrom: @@ -16347,7 +16507,7 @@ spec: name: plugins initContainers: - command: - - cp + - /bin/cp - -n - /usr/local/bin/argocd - /var/run/argocd/argocd-cmp-server @@ -16431,8 +16591,8 @@ spec: topologyKey: kubernetes.io/hostname weight: 5 containers: - - command: - - argocd-server + - args: + - /usr/local/bin/argocd-server env: - name: ARGOCD_SERVER_INSECURE valueFrom: @@ -16735,8 +16895,8 @@ spec: topologyKey: kubernetes.io/hostname weight: 5 containers: - - command: - - argocd-application-controller + - args: + - /usr/local/bin/argocd-application-controller env: - name: ARGOCD_CONTROLLER_REPLICAS value: "1" @@ -16966,6 +17126,10 @@ spec: apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd name: argocd-notifications-controller-network-policy spec: ingress: diff --git a/manifests/namespace-install.yaml b/manifests/namespace-install.yaml index ee0052d4912c7..302e75c187cd7 100644 --- a/manifests/namespace-install.yaml +++ b/manifests/namespace-install.yaml @@ -189,6 +189,10 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd name: argocd-notifications-controller rules: - apiGroups: @@ -322,6 +326,10 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd name: argocd-notifications-controller roleRef: apiGroup: rbac.authorization.k8s.io @@ -390,6 +398,10 @@ metadata: apiVersion: v1 kind: ConfigMap metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd name: argocd-notifications-cm --- apiVersion: v1 @@ -430,6 +442,10 @@ metadata: apiVersion: v1 kind: Secret metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd name: argocd-notifications-secret type: Opaque --- @@ -509,7 +525,9 @@ apiVersion: v1 kind: Service metadata: labels: + app.kubernetes.io/component: notifications-controller app.kubernetes.io/name: argocd-notifications-controller-metrics + app.kubernetes.io/part-of: argocd name: argocd-notifications-controller-metrics spec: ports: @@ -613,9 +631,8 @@ spec: app.kubernetes.io/name: argocd-applicationset-controller spec: containers: - - command: - - entrypoint.sh - - argocd-applicationset-controller + - args: + - /usr/local/bin/argocd-applicationset-controller env: - name: NAMESPACE valueFrom: @@ -787,7 +804,7 @@ spec: name: argocd-dex-server-tls initContainers: - command: - - cp + - /bin/cp - -n - /usr/local/bin/argocd - /shared/argocd-dex @@ -829,6 +846,10 @@ spec: apiVersion: apps/v1 kind: Deployment metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd name: argocd-notifications-controller spec: selector: @@ -842,8 +863,8 @@ spec: app.kubernetes.io/name: argocd-notifications-controller spec: containers: - - command: - - argocd-notifications + - args: + - /usr/local/bin/argocd-notifications image: quay.io/argoproj/argocd:latest imagePullPolicy: Always livenessProbe: @@ -921,7 +942,7 @@ spec: - "" - --appendonly - "no" - image: redis:7.0.8-alpine + image: redis:7.0.9-alpine imagePullPolicy: Always name: redis ports: @@ -972,10 +993,10 @@ spec: weight: 5 automountServiceAccountToken: false containers: - - command: - - sh - - -c - - entrypoint.sh argocd-repo-server --redis argocd-redis:6379 + - args: + - /usr/local/bin/argocd-repo-server + - --redis + - argocd-redis:6379 env: - name: ARGOCD_RECONCILIATION_TIMEOUT valueFrom: @@ -1151,7 +1172,7 @@ spec: name: plugins initContainers: - command: - - cp + - /bin/cp - -n - /usr/local/bin/argocd - /var/run/argocd/argocd-cmp-server @@ -1235,8 +1256,8 @@ spec: topologyKey: kubernetes.io/hostname weight: 5 containers: - - command: - - argocd-server + - args: + - /usr/local/bin/argocd-server env: - name: ARGOCD_SERVER_INSECURE valueFrom: @@ -1539,8 +1560,8 @@ spec: topologyKey: kubernetes.io/hostname weight: 5 containers: - - command: - - argocd-application-controller + - args: + - /usr/local/bin/argocd-application-controller env: - name: ARGOCD_CONTROLLER_REPLICAS value: "1" @@ -1770,6 +1791,10 @@ spec: apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd name: argocd-notifications-controller-network-policy spec: ingress: diff --git a/mkdocs.yml b/mkdocs.yml index fa7549072c306..a9e3421fe39a5 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -99,6 +99,7 @@ nav: - operator-manual/applicationset/Generators-SCM-Provider.md - operator-manual/applicationset/Generators-Cluster-Decision-Resource.md - operator-manual/applicationset/Generators-Pull-Request.md + - operator-manual/applicationset/Generators-Post-Selector.md - Template fields: - operator-manual/applicationset/Template.md - operator-manual/applicationset/GoTemplate.md @@ -113,6 +114,7 @@ nav: - operator-manual/server-commands/additional-configuration-method.md - Upgrading: - operator-manual/upgrading/overview.md + - operator-manual/upgrading/2.6-2.7.md - operator-manual/upgrading/2.5-2.6.md - operator-manual/upgrading/2.4-2.5.md - operator-manual/upgrading/2.3-2.4.md diff --git a/pkg/apis/api-rules/violation_exceptions.list b/pkg/apis/api-rules/violation_exceptions.list index 754988e464117..59844ecad0295 100644 --- a/pkg/apis/api-rules/violation_exceptions.list +++ b/pkg/apis/api-rules/violation_exceptions.list @@ -8,6 +8,7 @@ API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/ap API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,AppProjectSpec,SourceNamespaces API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,AppProjectSpec,SourceRepos API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationMatchExpression,Values +API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationPreservedFields,Annotations API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSetRolloutStep,MatchExpressions API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSetRolloutStrategy,Steps API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSetSpec,Generators diff --git a/pkg/apis/application/v1alpha1/applicationset_types.go b/pkg/apis/application/v1alpha1/applicationset_types.go index 508fc226fe736..23e68035f8ef4 100644 --- a/pkg/apis/application/v1alpha1/applicationset_types.go +++ b/pkg/apis/application/v1alpha1/applicationset_types.go @@ -54,11 +54,16 @@ func (a *ApplicationSet) RBACName() string { // ApplicationSetSpec represents a class of application set state. type ApplicationSetSpec struct { - GoTemplate bool `json:"goTemplate,omitempty" protobuf:"bytes,1,name=goTemplate"` - Generators []ApplicationSetGenerator `json:"generators" protobuf:"bytes,2,name=generators"` - Template ApplicationSetTemplate `json:"template" protobuf:"bytes,3,name=template"` - SyncPolicy *ApplicationSetSyncPolicy `json:"syncPolicy,omitempty" protobuf:"bytes,4,name=syncPolicy"` - Strategy *ApplicationSetStrategy `json:"strategy,omitempty" protobuf:"bytes,5,opt,name=strategy"` + GoTemplate bool `json:"goTemplate,omitempty" protobuf:"bytes,1,name=goTemplate"` + Generators []ApplicationSetGenerator `json:"generators" protobuf:"bytes,2,name=generators"` + Template ApplicationSetTemplate `json:"template" protobuf:"bytes,3,name=template"` + SyncPolicy *ApplicationSetSyncPolicy `json:"syncPolicy,omitempty" protobuf:"bytes,4,name=syncPolicy"` + Strategy *ApplicationSetStrategy `json:"strategy,omitempty" protobuf:"bytes,5,opt,name=strategy"` + PreservedFields *ApplicationPreservedFields `json:"preservedFields,omitempty" protobuf:"bytes,6,opt,name=preservedFields"` +} + +type ApplicationPreservedFields struct { + Annotations []string `json:"annotations,omitempty" protobuf:"bytes,1,name=annotations"` } // ApplicationSetStrategy configures how generated Applications are updated in sequence. diff --git a/pkg/apis/application/v1alpha1/generated.pb.go b/pkg/apis/application/v1alpha1/generated.pb.go index 4410d283aae43..3d68e6b1f541a 100644 --- a/pkg/apis/application/v1alpha1/generated.pb.go +++ b/pkg/apis/application/v1alpha1/generated.pb.go @@ -318,10 +318,38 @@ func (m *ApplicationMatchExpression) XXX_DiscardUnknown() { var xxx_messageInfo_ApplicationMatchExpression proto.InternalMessageInfo +func (m *ApplicationPreservedFields) Reset() { *m = ApplicationPreservedFields{} } +func (*ApplicationPreservedFields) ProtoMessage() {} +func (*ApplicationPreservedFields) Descriptor() ([]byte, []int) { + return fileDescriptor_030104ce3b95bcac, []int{10} +} +func (m *ApplicationPreservedFields) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *ApplicationPreservedFields) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *ApplicationPreservedFields) XXX_Merge(src proto.Message) { + xxx_messageInfo_ApplicationPreservedFields.Merge(m, src) +} +func (m *ApplicationPreservedFields) XXX_Size() int { + return m.Size() +} +func (m *ApplicationPreservedFields) XXX_DiscardUnknown() { + xxx_messageInfo_ApplicationPreservedFields.DiscardUnknown(m) +} + +var xxx_messageInfo_ApplicationPreservedFields proto.InternalMessageInfo + func (m *ApplicationSet) Reset() { *m = ApplicationSet{} } func (*ApplicationSet) ProtoMessage() {} func (*ApplicationSet) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{10} + return fileDescriptor_030104ce3b95bcac, []int{11} } func (m *ApplicationSet) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -349,7 +377,7 @@ var xxx_messageInfo_ApplicationSet proto.InternalMessageInfo func (m *ApplicationSetApplicationStatus) Reset() { *m = ApplicationSetApplicationStatus{} } func (*ApplicationSetApplicationStatus) ProtoMessage() {} func (*ApplicationSetApplicationStatus) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{11} + return fileDescriptor_030104ce3b95bcac, []int{12} } func (m *ApplicationSetApplicationStatus) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -377,7 +405,7 @@ var xxx_messageInfo_ApplicationSetApplicationStatus proto.InternalMessageInfo func (m *ApplicationSetCondition) Reset() { *m = ApplicationSetCondition{} } func (*ApplicationSetCondition) ProtoMessage() {} func (*ApplicationSetCondition) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{12} + return fileDescriptor_030104ce3b95bcac, []int{13} } func (m *ApplicationSetCondition) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -405,7 +433,7 @@ var xxx_messageInfo_ApplicationSetCondition proto.InternalMessageInfo func (m *ApplicationSetGenerator) Reset() { *m = ApplicationSetGenerator{} } func (*ApplicationSetGenerator) ProtoMessage() {} func (*ApplicationSetGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{13} + return fileDescriptor_030104ce3b95bcac, []int{14} } func (m *ApplicationSetGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -433,7 +461,7 @@ var xxx_messageInfo_ApplicationSetGenerator proto.InternalMessageInfo func (m *ApplicationSetList) Reset() { *m = ApplicationSetList{} } func (*ApplicationSetList) ProtoMessage() {} func (*ApplicationSetList) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{14} + return fileDescriptor_030104ce3b95bcac, []int{15} } func (m *ApplicationSetList) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -461,7 +489,7 @@ var xxx_messageInfo_ApplicationSetList proto.InternalMessageInfo func (m *ApplicationSetNestedGenerator) Reset() { *m = ApplicationSetNestedGenerator{} } func (*ApplicationSetNestedGenerator) ProtoMessage() {} func (*ApplicationSetNestedGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{15} + return fileDescriptor_030104ce3b95bcac, []int{16} } func (m *ApplicationSetNestedGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -489,7 +517,7 @@ var xxx_messageInfo_ApplicationSetNestedGenerator proto.InternalMessageInfo func (m *ApplicationSetRolloutStep) Reset() { *m = ApplicationSetRolloutStep{} } func (*ApplicationSetRolloutStep) ProtoMessage() {} func (*ApplicationSetRolloutStep) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{16} + return fileDescriptor_030104ce3b95bcac, []int{17} } func (m *ApplicationSetRolloutStep) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -517,7 +545,7 @@ var xxx_messageInfo_ApplicationSetRolloutStep proto.InternalMessageInfo func (m *ApplicationSetRolloutStrategy) Reset() { *m = ApplicationSetRolloutStrategy{} } func (*ApplicationSetRolloutStrategy) ProtoMessage() {} func (*ApplicationSetRolloutStrategy) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{17} + return fileDescriptor_030104ce3b95bcac, []int{18} } func (m *ApplicationSetRolloutStrategy) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -545,7 +573,7 @@ var xxx_messageInfo_ApplicationSetRolloutStrategy proto.InternalMessageInfo func (m *ApplicationSetSpec) Reset() { *m = ApplicationSetSpec{} } func (*ApplicationSetSpec) ProtoMessage() {} func (*ApplicationSetSpec) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{18} + return fileDescriptor_030104ce3b95bcac, []int{19} } func (m *ApplicationSetSpec) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -573,7 +601,7 @@ var xxx_messageInfo_ApplicationSetSpec proto.InternalMessageInfo func (m *ApplicationSetStatus) Reset() { *m = ApplicationSetStatus{} } func (*ApplicationSetStatus) ProtoMessage() {} func (*ApplicationSetStatus) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{19} + return fileDescriptor_030104ce3b95bcac, []int{20} } func (m *ApplicationSetStatus) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -601,7 +629,7 @@ var xxx_messageInfo_ApplicationSetStatus proto.InternalMessageInfo func (m *ApplicationSetStrategy) Reset() { *m = ApplicationSetStrategy{} } func (*ApplicationSetStrategy) ProtoMessage() {} func (*ApplicationSetStrategy) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{20} + return fileDescriptor_030104ce3b95bcac, []int{21} } func (m *ApplicationSetStrategy) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -629,7 +657,7 @@ var xxx_messageInfo_ApplicationSetStrategy proto.InternalMessageInfo func (m *ApplicationSetSyncPolicy) Reset() { *m = ApplicationSetSyncPolicy{} } func (*ApplicationSetSyncPolicy) ProtoMessage() {} func (*ApplicationSetSyncPolicy) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{21} + return fileDescriptor_030104ce3b95bcac, []int{22} } func (m *ApplicationSetSyncPolicy) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -657,7 +685,7 @@ var xxx_messageInfo_ApplicationSetSyncPolicy proto.InternalMessageInfo func (m *ApplicationSetTemplate) Reset() { *m = ApplicationSetTemplate{} } func (*ApplicationSetTemplate) ProtoMessage() {} func (*ApplicationSetTemplate) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{22} + return fileDescriptor_030104ce3b95bcac, []int{23} } func (m *ApplicationSetTemplate) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -685,7 +713,7 @@ var xxx_messageInfo_ApplicationSetTemplate proto.InternalMessageInfo func (m *ApplicationSetTemplateMeta) Reset() { *m = ApplicationSetTemplateMeta{} } func (*ApplicationSetTemplateMeta) ProtoMessage() {} func (*ApplicationSetTemplateMeta) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{23} + return fileDescriptor_030104ce3b95bcac, []int{24} } func (m *ApplicationSetTemplateMeta) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -713,7 +741,7 @@ var xxx_messageInfo_ApplicationSetTemplateMeta proto.InternalMessageInfo func (m *ApplicationSetTerminalGenerator) Reset() { *m = ApplicationSetTerminalGenerator{} } func (*ApplicationSetTerminalGenerator) ProtoMessage() {} func (*ApplicationSetTerminalGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{24} + return fileDescriptor_030104ce3b95bcac, []int{25} } func (m *ApplicationSetTerminalGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -741,7 +769,7 @@ var xxx_messageInfo_ApplicationSetTerminalGenerator proto.InternalMessageInfo func (m *ApplicationSource) Reset() { *m = ApplicationSource{} } func (*ApplicationSource) ProtoMessage() {} func (*ApplicationSource) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{25} + return fileDescriptor_030104ce3b95bcac, []int{26} } func (m *ApplicationSource) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -769,7 +797,7 @@ var xxx_messageInfo_ApplicationSource proto.InternalMessageInfo func (m *ApplicationSourceDirectory) Reset() { *m = ApplicationSourceDirectory{} } func (*ApplicationSourceDirectory) ProtoMessage() {} func (*ApplicationSourceDirectory) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{26} + return fileDescriptor_030104ce3b95bcac, []int{27} } func (m *ApplicationSourceDirectory) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -797,7 +825,7 @@ var xxx_messageInfo_ApplicationSourceDirectory proto.InternalMessageInfo func (m *ApplicationSourceHelm) Reset() { *m = ApplicationSourceHelm{} } func (*ApplicationSourceHelm) ProtoMessage() {} func (*ApplicationSourceHelm) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{27} + return fileDescriptor_030104ce3b95bcac, []int{28} } func (m *ApplicationSourceHelm) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -825,7 +853,7 @@ var xxx_messageInfo_ApplicationSourceHelm proto.InternalMessageInfo func (m *ApplicationSourceJsonnet) Reset() { *m = ApplicationSourceJsonnet{} } func (*ApplicationSourceJsonnet) ProtoMessage() {} func (*ApplicationSourceJsonnet) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{28} + return fileDescriptor_030104ce3b95bcac, []int{29} } func (m *ApplicationSourceJsonnet) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -853,7 +881,7 @@ var xxx_messageInfo_ApplicationSourceJsonnet proto.InternalMessageInfo func (m *ApplicationSourceKustomize) Reset() { *m = ApplicationSourceKustomize{} } func (*ApplicationSourceKustomize) ProtoMessage() {} func (*ApplicationSourceKustomize) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{29} + return fileDescriptor_030104ce3b95bcac, []int{30} } func (m *ApplicationSourceKustomize) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -881,7 +909,7 @@ var xxx_messageInfo_ApplicationSourceKustomize proto.InternalMessageInfo func (m *ApplicationSourcePlugin) Reset() { *m = ApplicationSourcePlugin{} } func (*ApplicationSourcePlugin) ProtoMessage() {} func (*ApplicationSourcePlugin) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{30} + return fileDescriptor_030104ce3b95bcac, []int{31} } func (m *ApplicationSourcePlugin) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -909,7 +937,7 @@ var xxx_messageInfo_ApplicationSourcePlugin proto.InternalMessageInfo func (m *ApplicationSourcePluginParameter) Reset() { *m = ApplicationSourcePluginParameter{} } func (*ApplicationSourcePluginParameter) ProtoMessage() {} func (*ApplicationSourcePluginParameter) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{31} + return fileDescriptor_030104ce3b95bcac, []int{32} } func (m *ApplicationSourcePluginParameter) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -937,7 +965,7 @@ var xxx_messageInfo_ApplicationSourcePluginParameter proto.InternalMessageInfo func (m *ApplicationSpec) Reset() { *m = ApplicationSpec{} } func (*ApplicationSpec) ProtoMessage() {} func (*ApplicationSpec) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{32} + return fileDescriptor_030104ce3b95bcac, []int{33} } func (m *ApplicationSpec) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -965,7 +993,7 @@ var xxx_messageInfo_ApplicationSpec proto.InternalMessageInfo func (m *ApplicationStatus) Reset() { *m = ApplicationStatus{} } func (*ApplicationStatus) ProtoMessage() {} func (*ApplicationStatus) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{33} + return fileDescriptor_030104ce3b95bcac, []int{34} } func (m *ApplicationStatus) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -993,7 +1021,7 @@ var xxx_messageInfo_ApplicationStatus proto.InternalMessageInfo func (m *ApplicationSummary) Reset() { *m = ApplicationSummary{} } func (*ApplicationSummary) ProtoMessage() {} func (*ApplicationSummary) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{34} + return fileDescriptor_030104ce3b95bcac, []int{35} } func (m *ApplicationSummary) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1021,7 +1049,7 @@ var xxx_messageInfo_ApplicationSummary proto.InternalMessageInfo func (m *ApplicationTree) Reset() { *m = ApplicationTree{} } func (*ApplicationTree) ProtoMessage() {} func (*ApplicationTree) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{35} + return fileDescriptor_030104ce3b95bcac, []int{36} } func (m *ApplicationTree) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1049,7 +1077,7 @@ var xxx_messageInfo_ApplicationTree proto.InternalMessageInfo func (m *ApplicationWatchEvent) Reset() { *m = ApplicationWatchEvent{} } func (*ApplicationWatchEvent) ProtoMessage() {} func (*ApplicationWatchEvent) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{36} + return fileDescriptor_030104ce3b95bcac, []int{37} } func (m *ApplicationWatchEvent) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1077,7 +1105,7 @@ var xxx_messageInfo_ApplicationWatchEvent proto.InternalMessageInfo func (m *Backoff) Reset() { *m = Backoff{} } func (*Backoff) ProtoMessage() {} func (*Backoff) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{37} + return fileDescriptor_030104ce3b95bcac, []int{38} } func (m *Backoff) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1105,7 +1133,7 @@ var xxx_messageInfo_Backoff proto.InternalMessageInfo func (m *BasicAuthBitbucketServer) Reset() { *m = BasicAuthBitbucketServer{} } func (*BasicAuthBitbucketServer) ProtoMessage() {} func (*BasicAuthBitbucketServer) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{38} + return fileDescriptor_030104ce3b95bcac, []int{39} } func (m *BasicAuthBitbucketServer) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1133,7 +1161,7 @@ var xxx_messageInfo_BasicAuthBitbucketServer proto.InternalMessageInfo func (m *Cluster) Reset() { *m = Cluster{} } func (*Cluster) ProtoMessage() {} func (*Cluster) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{39} + return fileDescriptor_030104ce3b95bcac, []int{40} } func (m *Cluster) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1161,7 +1189,7 @@ var xxx_messageInfo_Cluster proto.InternalMessageInfo func (m *ClusterCacheInfo) Reset() { *m = ClusterCacheInfo{} } func (*ClusterCacheInfo) ProtoMessage() {} func (*ClusterCacheInfo) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{40} + return fileDescriptor_030104ce3b95bcac, []int{41} } func (m *ClusterCacheInfo) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1189,7 +1217,7 @@ var xxx_messageInfo_ClusterCacheInfo proto.InternalMessageInfo func (m *ClusterConfig) Reset() { *m = ClusterConfig{} } func (*ClusterConfig) ProtoMessage() {} func (*ClusterConfig) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{41} + return fileDescriptor_030104ce3b95bcac, []int{42} } func (m *ClusterConfig) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1217,7 +1245,7 @@ var xxx_messageInfo_ClusterConfig proto.InternalMessageInfo func (m *ClusterGenerator) Reset() { *m = ClusterGenerator{} } func (*ClusterGenerator) ProtoMessage() {} func (*ClusterGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{42} + return fileDescriptor_030104ce3b95bcac, []int{43} } func (m *ClusterGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1245,7 +1273,7 @@ var xxx_messageInfo_ClusterGenerator proto.InternalMessageInfo func (m *ClusterInfo) Reset() { *m = ClusterInfo{} } func (*ClusterInfo) ProtoMessage() {} func (*ClusterInfo) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{43} + return fileDescriptor_030104ce3b95bcac, []int{44} } func (m *ClusterInfo) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1273,7 +1301,7 @@ var xxx_messageInfo_ClusterInfo proto.InternalMessageInfo func (m *ClusterList) Reset() { *m = ClusterList{} } func (*ClusterList) ProtoMessage() {} func (*ClusterList) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{44} + return fileDescriptor_030104ce3b95bcac, []int{45} } func (m *ClusterList) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1301,7 +1329,7 @@ var xxx_messageInfo_ClusterList proto.InternalMessageInfo func (m *Command) Reset() { *m = Command{} } func (*Command) ProtoMessage() {} func (*Command) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{45} + return fileDescriptor_030104ce3b95bcac, []int{46} } func (m *Command) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1329,7 +1357,7 @@ var xxx_messageInfo_Command proto.InternalMessageInfo func (m *ComparedTo) Reset() { *m = ComparedTo{} } func (*ComparedTo) ProtoMessage() {} func (*ComparedTo) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{46} + return fileDescriptor_030104ce3b95bcac, []int{47} } func (m *ComparedTo) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1357,7 +1385,7 @@ var xxx_messageInfo_ComparedTo proto.InternalMessageInfo func (m *ComponentParameter) Reset() { *m = ComponentParameter{} } func (*ComponentParameter) ProtoMessage() {} func (*ComponentParameter) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{47} + return fileDescriptor_030104ce3b95bcac, []int{48} } func (m *ComponentParameter) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1385,7 +1413,7 @@ var xxx_messageInfo_ComponentParameter proto.InternalMessageInfo func (m *ConfigManagementPlugin) Reset() { *m = ConfigManagementPlugin{} } func (*ConfigManagementPlugin) ProtoMessage() {} func (*ConfigManagementPlugin) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{48} + return fileDescriptor_030104ce3b95bcac, []int{49} } func (m *ConfigManagementPlugin) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1413,7 +1441,7 @@ var xxx_messageInfo_ConfigManagementPlugin proto.InternalMessageInfo func (m *ConnectionState) Reset() { *m = ConnectionState{} } func (*ConnectionState) ProtoMessage() {} func (*ConnectionState) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{49} + return fileDescriptor_030104ce3b95bcac, []int{50} } func (m *ConnectionState) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1441,7 +1469,7 @@ var xxx_messageInfo_ConnectionState proto.InternalMessageInfo func (m *DuckTypeGenerator) Reset() { *m = DuckTypeGenerator{} } func (*DuckTypeGenerator) ProtoMessage() {} func (*DuckTypeGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{50} + return fileDescriptor_030104ce3b95bcac, []int{51} } func (m *DuckTypeGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1469,7 +1497,7 @@ var xxx_messageInfo_DuckTypeGenerator proto.InternalMessageInfo func (m *EnvEntry) Reset() { *m = EnvEntry{} } func (*EnvEntry) ProtoMessage() {} func (*EnvEntry) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{51} + return fileDescriptor_030104ce3b95bcac, []int{52} } func (m *EnvEntry) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1497,7 +1525,7 @@ var xxx_messageInfo_EnvEntry proto.InternalMessageInfo func (m *ExecProviderConfig) Reset() { *m = ExecProviderConfig{} } func (*ExecProviderConfig) ProtoMessage() {} func (*ExecProviderConfig) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{52} + return fileDescriptor_030104ce3b95bcac, []int{53} } func (m *ExecProviderConfig) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1525,7 +1553,7 @@ var xxx_messageInfo_ExecProviderConfig proto.InternalMessageInfo func (m *GitDirectoryGeneratorItem) Reset() { *m = GitDirectoryGeneratorItem{} } func (*GitDirectoryGeneratorItem) ProtoMessage() {} func (*GitDirectoryGeneratorItem) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{53} + return fileDescriptor_030104ce3b95bcac, []int{54} } func (m *GitDirectoryGeneratorItem) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1553,7 +1581,7 @@ var xxx_messageInfo_GitDirectoryGeneratorItem proto.InternalMessageInfo func (m *GitFileGeneratorItem) Reset() { *m = GitFileGeneratorItem{} } func (*GitFileGeneratorItem) ProtoMessage() {} func (*GitFileGeneratorItem) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{54} + return fileDescriptor_030104ce3b95bcac, []int{55} } func (m *GitFileGeneratorItem) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1581,7 +1609,7 @@ var xxx_messageInfo_GitFileGeneratorItem proto.InternalMessageInfo func (m *GitGenerator) Reset() { *m = GitGenerator{} } func (*GitGenerator) ProtoMessage() {} func (*GitGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{55} + return fileDescriptor_030104ce3b95bcac, []int{56} } func (m *GitGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1609,7 +1637,7 @@ var xxx_messageInfo_GitGenerator proto.InternalMessageInfo func (m *GnuPGPublicKey) Reset() { *m = GnuPGPublicKey{} } func (*GnuPGPublicKey) ProtoMessage() {} func (*GnuPGPublicKey) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{56} + return fileDescriptor_030104ce3b95bcac, []int{57} } func (m *GnuPGPublicKey) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1637,7 +1665,7 @@ var xxx_messageInfo_GnuPGPublicKey proto.InternalMessageInfo func (m *GnuPGPublicKeyList) Reset() { *m = GnuPGPublicKeyList{} } func (*GnuPGPublicKeyList) ProtoMessage() {} func (*GnuPGPublicKeyList) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{57} + return fileDescriptor_030104ce3b95bcac, []int{58} } func (m *GnuPGPublicKeyList) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1665,7 +1693,7 @@ var xxx_messageInfo_GnuPGPublicKeyList proto.InternalMessageInfo func (m *HealthStatus) Reset() { *m = HealthStatus{} } func (*HealthStatus) ProtoMessage() {} func (*HealthStatus) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{58} + return fileDescriptor_030104ce3b95bcac, []int{59} } func (m *HealthStatus) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1693,7 +1721,7 @@ var xxx_messageInfo_HealthStatus proto.InternalMessageInfo func (m *HelmFileParameter) Reset() { *m = HelmFileParameter{} } func (*HelmFileParameter) ProtoMessage() {} func (*HelmFileParameter) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{59} + return fileDescriptor_030104ce3b95bcac, []int{60} } func (m *HelmFileParameter) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1721,7 +1749,7 @@ var xxx_messageInfo_HelmFileParameter proto.InternalMessageInfo func (m *HelmOptions) Reset() { *m = HelmOptions{} } func (*HelmOptions) ProtoMessage() {} func (*HelmOptions) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{60} + return fileDescriptor_030104ce3b95bcac, []int{61} } func (m *HelmOptions) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1749,7 +1777,7 @@ var xxx_messageInfo_HelmOptions proto.InternalMessageInfo func (m *HelmParameter) Reset() { *m = HelmParameter{} } func (*HelmParameter) ProtoMessage() {} func (*HelmParameter) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{61} + return fileDescriptor_030104ce3b95bcac, []int{62} } func (m *HelmParameter) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1777,7 +1805,7 @@ var xxx_messageInfo_HelmParameter proto.InternalMessageInfo func (m *HostInfo) Reset() { *m = HostInfo{} } func (*HostInfo) ProtoMessage() {} func (*HostInfo) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{62} + return fileDescriptor_030104ce3b95bcac, []int{63} } func (m *HostInfo) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1805,7 +1833,7 @@ var xxx_messageInfo_HostInfo proto.InternalMessageInfo func (m *HostResourceInfo) Reset() { *m = HostResourceInfo{} } func (*HostResourceInfo) ProtoMessage() {} func (*HostResourceInfo) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{63} + return fileDescriptor_030104ce3b95bcac, []int{64} } func (m *HostResourceInfo) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1833,7 +1861,7 @@ var xxx_messageInfo_HostResourceInfo proto.InternalMessageInfo func (m *Info) Reset() { *m = Info{} } func (*Info) ProtoMessage() {} func (*Info) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{64} + return fileDescriptor_030104ce3b95bcac, []int{65} } func (m *Info) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1861,7 +1889,7 @@ var xxx_messageInfo_Info proto.InternalMessageInfo func (m *InfoItem) Reset() { *m = InfoItem{} } func (*InfoItem) ProtoMessage() {} func (*InfoItem) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{65} + return fileDescriptor_030104ce3b95bcac, []int{66} } func (m *InfoItem) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1889,7 +1917,7 @@ var xxx_messageInfo_InfoItem proto.InternalMessageInfo func (m *JWTToken) Reset() { *m = JWTToken{} } func (*JWTToken) ProtoMessage() {} func (*JWTToken) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{66} + return fileDescriptor_030104ce3b95bcac, []int{67} } func (m *JWTToken) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1917,7 +1945,7 @@ var xxx_messageInfo_JWTToken proto.InternalMessageInfo func (m *JWTTokens) Reset() { *m = JWTTokens{} } func (*JWTTokens) ProtoMessage() {} func (*JWTTokens) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{67} + return fileDescriptor_030104ce3b95bcac, []int{68} } func (m *JWTTokens) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1945,7 +1973,7 @@ var xxx_messageInfo_JWTTokens proto.InternalMessageInfo func (m *JsonnetVar) Reset() { *m = JsonnetVar{} } func (*JsonnetVar) ProtoMessage() {} func (*JsonnetVar) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{68} + return fileDescriptor_030104ce3b95bcac, []int{69} } func (m *JsonnetVar) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1973,7 +2001,7 @@ var xxx_messageInfo_JsonnetVar proto.InternalMessageInfo func (m *KnownTypeField) Reset() { *m = KnownTypeField{} } func (*KnownTypeField) ProtoMessage() {} func (*KnownTypeField) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{69} + return fileDescriptor_030104ce3b95bcac, []int{70} } func (m *KnownTypeField) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2001,7 +2029,7 @@ var xxx_messageInfo_KnownTypeField proto.InternalMessageInfo func (m *KustomizeOptions) Reset() { *m = KustomizeOptions{} } func (*KustomizeOptions) ProtoMessage() {} func (*KustomizeOptions) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{70} + return fileDescriptor_030104ce3b95bcac, []int{71} } func (m *KustomizeOptions) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2029,7 +2057,7 @@ var xxx_messageInfo_KustomizeOptions proto.InternalMessageInfo func (m *ListGenerator) Reset() { *m = ListGenerator{} } func (*ListGenerator) ProtoMessage() {} func (*ListGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{71} + return fileDescriptor_030104ce3b95bcac, []int{72} } func (m *ListGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2057,7 +2085,7 @@ var xxx_messageInfo_ListGenerator proto.InternalMessageInfo func (m *ManagedNamespaceMetadata) Reset() { *m = ManagedNamespaceMetadata{} } func (*ManagedNamespaceMetadata) ProtoMessage() {} func (*ManagedNamespaceMetadata) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{72} + return fileDescriptor_030104ce3b95bcac, []int{73} } func (m *ManagedNamespaceMetadata) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2085,7 +2113,7 @@ var xxx_messageInfo_ManagedNamespaceMetadata proto.InternalMessageInfo func (m *MatrixGenerator) Reset() { *m = MatrixGenerator{} } func (*MatrixGenerator) ProtoMessage() {} func (*MatrixGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{73} + return fileDescriptor_030104ce3b95bcac, []int{74} } func (m *MatrixGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2113,7 +2141,7 @@ var xxx_messageInfo_MatrixGenerator proto.InternalMessageInfo func (m *MergeGenerator) Reset() { *m = MergeGenerator{} } func (*MergeGenerator) ProtoMessage() {} func (*MergeGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{74} + return fileDescriptor_030104ce3b95bcac, []int{75} } func (m *MergeGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2141,7 +2169,7 @@ var xxx_messageInfo_MergeGenerator proto.InternalMessageInfo func (m *NestedMatrixGenerator) Reset() { *m = NestedMatrixGenerator{} } func (*NestedMatrixGenerator) ProtoMessage() {} func (*NestedMatrixGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{75} + return fileDescriptor_030104ce3b95bcac, []int{76} } func (m *NestedMatrixGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2169,7 +2197,7 @@ var xxx_messageInfo_NestedMatrixGenerator proto.InternalMessageInfo func (m *NestedMergeGenerator) Reset() { *m = NestedMergeGenerator{} } func (*NestedMergeGenerator) ProtoMessage() {} func (*NestedMergeGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{76} + return fileDescriptor_030104ce3b95bcac, []int{77} } func (m *NestedMergeGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2197,7 +2225,7 @@ var xxx_messageInfo_NestedMergeGenerator proto.InternalMessageInfo func (m *Operation) Reset() { *m = Operation{} } func (*Operation) ProtoMessage() {} func (*Operation) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{77} + return fileDescriptor_030104ce3b95bcac, []int{78} } func (m *Operation) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2225,7 +2253,7 @@ var xxx_messageInfo_Operation proto.InternalMessageInfo func (m *OperationInitiator) Reset() { *m = OperationInitiator{} } func (*OperationInitiator) ProtoMessage() {} func (*OperationInitiator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{78} + return fileDescriptor_030104ce3b95bcac, []int{79} } func (m *OperationInitiator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2253,7 +2281,7 @@ var xxx_messageInfo_OperationInitiator proto.InternalMessageInfo func (m *OperationState) Reset() { *m = OperationState{} } func (*OperationState) ProtoMessage() {} func (*OperationState) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{79} + return fileDescriptor_030104ce3b95bcac, []int{80} } func (m *OperationState) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2281,7 +2309,7 @@ var xxx_messageInfo_OperationState proto.InternalMessageInfo func (m *OrphanedResourceKey) Reset() { *m = OrphanedResourceKey{} } func (*OrphanedResourceKey) ProtoMessage() {} func (*OrphanedResourceKey) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{80} + return fileDescriptor_030104ce3b95bcac, []int{81} } func (m *OrphanedResourceKey) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2309,7 +2337,7 @@ var xxx_messageInfo_OrphanedResourceKey proto.InternalMessageInfo func (m *OrphanedResourcesMonitorSettings) Reset() { *m = OrphanedResourcesMonitorSettings{} } func (*OrphanedResourcesMonitorSettings) ProtoMessage() {} func (*OrphanedResourcesMonitorSettings) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{81} + return fileDescriptor_030104ce3b95bcac, []int{82} } func (m *OrphanedResourcesMonitorSettings) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2337,7 +2365,7 @@ var xxx_messageInfo_OrphanedResourcesMonitorSettings proto.InternalMessageInfo func (m *OverrideIgnoreDiff) Reset() { *m = OverrideIgnoreDiff{} } func (*OverrideIgnoreDiff) ProtoMessage() {} func (*OverrideIgnoreDiff) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{82} + return fileDescriptor_030104ce3b95bcac, []int{83} } func (m *OverrideIgnoreDiff) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2365,7 +2393,7 @@ var xxx_messageInfo_OverrideIgnoreDiff proto.InternalMessageInfo func (m *ProjectRole) Reset() { *m = ProjectRole{} } func (*ProjectRole) ProtoMessage() {} func (*ProjectRole) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{83} + return fileDescriptor_030104ce3b95bcac, []int{84} } func (m *ProjectRole) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2393,7 +2421,7 @@ var xxx_messageInfo_ProjectRole proto.InternalMessageInfo func (m *PullRequestGenerator) Reset() { *m = PullRequestGenerator{} } func (*PullRequestGenerator) ProtoMessage() {} func (*PullRequestGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{84} + return fileDescriptor_030104ce3b95bcac, []int{85} } func (m *PullRequestGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2421,7 +2449,7 @@ var xxx_messageInfo_PullRequestGenerator proto.InternalMessageInfo func (m *PullRequestGeneratorBitbucketServer) Reset() { *m = PullRequestGeneratorBitbucketServer{} } func (*PullRequestGeneratorBitbucketServer) ProtoMessage() {} func (*PullRequestGeneratorBitbucketServer) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{85} + return fileDescriptor_030104ce3b95bcac, []int{86} } func (m *PullRequestGeneratorBitbucketServer) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2449,7 +2477,7 @@ var xxx_messageInfo_PullRequestGeneratorBitbucketServer proto.InternalMessageInf func (m *PullRequestGeneratorFilter) Reset() { *m = PullRequestGeneratorFilter{} } func (*PullRequestGeneratorFilter) ProtoMessage() {} func (*PullRequestGeneratorFilter) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{86} + return fileDescriptor_030104ce3b95bcac, []int{87} } func (m *PullRequestGeneratorFilter) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2477,7 +2505,7 @@ var xxx_messageInfo_PullRequestGeneratorFilter proto.InternalMessageInfo func (m *PullRequestGeneratorGitLab) Reset() { *m = PullRequestGeneratorGitLab{} } func (*PullRequestGeneratorGitLab) ProtoMessage() {} func (*PullRequestGeneratorGitLab) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{87} + return fileDescriptor_030104ce3b95bcac, []int{88} } func (m *PullRequestGeneratorGitLab) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2505,7 +2533,7 @@ var xxx_messageInfo_PullRequestGeneratorGitLab proto.InternalMessageInfo func (m *PullRequestGeneratorGitea) Reset() { *m = PullRequestGeneratorGitea{} } func (*PullRequestGeneratorGitea) ProtoMessage() {} func (*PullRequestGeneratorGitea) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{88} + return fileDescriptor_030104ce3b95bcac, []int{89} } func (m *PullRequestGeneratorGitea) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2533,7 +2561,7 @@ var xxx_messageInfo_PullRequestGeneratorGitea proto.InternalMessageInfo func (m *PullRequestGeneratorGithub) Reset() { *m = PullRequestGeneratorGithub{} } func (*PullRequestGeneratorGithub) ProtoMessage() {} func (*PullRequestGeneratorGithub) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{89} + return fileDescriptor_030104ce3b95bcac, []int{90} } func (m *PullRequestGeneratorGithub) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2561,7 +2589,7 @@ var xxx_messageInfo_PullRequestGeneratorGithub proto.InternalMessageInfo func (m *RefTarget) Reset() { *m = RefTarget{} } func (*RefTarget) ProtoMessage() {} func (*RefTarget) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{90} + return fileDescriptor_030104ce3b95bcac, []int{91} } func (m *RefTarget) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2589,7 +2617,7 @@ var xxx_messageInfo_RefTarget proto.InternalMessageInfo func (m *RepoCreds) Reset() { *m = RepoCreds{} } func (*RepoCreds) ProtoMessage() {} func (*RepoCreds) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{91} + return fileDescriptor_030104ce3b95bcac, []int{92} } func (m *RepoCreds) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2617,7 +2645,7 @@ var xxx_messageInfo_RepoCreds proto.InternalMessageInfo func (m *RepoCredsList) Reset() { *m = RepoCredsList{} } func (*RepoCredsList) ProtoMessage() {} func (*RepoCredsList) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{92} + return fileDescriptor_030104ce3b95bcac, []int{93} } func (m *RepoCredsList) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2645,7 +2673,7 @@ var xxx_messageInfo_RepoCredsList proto.InternalMessageInfo func (m *Repository) Reset() { *m = Repository{} } func (*Repository) ProtoMessage() {} func (*Repository) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{93} + return fileDescriptor_030104ce3b95bcac, []int{94} } func (m *Repository) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2673,7 +2701,7 @@ var xxx_messageInfo_Repository proto.InternalMessageInfo func (m *RepositoryCertificate) Reset() { *m = RepositoryCertificate{} } func (*RepositoryCertificate) ProtoMessage() {} func (*RepositoryCertificate) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{94} + return fileDescriptor_030104ce3b95bcac, []int{95} } func (m *RepositoryCertificate) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2701,7 +2729,7 @@ var xxx_messageInfo_RepositoryCertificate proto.InternalMessageInfo func (m *RepositoryCertificateList) Reset() { *m = RepositoryCertificateList{} } func (*RepositoryCertificateList) ProtoMessage() {} func (*RepositoryCertificateList) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{95} + return fileDescriptor_030104ce3b95bcac, []int{96} } func (m *RepositoryCertificateList) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2729,7 +2757,7 @@ var xxx_messageInfo_RepositoryCertificateList proto.InternalMessageInfo func (m *RepositoryList) Reset() { *m = RepositoryList{} } func (*RepositoryList) ProtoMessage() {} func (*RepositoryList) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{96} + return fileDescriptor_030104ce3b95bcac, []int{97} } func (m *RepositoryList) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2757,7 +2785,7 @@ var xxx_messageInfo_RepositoryList proto.InternalMessageInfo func (m *ResourceAction) Reset() { *m = ResourceAction{} } func (*ResourceAction) ProtoMessage() {} func (*ResourceAction) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{97} + return fileDescriptor_030104ce3b95bcac, []int{98} } func (m *ResourceAction) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2785,7 +2813,7 @@ var xxx_messageInfo_ResourceAction proto.InternalMessageInfo func (m *ResourceActionDefinition) Reset() { *m = ResourceActionDefinition{} } func (*ResourceActionDefinition) ProtoMessage() {} func (*ResourceActionDefinition) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{98} + return fileDescriptor_030104ce3b95bcac, []int{99} } func (m *ResourceActionDefinition) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2813,7 +2841,7 @@ var xxx_messageInfo_ResourceActionDefinition proto.InternalMessageInfo func (m *ResourceActionParam) Reset() { *m = ResourceActionParam{} } func (*ResourceActionParam) ProtoMessage() {} func (*ResourceActionParam) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{99} + return fileDescriptor_030104ce3b95bcac, []int{100} } func (m *ResourceActionParam) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2841,7 +2869,7 @@ var xxx_messageInfo_ResourceActionParam proto.InternalMessageInfo func (m *ResourceActions) Reset() { *m = ResourceActions{} } func (*ResourceActions) ProtoMessage() {} func (*ResourceActions) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{100} + return fileDescriptor_030104ce3b95bcac, []int{101} } func (m *ResourceActions) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2869,7 +2897,7 @@ var xxx_messageInfo_ResourceActions proto.InternalMessageInfo func (m *ResourceDiff) Reset() { *m = ResourceDiff{} } func (*ResourceDiff) ProtoMessage() {} func (*ResourceDiff) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{101} + return fileDescriptor_030104ce3b95bcac, []int{102} } func (m *ResourceDiff) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2897,7 +2925,7 @@ var xxx_messageInfo_ResourceDiff proto.InternalMessageInfo func (m *ResourceIgnoreDifferences) Reset() { *m = ResourceIgnoreDifferences{} } func (*ResourceIgnoreDifferences) ProtoMessage() {} func (*ResourceIgnoreDifferences) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{102} + return fileDescriptor_030104ce3b95bcac, []int{103} } func (m *ResourceIgnoreDifferences) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2925,7 +2953,7 @@ var xxx_messageInfo_ResourceIgnoreDifferences proto.InternalMessageInfo func (m *ResourceNetworkingInfo) Reset() { *m = ResourceNetworkingInfo{} } func (*ResourceNetworkingInfo) ProtoMessage() {} func (*ResourceNetworkingInfo) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{103} + return fileDescriptor_030104ce3b95bcac, []int{104} } func (m *ResourceNetworkingInfo) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2953,7 +2981,7 @@ var xxx_messageInfo_ResourceNetworkingInfo proto.InternalMessageInfo func (m *ResourceNode) Reset() { *m = ResourceNode{} } func (*ResourceNode) ProtoMessage() {} func (*ResourceNode) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{104} + return fileDescriptor_030104ce3b95bcac, []int{105} } func (m *ResourceNode) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2981,7 +3009,7 @@ var xxx_messageInfo_ResourceNode proto.InternalMessageInfo func (m *ResourceOverride) Reset() { *m = ResourceOverride{} } func (*ResourceOverride) ProtoMessage() {} func (*ResourceOverride) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{105} + return fileDescriptor_030104ce3b95bcac, []int{106} } func (m *ResourceOverride) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3009,7 +3037,7 @@ var xxx_messageInfo_ResourceOverride proto.InternalMessageInfo func (m *ResourceRef) Reset() { *m = ResourceRef{} } func (*ResourceRef) ProtoMessage() {} func (*ResourceRef) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{106} + return fileDescriptor_030104ce3b95bcac, []int{107} } func (m *ResourceRef) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3037,7 +3065,7 @@ var xxx_messageInfo_ResourceRef proto.InternalMessageInfo func (m *ResourceResult) Reset() { *m = ResourceResult{} } func (*ResourceResult) ProtoMessage() {} func (*ResourceResult) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{107} + return fileDescriptor_030104ce3b95bcac, []int{108} } func (m *ResourceResult) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3065,7 +3093,7 @@ var xxx_messageInfo_ResourceResult proto.InternalMessageInfo func (m *ResourceStatus) Reset() { *m = ResourceStatus{} } func (*ResourceStatus) ProtoMessage() {} func (*ResourceStatus) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{108} + return fileDescriptor_030104ce3b95bcac, []int{109} } func (m *ResourceStatus) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3093,7 +3121,7 @@ var xxx_messageInfo_ResourceStatus proto.InternalMessageInfo func (m *RetryStrategy) Reset() { *m = RetryStrategy{} } func (*RetryStrategy) ProtoMessage() {} func (*RetryStrategy) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{109} + return fileDescriptor_030104ce3b95bcac, []int{110} } func (m *RetryStrategy) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3121,7 +3149,7 @@ var xxx_messageInfo_RetryStrategy proto.InternalMessageInfo func (m *RevisionHistory) Reset() { *m = RevisionHistory{} } func (*RevisionHistory) ProtoMessage() {} func (*RevisionHistory) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{110} + return fileDescriptor_030104ce3b95bcac, []int{111} } func (m *RevisionHistory) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3149,7 +3177,7 @@ var xxx_messageInfo_RevisionHistory proto.InternalMessageInfo func (m *RevisionMetadata) Reset() { *m = RevisionMetadata{} } func (*RevisionMetadata) ProtoMessage() {} func (*RevisionMetadata) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{111} + return fileDescriptor_030104ce3b95bcac, []int{112} } func (m *RevisionMetadata) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3177,7 +3205,7 @@ var xxx_messageInfo_RevisionMetadata proto.InternalMessageInfo func (m *SCMProviderGenerator) Reset() { *m = SCMProviderGenerator{} } func (*SCMProviderGenerator) ProtoMessage() {} func (*SCMProviderGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{112} + return fileDescriptor_030104ce3b95bcac, []int{113} } func (m *SCMProviderGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3205,7 +3233,7 @@ var xxx_messageInfo_SCMProviderGenerator proto.InternalMessageInfo func (m *SCMProviderGeneratorAzureDevOps) Reset() { *m = SCMProviderGeneratorAzureDevOps{} } func (*SCMProviderGeneratorAzureDevOps) ProtoMessage() {} func (*SCMProviderGeneratorAzureDevOps) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{113} + return fileDescriptor_030104ce3b95bcac, []int{114} } func (m *SCMProviderGeneratorAzureDevOps) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3233,7 +3261,7 @@ var xxx_messageInfo_SCMProviderGeneratorAzureDevOps proto.InternalMessageInfo func (m *SCMProviderGeneratorBitbucket) Reset() { *m = SCMProviderGeneratorBitbucket{} } func (*SCMProviderGeneratorBitbucket) ProtoMessage() {} func (*SCMProviderGeneratorBitbucket) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{114} + return fileDescriptor_030104ce3b95bcac, []int{115} } func (m *SCMProviderGeneratorBitbucket) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3261,7 +3289,7 @@ var xxx_messageInfo_SCMProviderGeneratorBitbucket proto.InternalMessageInfo func (m *SCMProviderGeneratorBitbucketServer) Reset() { *m = SCMProviderGeneratorBitbucketServer{} } func (*SCMProviderGeneratorBitbucketServer) ProtoMessage() {} func (*SCMProviderGeneratorBitbucketServer) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{115} + return fileDescriptor_030104ce3b95bcac, []int{116} } func (m *SCMProviderGeneratorBitbucketServer) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3289,7 +3317,7 @@ var xxx_messageInfo_SCMProviderGeneratorBitbucketServer proto.InternalMessageInf func (m *SCMProviderGeneratorFilter) Reset() { *m = SCMProviderGeneratorFilter{} } func (*SCMProviderGeneratorFilter) ProtoMessage() {} func (*SCMProviderGeneratorFilter) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{116} + return fileDescriptor_030104ce3b95bcac, []int{117} } func (m *SCMProviderGeneratorFilter) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3317,7 +3345,7 @@ var xxx_messageInfo_SCMProviderGeneratorFilter proto.InternalMessageInfo func (m *SCMProviderGeneratorGitea) Reset() { *m = SCMProviderGeneratorGitea{} } func (*SCMProviderGeneratorGitea) ProtoMessage() {} func (*SCMProviderGeneratorGitea) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{117} + return fileDescriptor_030104ce3b95bcac, []int{118} } func (m *SCMProviderGeneratorGitea) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3345,7 +3373,7 @@ var xxx_messageInfo_SCMProviderGeneratorGitea proto.InternalMessageInfo func (m *SCMProviderGeneratorGithub) Reset() { *m = SCMProviderGeneratorGithub{} } func (*SCMProviderGeneratorGithub) ProtoMessage() {} func (*SCMProviderGeneratorGithub) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{118} + return fileDescriptor_030104ce3b95bcac, []int{119} } func (m *SCMProviderGeneratorGithub) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3373,7 +3401,7 @@ var xxx_messageInfo_SCMProviderGeneratorGithub proto.InternalMessageInfo func (m *SCMProviderGeneratorGitlab) Reset() { *m = SCMProviderGeneratorGitlab{} } func (*SCMProviderGeneratorGitlab) ProtoMessage() {} func (*SCMProviderGeneratorGitlab) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{119} + return fileDescriptor_030104ce3b95bcac, []int{120} } func (m *SCMProviderGeneratorGitlab) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3401,7 +3429,7 @@ var xxx_messageInfo_SCMProviderGeneratorGitlab proto.InternalMessageInfo func (m *SecretRef) Reset() { *m = SecretRef{} } func (*SecretRef) ProtoMessage() {} func (*SecretRef) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{120} + return fileDescriptor_030104ce3b95bcac, []int{121} } func (m *SecretRef) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3429,7 +3457,7 @@ var xxx_messageInfo_SecretRef proto.InternalMessageInfo func (m *SignatureKey) Reset() { *m = SignatureKey{} } func (*SignatureKey) ProtoMessage() {} func (*SignatureKey) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{121} + return fileDescriptor_030104ce3b95bcac, []int{122} } func (m *SignatureKey) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3457,7 +3485,7 @@ var xxx_messageInfo_SignatureKey proto.InternalMessageInfo func (m *SyncOperation) Reset() { *m = SyncOperation{} } func (*SyncOperation) ProtoMessage() {} func (*SyncOperation) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{122} + return fileDescriptor_030104ce3b95bcac, []int{123} } func (m *SyncOperation) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3485,7 +3513,7 @@ var xxx_messageInfo_SyncOperation proto.InternalMessageInfo func (m *SyncOperationResource) Reset() { *m = SyncOperationResource{} } func (*SyncOperationResource) ProtoMessage() {} func (*SyncOperationResource) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{123} + return fileDescriptor_030104ce3b95bcac, []int{124} } func (m *SyncOperationResource) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3513,7 +3541,7 @@ var xxx_messageInfo_SyncOperationResource proto.InternalMessageInfo func (m *SyncOperationResult) Reset() { *m = SyncOperationResult{} } func (*SyncOperationResult) ProtoMessage() {} func (*SyncOperationResult) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{124} + return fileDescriptor_030104ce3b95bcac, []int{125} } func (m *SyncOperationResult) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3541,7 +3569,7 @@ var xxx_messageInfo_SyncOperationResult proto.InternalMessageInfo func (m *SyncPolicy) Reset() { *m = SyncPolicy{} } func (*SyncPolicy) ProtoMessage() {} func (*SyncPolicy) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{125} + return fileDescriptor_030104ce3b95bcac, []int{126} } func (m *SyncPolicy) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3569,7 +3597,7 @@ var xxx_messageInfo_SyncPolicy proto.InternalMessageInfo func (m *SyncPolicyAutomated) Reset() { *m = SyncPolicyAutomated{} } func (*SyncPolicyAutomated) ProtoMessage() {} func (*SyncPolicyAutomated) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{126} + return fileDescriptor_030104ce3b95bcac, []int{127} } func (m *SyncPolicyAutomated) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3597,7 +3625,7 @@ var xxx_messageInfo_SyncPolicyAutomated proto.InternalMessageInfo func (m *SyncStatus) Reset() { *m = SyncStatus{} } func (*SyncStatus) ProtoMessage() {} func (*SyncStatus) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{127} + return fileDescriptor_030104ce3b95bcac, []int{128} } func (m *SyncStatus) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3625,7 +3653,7 @@ var xxx_messageInfo_SyncStatus proto.InternalMessageInfo func (m *SyncStrategy) Reset() { *m = SyncStrategy{} } func (*SyncStrategy) ProtoMessage() {} func (*SyncStrategy) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{128} + return fileDescriptor_030104ce3b95bcac, []int{129} } func (m *SyncStrategy) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3653,7 +3681,7 @@ var xxx_messageInfo_SyncStrategy proto.InternalMessageInfo func (m *SyncStrategyApply) Reset() { *m = SyncStrategyApply{} } func (*SyncStrategyApply) ProtoMessage() {} func (*SyncStrategyApply) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{129} + return fileDescriptor_030104ce3b95bcac, []int{130} } func (m *SyncStrategyApply) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3681,7 +3709,7 @@ var xxx_messageInfo_SyncStrategyApply proto.InternalMessageInfo func (m *SyncStrategyHook) Reset() { *m = SyncStrategyHook{} } func (*SyncStrategyHook) ProtoMessage() {} func (*SyncStrategyHook) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{130} + return fileDescriptor_030104ce3b95bcac, []int{131} } func (m *SyncStrategyHook) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3709,7 +3737,7 @@ var xxx_messageInfo_SyncStrategyHook proto.InternalMessageInfo func (m *SyncWindow) Reset() { *m = SyncWindow{} } func (*SyncWindow) ProtoMessage() {} func (*SyncWindow) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{131} + return fileDescriptor_030104ce3b95bcac, []int{132} } func (m *SyncWindow) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3737,7 +3765,7 @@ var xxx_messageInfo_SyncWindow proto.InternalMessageInfo func (m *TLSClientConfig) Reset() { *m = TLSClientConfig{} } func (*TLSClientConfig) ProtoMessage() {} func (*TLSClientConfig) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{132} + return fileDescriptor_030104ce3b95bcac, []int{133} } func (m *TLSClientConfig) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3774,6 +3802,7 @@ func init() { proto.RegisterType((*ApplicationDestination)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.ApplicationDestination") proto.RegisterType((*ApplicationList)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.ApplicationList") proto.RegisterType((*ApplicationMatchExpression)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.ApplicationMatchExpression") + proto.RegisterType((*ApplicationPreservedFields)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.ApplicationPreservedFields") proto.RegisterType((*ApplicationSet)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.ApplicationSet") proto.RegisterType((*ApplicationSetApplicationStatus)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.ApplicationSetApplicationStatus") proto.RegisterType((*ApplicationSetCondition)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.ApplicationSetCondition") @@ -3918,611 +3947,614 @@ func init() { } var fileDescriptor_030104ce3b95bcac = []byte{ - // 9659 bytes of a gzipped FileDescriptorProto + // 9707 bytes of a gzipped FileDescriptorProto 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x7d, 0x6d, 0x70, 0x24, 0xc7, - 0x75, 0x98, 0x66, 0x17, 0x0b, 0xec, 0x3e, 0x7c, 0xdc, 0xa1, 0xef, 0x8e, 0x04, 0x4f, 0xe4, 0xe1, - 0x6a, 0x58, 0xa6, 0xa9, 0x88, 0x04, 0xc2, 0x13, 0xa5, 0x30, 0xa6, 0x4d, 0x19, 0x0b, 0xdc, 0xe1, + 0x75, 0x18, 0x67, 0x17, 0x0b, 0xec, 0x3e, 0x7c, 0xdc, 0xa1, 0xef, 0x8e, 0x04, 0x8f, 0xe4, 0xe1, + 0x6a, 0x58, 0xa6, 0xa8, 0x88, 0x04, 0xc2, 0x13, 0xa5, 0x30, 0xa6, 0x4d, 0x19, 0x0b, 0xdc, 0xe1, 0x70, 0x07, 0x1c, 0xc0, 0x06, 0xee, 0x4e, 0x22, 0x4d, 0x49, 0x83, 0xd9, 0xde, 0xc5, 0x1c, 0x76, 0x67, 0x86, 0x33, 0xb3, 0x38, 0x2c, 0x2d, 0xcb, 0x92, 0x2c, 0xd9, 0x4a, 0xf4, 0x41, 0x85, 0xfe, - 0x11, 0xb9, 0x92, 0x38, 0x8a, 0xed, 0x72, 0xc5, 0x95, 0xb0, 0xe2, 0x54, 0x7e, 0xe4, 0xab, 0x52, + 0x61, 0xb9, 0x92, 0x38, 0x8c, 0xed, 0x72, 0xc5, 0x95, 0xb0, 0xe2, 0x54, 0x7e, 0xe4, 0xab, 0x52, 0x15, 0xdb, 0xf9, 0xc1, 0x94, 0x52, 0x15, 0x55, 0xc5, 0x65, 0x39, 0xb1, 0x03, 0x53, 0x97, 0x4a, - 0x25, 0x95, 0xaa, 0x38, 0x95, 0x8f, 0x3f, 0xb9, 0xca, 0x8f, 0x54, 0x7f, 0xf7, 0xcc, 0xee, 0x1e, - 0x76, 0x0f, 0x83, 0xbb, 0x93, 0x8a, 0xff, 0x76, 0xfb, 0xbd, 0x7e, 0xaf, 0xbb, 0xa7, 0xfb, 0xf5, - 0x7b, 0xdd, 0xef, 0xbd, 0x86, 0xd5, 0x86, 0x97, 0xec, 0xb4, 0xb7, 0xe7, 0xdc, 0xa0, 0x35, 0xef, - 0x44, 0x8d, 0x20, 0x8c, 0x82, 0x5b, 0xec, 0xc7, 0xf3, 0x6e, 0x6d, 0x7e, 0xef, 0xc2, 0x7c, 0xb8, - 0xdb, 0x98, 0x77, 0x42, 0x2f, 0x9e, 0x77, 0xc2, 0xb0, 0xe9, 0xb9, 0x4e, 0xe2, 0x05, 0xfe, 0xfc, - 0xde, 0x0b, 0x4e, 0x33, 0xdc, 0x71, 0x5e, 0x98, 0x6f, 0x10, 0x9f, 0x44, 0x4e, 0x42, 0x6a, 0x73, - 0x61, 0x14, 0x24, 0x01, 0xfa, 0x69, 0x4d, 0x6d, 0x4e, 0x52, 0x63, 0x3f, 0x3e, 0xeb, 0xd6, 0xe6, - 0xf6, 0x2e, 0xcc, 0x85, 0xbb, 0x8d, 0x39, 0x4a, 0x6d, 0xce, 0xa0, 0x36, 0x27, 0xa9, 0x9d, 0x7d, - 0xde, 0x68, 0x4b, 0x23, 0x68, 0x04, 0xf3, 0x8c, 0xe8, 0x76, 0xbb, 0xce, 0xfe, 0xb1, 0x3f, 0xec, - 0x17, 0x67, 0x76, 0xd6, 0xde, 0x7d, 0x29, 0x9e, 0xf3, 0x02, 0xda, 0xbc, 0x79, 0x37, 0x88, 0xc8, - 0xfc, 0x5e, 0x57, 0x83, 0xce, 0x5e, 0xd6, 0x38, 0x64, 0x3f, 0x21, 0x7e, 0xec, 0x05, 0x7e, 0xfc, - 0x3c, 0x6d, 0x02, 0x89, 0xf6, 0x48, 0x64, 0x76, 0xcf, 0x40, 0xe8, 0x45, 0xe9, 0x45, 0x4d, 0xa9, - 0xe5, 0xb8, 0x3b, 0x9e, 0x4f, 0xa2, 0x8e, 0xae, 0xde, 0x22, 0x89, 0xd3, 0xab, 0xd6, 0x7c, 0xbf, - 0x5a, 0x51, 0xdb, 0x4f, 0xbc, 0x16, 0xe9, 0xaa, 0xf0, 0x89, 0xc3, 0x2a, 0xc4, 0xee, 0x0e, 0x69, - 0x39, 0x5d, 0xf5, 0x3e, 0xd6, 0xaf, 0x5e, 0x3b, 0xf1, 0x9a, 0xf3, 0x9e, 0x9f, 0xc4, 0x49, 0x94, - 0xad, 0x64, 0xbf, 0x09, 0x93, 0x0b, 0x37, 0x37, 0x17, 0xda, 0xc9, 0xce, 0x62, 0xe0, 0xd7, 0xbd, - 0x06, 0xfa, 0x38, 0x8c, 0xbb, 0xcd, 0x76, 0x9c, 0x90, 0xe8, 0x9a, 0xd3, 0x22, 0x33, 0xd6, 0x79, - 0xeb, 0xd9, 0x4a, 0xf5, 0xd4, 0x7b, 0x07, 0xb3, 0x1f, 0xba, 0x73, 0x30, 0x3b, 0xbe, 0xa8, 0x41, - 0xd8, 0xc4, 0x43, 0x1f, 0x81, 0xb1, 0x28, 0x68, 0x92, 0x05, 0x7c, 0x6d, 0xa6, 0xc0, 0xaa, 0x9c, - 0x10, 0x55, 0xc6, 0x30, 0x2f, 0xc6, 0x12, 0x6e, 0xff, 0x51, 0x01, 0x60, 0x21, 0x0c, 0x37, 0xa2, - 0xe0, 0x16, 0x71, 0x13, 0xf4, 0x39, 0x28, 0xd3, 0xa1, 0xab, 0x39, 0x89, 0xc3, 0xb8, 0x8d, 0x5f, - 0xf8, 0x8b, 0x73, 0xbc, 0x27, 0x73, 0x66, 0x4f, 0xf4, 0xc4, 0xa1, 0xd8, 0x73, 0x7b, 0x2f, 0xcc, - 0xad, 0x6f, 0xd3, 0xfa, 0x6b, 0x24, 0x71, 0xaa, 0x48, 0x30, 0x03, 0x5d, 0x86, 0x15, 0x55, 0xe4, - 0xc3, 0x48, 0x1c, 0x12, 0x97, 0x35, 0x6c, 0xfc, 0xc2, 0xea, 0xdc, 0x51, 0x66, 0xe8, 0x9c, 0x6e, - 0xf9, 0x66, 0x48, 0xdc, 0xea, 0x84, 0xe0, 0x3c, 0x42, 0xff, 0x61, 0xc6, 0x07, 0xed, 0xc1, 0x68, - 0x9c, 0x38, 0x49, 0x3b, 0x9e, 0x29, 0x32, 0x8e, 0xd7, 0x72, 0xe3, 0xc8, 0xa8, 0x56, 0xa7, 0x04, - 0xcf, 0x51, 0xfe, 0x1f, 0x0b, 0x6e, 0xf6, 0x7f, 0xb4, 0x60, 0x4a, 0x23, 0xaf, 0x7a, 0x71, 0x82, - 0x7e, 0xae, 0x6b, 0x70, 0xe7, 0x06, 0x1b, 0x5c, 0x5a, 0x9b, 0x0d, 0xed, 0x49, 0xc1, 0xac, 0x2c, - 0x4b, 0x8c, 0x81, 0x6d, 0x41, 0xc9, 0x4b, 0x48, 0x2b, 0x9e, 0x29, 0x9c, 0x2f, 0x3e, 0x3b, 0x7e, - 0xe1, 0x72, 0x5e, 0xfd, 0xac, 0x4e, 0x0a, 0xa6, 0xa5, 0x15, 0x4a, 0x1e, 0x73, 0x2e, 0xf6, 0xef, - 0x4c, 0x98, 0xfd, 0xa3, 0x03, 0x8e, 0x5e, 0x80, 0xf1, 0x38, 0x68, 0x47, 0x2e, 0xc1, 0x24, 0x0c, - 0xe2, 0x19, 0xeb, 0x7c, 0x91, 0x4e, 0x3d, 0x3a, 0x53, 0x37, 0x75, 0x31, 0x36, 0x71, 0xd0, 0xb7, - 0x2c, 0x98, 0xa8, 0x91, 0x38, 0xf1, 0x7c, 0xc6, 0x5f, 0x36, 0x7e, 0xeb, 0xc8, 0x8d, 0x97, 0x85, - 0x4b, 0x9a, 0x78, 0xf5, 0xb4, 0xe8, 0xc8, 0x84, 0x51, 0x18, 0xe3, 0x14, 0x7f, 0xba, 0xe2, 0x6a, - 0x24, 0x76, 0x23, 0x2f, 0xa4, 0xff, 0xd9, 0x9c, 0x31, 0x56, 0xdc, 0x92, 0x06, 0x61, 0x13, 0x0f, - 0xf9, 0x50, 0xa2, 0x2b, 0x2a, 0x9e, 0x19, 0x61, 0xed, 0x5f, 0x39, 0x5a, 0xfb, 0xc5, 0xa0, 0xd2, - 0xc5, 0xaa, 0x47, 0x9f, 0xfe, 0x8b, 0x31, 0x67, 0x83, 0xbe, 0x69, 0xc1, 0x8c, 0x58, 0xf1, 0x98, - 0xf0, 0x01, 0xbd, 0xb9, 0xe3, 0x25, 0xa4, 0xe9, 0xc5, 0xc9, 0x4c, 0x89, 0xb5, 0x61, 0x7e, 0xb0, - 0xb9, 0xb5, 0x1c, 0x05, 0xed, 0xf0, 0xaa, 0xe7, 0xd7, 0xaa, 0xe7, 0x05, 0xa7, 0x99, 0xc5, 0x3e, - 0x84, 0x71, 0x5f, 0x96, 0xe8, 0x57, 0x2d, 0x38, 0xeb, 0x3b, 0x2d, 0x12, 0x87, 0x0e, 0xfd, 0xb4, - 0x1c, 0x5c, 0x6d, 0x3a, 0xee, 0x2e, 0x6b, 0xd1, 0xe8, 0xfd, 0xb5, 0xc8, 0x16, 0x2d, 0x3a, 0x7b, - 0xad, 0x2f, 0x69, 0x7c, 0x0f, 0xb6, 0xe8, 0x37, 0x2d, 0x98, 0x0e, 0xa2, 0x70, 0xc7, 0xf1, 0x49, - 0x4d, 0x42, 0xe3, 0x99, 0x31, 0xb6, 0xf4, 0x3e, 0x73, 0xb4, 0x4f, 0xb4, 0x9e, 0x25, 0xbb, 0x16, - 0xf8, 0x5e, 0x12, 0x44, 0x9b, 0x24, 0x49, 0x3c, 0xbf, 0x11, 0x57, 0xcf, 0xdc, 0x39, 0x98, 0x9d, - 0xee, 0xc2, 0xc2, 0xdd, 0xed, 0x41, 0x3f, 0x0f, 0xe3, 0x71, 0xc7, 0x77, 0x6f, 0x7a, 0x7e, 0x2d, - 0xb8, 0x1d, 0xcf, 0x94, 0xf3, 0x58, 0xbe, 0x9b, 0x8a, 0xa0, 0x58, 0x80, 0x9a, 0x01, 0x36, 0xb9, - 0xf5, 0xfe, 0x70, 0x7a, 0x2a, 0x55, 0xf2, 0xfe, 0x70, 0x7a, 0x32, 0xdd, 0x83, 0x2d, 0xfa, 0x15, - 0x0b, 0x26, 0x63, 0xaf, 0xe1, 0x3b, 0x49, 0x3b, 0x22, 0x57, 0x49, 0x27, 0x9e, 0x01, 0xd6, 0x90, - 0x2b, 0x47, 0x1c, 0x15, 0x83, 0x64, 0xf5, 0x8c, 0x68, 0xe3, 0xa4, 0x59, 0x1a, 0xe3, 0x34, 0xdf, - 0x5e, 0x0b, 0x4d, 0x4f, 0xeb, 0xf1, 0x7c, 0x17, 0x9a, 0x9e, 0xd4, 0x7d, 0x59, 0xa2, 0x9f, 0x85, - 0x93, 0xbc, 0x48, 0x8d, 0x6c, 0x3c, 0x33, 0xc1, 0x04, 0xed, 0xe9, 0x3b, 0x07, 0xb3, 0x27, 0x37, - 0x33, 0x30, 0xdc, 0x85, 0x8d, 0xde, 0x84, 0xd9, 0x90, 0x44, 0x2d, 0x2f, 0x59, 0xf7, 0x9b, 0x1d, - 0x29, 0xbe, 0xdd, 0x20, 0x24, 0x35, 0xd1, 0x9c, 0x78, 0x66, 0xf2, 0xbc, 0xf5, 0x6c, 0xb9, 0xfa, - 0x93, 0xa2, 0x99, 0xb3, 0x1b, 0xf7, 0x46, 0xc7, 0x87, 0xd1, 0xb3, 0xff, 0x75, 0x01, 0x4e, 0x66, - 0x37, 0x4e, 0xf4, 0xdb, 0x16, 0x9c, 0xb8, 0x75, 0x3b, 0xd9, 0x0a, 0x76, 0x89, 0x1f, 0x57, 0x3b, - 0x54, 0xbc, 0xb1, 0x2d, 0x63, 0xfc, 0x82, 0x9b, 0xef, 0x16, 0x3d, 0x77, 0x25, 0xcd, 0xe5, 0xa2, - 0x9f, 0x44, 0x9d, 0xea, 0xe3, 0xa2, 0x77, 0x27, 0xae, 0xdc, 0xdc, 0x32, 0xa1, 0x38, 0xdb, 0xa8, - 0xb3, 0x5f, 0xb7, 0xe0, 0x74, 0x2f, 0x12, 0xe8, 0x24, 0x14, 0x77, 0x49, 0x87, 0x6b, 0x65, 0x98, - 0xfe, 0x44, 0x6f, 0x40, 0x69, 0xcf, 0x69, 0xb6, 0x89, 0xd0, 0x6e, 0x96, 0x8f, 0xd6, 0x11, 0xd5, - 0x32, 0xcc, 0xa9, 0xfe, 0x54, 0xe1, 0x25, 0xcb, 0xfe, 0xb7, 0x45, 0x18, 0x37, 0xf6, 0xb7, 0x07, - 0xa0, 0xb1, 0x05, 0x29, 0x8d, 0x6d, 0x2d, 0xb7, 0xad, 0xb9, 0xaf, 0xca, 0x76, 0x3b, 0xa3, 0xb2, - 0xad, 0xe7, 0xc7, 0xf2, 0x9e, 0x3a, 0x1b, 0x4a, 0xa0, 0x12, 0x84, 0x54, 0x23, 0xa7, 0x5b, 0xff, - 0x48, 0x1e, 0x9f, 0x70, 0x5d, 0x92, 0xab, 0x4e, 0xde, 0x39, 0x98, 0xad, 0xa8, 0xbf, 0x58, 0x33, - 0xb2, 0x7f, 0x60, 0xc1, 0x69, 0xa3, 0x8d, 0x8b, 0x81, 0x5f, 0xf3, 0xd8, 0xa7, 0x3d, 0x0f, 0x23, - 0x49, 0x27, 0x94, 0x6a, 0xbf, 0x1a, 0xa9, 0xad, 0x4e, 0x48, 0x30, 0x83, 0x50, 0x45, 0xbf, 0x45, - 0xe2, 0xd8, 0x69, 0x90, 0xac, 0xa2, 0xbf, 0xc6, 0x8b, 0xb1, 0x84, 0xa3, 0x08, 0x50, 0xd3, 0x89, - 0x93, 0xad, 0xc8, 0xf1, 0x63, 0x46, 0x7e, 0xcb, 0x6b, 0x11, 0x31, 0xc0, 0x7f, 0x61, 0xb0, 0x19, - 0x43, 0x6b, 0x54, 0x1f, 0xbb, 0x73, 0x30, 0x8b, 0x56, 0xbb, 0x28, 0xe1, 0x1e, 0xd4, 0xed, 0x5f, - 0xb5, 0xe0, 0xb1, 0xde, 0xba, 0x18, 0x7a, 0x06, 0x46, 0xb9, 0xc9, 0x27, 0x7a, 0xa7, 0x3f, 0x09, - 0x2b, 0xc5, 0x02, 0x8a, 0xe6, 0xa1, 0xa2, 0xf6, 0x09, 0xd1, 0xc7, 0x69, 0x81, 0x5a, 0xd1, 0x9b, - 0x8b, 0xc6, 0xa1, 0x83, 0x46, 0xff, 0x08, 0xcd, 0x4d, 0x0d, 0x1a, 0x33, 0x92, 0x18, 0xc4, 0xfe, - 0x33, 0x0b, 0x4e, 0x18, 0xad, 0x7a, 0x00, 0xaa, 0xb9, 0x9f, 0x56, 0xcd, 0x57, 0x72, 0x9b, 0xcf, - 0x7d, 0x74, 0xf3, 0x6f, 0x5a, 0x70, 0xd6, 0xc0, 0x5a, 0x73, 0x12, 0x77, 0xe7, 0xe2, 0x7e, 0x18, - 0x91, 0x98, 0x9a, 0xd3, 0xe8, 0x29, 0x43, 0x6e, 0x55, 0xc7, 0x05, 0x85, 0xe2, 0x55, 0xd2, 0xe1, - 0x42, 0xec, 0x39, 0x28, 0xf3, 0xc9, 0x19, 0x44, 0x62, 0xc4, 0x55, 0xdf, 0xd6, 0x45, 0x39, 0x56, - 0x18, 0xc8, 0x86, 0x51, 0x26, 0x9c, 0xe8, 0x62, 0xa5, 0xdb, 0x10, 0xd0, 0x8f, 0x78, 0x83, 0x95, - 0x60, 0x01, 0xb1, 0xef, 0x14, 0x98, 0xad, 0xa0, 0x56, 0x21, 0x79, 0x10, 0x86, 0x66, 0x94, 0x12, - 0x5b, 0x1b, 0xf9, 0xc9, 0x10, 0xd2, 0xdf, 0xd8, 0x7c, 0x2b, 0x23, 0xb9, 0x70, 0xae, 0x5c, 0xef, - 0x6d, 0x70, 0xfe, 0x5e, 0x01, 0x66, 0xd3, 0x15, 0xba, 0x04, 0x1f, 0xb5, 0x6e, 0x0c, 0x46, 0xd9, - 0xf3, 0x04, 0x03, 0x1f, 0x9b, 0x78, 0x7d, 0x64, 0x47, 0xe1, 0x38, 0x65, 0x87, 0x29, 0xda, 0x8a, - 0x87, 0x88, 0xb6, 0x67, 0xd4, 0xa8, 0x8f, 0x64, 0x64, 0x49, 0x5a, 0xbc, 0x9f, 0x87, 0x91, 0x38, - 0x21, 0xe1, 0x4c, 0x29, 0x2d, 0x1a, 0x36, 0x13, 0x12, 0x62, 0x06, 0xb1, 0xff, 0x5b, 0x01, 0x1e, - 0x4f, 0x8f, 0xa1, 0x96, 0xc6, 0x9f, 0x4c, 0x49, 0xe3, 0x8f, 0x9a, 0xd2, 0xf8, 0xee, 0xc1, 0xec, - 0x87, 0xfb, 0x54, 0xfb, 0x91, 0x11, 0xd6, 0x68, 0x39, 0x33, 0x8a, 0xf3, 0xe9, 0x51, 0xbc, 0x7b, - 0x30, 0xfb, 0x54, 0x9f, 0x3e, 0x66, 0x86, 0xf9, 0x19, 0x18, 0x8d, 0x88, 0x13, 0x07, 0xbe, 0x18, - 0x68, 0xf5, 0x39, 0x30, 0x2b, 0xc5, 0x02, 0x6a, 0xff, 0x59, 0x39, 0x3b, 0xd8, 0xcb, 0xfc, 0x3c, - 0x2c, 0x88, 0x90, 0x07, 0x23, 0x4c, 0xc3, 0xe6, 0xa2, 0xe1, 0xea, 0xd1, 0x96, 0x11, 0x95, 0xc8, - 0x8a, 0x74, 0xb5, 0x4c, 0xbf, 0x1a, 0x2d, 0xc2, 0x8c, 0x05, 0xda, 0x87, 0xb2, 0x2b, 0x15, 0xdf, - 0x42, 0x1e, 0x47, 0x44, 0x42, 0xed, 0xd5, 0x1c, 0x27, 0xa8, 0xe8, 0x54, 0xda, 0xb2, 0xe2, 0x86, - 0x08, 0x14, 0x1b, 0x5e, 0x22, 0x3e, 0xeb, 0x11, 0x4d, 0x9b, 0x65, 0xcf, 0xe8, 0xe2, 0x18, 0x95, - 0xe7, 0xcb, 0x5e, 0x82, 0x29, 0x7d, 0xf4, 0x55, 0x0b, 0xc6, 0x63, 0xb7, 0xb5, 0x11, 0x05, 0x7b, - 0x5e, 0x8d, 0x44, 0x42, 0xb1, 0x39, 0xa2, 0x68, 0xda, 0x5c, 0x5c, 0x93, 0x04, 0x35, 0x5f, 0x6e, - 0x6a, 0x6a, 0x08, 0x36, 0xf9, 0x52, 0x85, 0xff, 0x71, 0xd1, 0xf7, 0x25, 0xe2, 0x7a, 0x74, 0x2b, - 0x92, 0xf6, 0x0d, 0x9b, 0x29, 0x47, 0x56, 0xf4, 0x96, 0xda, 0xee, 0x2e, 0x5d, 0x6f, 0xba, 0x41, - 0x1f, 0xbe, 0x73, 0x30, 0xfb, 0xf8, 0x62, 0x6f, 0x9e, 0xb8, 0x5f, 0x63, 0xd8, 0x80, 0x85, 0xed, - 0x66, 0x13, 0x93, 0x37, 0xdb, 0x84, 0x9d, 0x5e, 0xe4, 0x30, 0x60, 0x1b, 0x9a, 0x60, 0x66, 0xc0, - 0x0c, 0x08, 0x36, 0xf9, 0xa2, 0x37, 0x61, 0xb4, 0xe5, 0x24, 0x91, 0xb7, 0x2f, 0x8e, 0x2c, 0x8e, - 0xa8, 0x7a, 0xaf, 0x31, 0x5a, 0x9a, 0x39, 0xdb, 0xa9, 0x79, 0x21, 0x16, 0x8c, 0x50, 0x0b, 0x4a, - 0x2d, 0x12, 0x35, 0xc8, 0x4c, 0x39, 0x8f, 0xe3, 0xd9, 0x35, 0x4a, 0x4a, 0x33, 0xac, 0x50, 0x45, - 0x85, 0x95, 0x61, 0xce, 0x05, 0xbd, 0x01, 0xe5, 0x98, 0x34, 0x89, 0x4b, 0x55, 0x8d, 0x0a, 0xe3, - 0xf8, 0xb1, 0x01, 0xd5, 0x2e, 0x67, 0x9b, 0x34, 0x37, 0x45, 0x55, 0xbe, 0xc0, 0xe4, 0x3f, 0xac, - 0x48, 0xda, 0xff, 0xd9, 0x02, 0x94, 0x96, 0x30, 0x0f, 0x40, 0xd9, 0x7b, 0x33, 0xad, 0xec, 0xad, - 0xe6, 0xa9, 0x02, 0xf4, 0xd1, 0xf7, 0xde, 0x2b, 0x43, 0x46, 0x36, 0x5f, 0x23, 0x71, 0x42, 0x6a, - 0x1f, 0xc8, 0xd3, 0x0f, 0xe4, 0xe9, 0x07, 0xf2, 0x54, 0xc9, 0xd3, 0xed, 0x8c, 0x3c, 0x7d, 0xc5, - 0x58, 0xf5, 0xfa, 0xb2, 0xf1, 0xb3, 0xea, 0x36, 0xd2, 0x6c, 0x81, 0x81, 0x40, 0x25, 0xc1, 0x95, - 0xcd, 0xf5, 0x6b, 0x3d, 0x05, 0xe8, 0x67, 0xd3, 0x02, 0xf4, 0xa8, 0x2c, 0x1e, 0xb8, 0xc8, 0xfc, - 0x1b, 0x05, 0x78, 0x22, 0x2d, 0x4a, 0x70, 0xd0, 0x6c, 0x06, 0xed, 0x84, 0x6a, 0xc9, 0xe8, 0xd7, - 0x2d, 0x38, 0xd9, 0x4a, 0x5b, 0x93, 0xb1, 0x38, 0xb4, 0xfb, 0x54, 0x6e, 0x72, 0x2e, 0x63, 0xae, - 0x56, 0x67, 0x84, 0xcc, 0x3b, 0x99, 0x01, 0xc4, 0xb8, 0xab, 0x2d, 0xe8, 0x0d, 0xa8, 0xb4, 0x9c, - 0xfd, 0xeb, 0x61, 0xcd, 0x49, 0xa4, 0x81, 0xd2, 0xdf, 0xae, 0x6c, 0x27, 0x5e, 0x73, 0x8e, 0x5f, - 0xc5, 0xce, 0xad, 0xf8, 0xc9, 0x7a, 0xb4, 0x99, 0x44, 0x9e, 0xdf, 0xe0, 0x47, 0x35, 0x6b, 0x92, - 0x0c, 0xd6, 0x14, 0xed, 0xbf, 0x65, 0x65, 0x05, 0xad, 0x1a, 0x9d, 0xc8, 0x49, 0x48, 0xa3, 0x83, - 0x3e, 0x0f, 0x25, 0x6a, 0x49, 0xc8, 0x51, 0xb9, 0x99, 0xa7, 0xf4, 0x37, 0xbe, 0x84, 0xde, 0x08, - 0xe8, 0xbf, 0x18, 0x73, 0xa6, 0xf6, 0x9d, 0x91, 0xec, 0x86, 0xc7, 0x2e, 0xe6, 0x2e, 0x00, 0x34, - 0x82, 0x2d, 0xd2, 0x0a, 0x9b, 0x74, 0x58, 0x2c, 0x76, 0xba, 0xab, 0x8c, 0xe7, 0x65, 0x05, 0xc1, - 0x06, 0x16, 0xfa, 0x2b, 0x16, 0x40, 0x43, 0x2e, 0x2c, 0xb9, 0x99, 0x5d, 0xcf, 0xb3, 0x3b, 0x7a, - 0xd9, 0xea, 0xb6, 0x28, 0x86, 0xd8, 0x60, 0x8e, 0xbe, 0x6c, 0x41, 0x39, 0x91, 0xcd, 0xe7, 0xe2, - 0x7d, 0x2b, 0xcf, 0x96, 0xc8, 0x4e, 0xeb, 0x7d, 0x5d, 0x0d, 0x89, 0xe2, 0x8b, 0x7e, 0xd9, 0x02, - 0x88, 0x3b, 0xbe, 0xbb, 0x11, 0x34, 0x3d, 0xb7, 0x23, 0xa4, 0xfe, 0x8d, 0x5c, 0x0d, 0x7c, 0x45, - 0xbd, 0x3a, 0x45, 0x47, 0x43, 0xff, 0xc7, 0x06, 0x67, 0xf4, 0x05, 0x28, 0xc7, 0x62, 0xba, 0x09, - 0x39, 0xbf, 0x95, 0xef, 0x31, 0x03, 0xa7, 0x2d, 0x44, 0x84, 0xf8, 0x87, 0x15, 0x4f, 0xfb, 0x7b, - 0x85, 0xd4, 0x79, 0xa5, 0x3a, 0x99, 0x60, 0x53, 0xc6, 0x95, 0x46, 0xa1, 0x5c, 0x01, 0xb9, 0x4e, - 0x19, 0x65, 0x72, 0xea, 0x29, 0xa3, 0x8a, 0x62, 0x6c, 0x30, 0xa7, 0x9b, 0xe3, 0xb4, 0x93, 0x3d, - 0xff, 0x10, 0xb3, 0xf8, 0x8d, 0x3c, 0x9b, 0xd4, 0x7d, 0xba, 0xfc, 0x84, 0x68, 0xda, 0x74, 0x17, - 0x08, 0x77, 0x37, 0xc9, 0xfe, 0x5e, 0xfa, 0x8c, 0xd4, 0xf8, 0x00, 0x03, 0x9c, 0xff, 0x7e, 0xcb, - 0x82, 0xf1, 0x28, 0x68, 0x36, 0x3d, 0xbf, 0x41, 0x27, 0x8b, 0x90, 0x78, 0xaf, 0x1f, 0x8b, 0xd0, - 0x11, 0xb3, 0x82, 0x6d, 0xb1, 0x58, 0xf3, 0xc4, 0x66, 0x03, 0xec, 0x2f, 0x59, 0x30, 0xd3, 0x6f, - 0x52, 0x23, 0x02, 0x1f, 0xa6, 0x92, 0x9a, 0x6e, 0x7c, 0xea, 0xf6, 0x73, 0xdd, 0x5f, 0x22, 0x4d, - 0xa2, 0x4e, 0xa3, 0xca, 0xd5, 0xa7, 0x45, 0x37, 0x3f, 0xbc, 0xd1, 0x1f, 0x15, 0xdf, 0x8b, 0x8e, - 0xfd, 0x5b, 0x85, 0xec, 0x88, 0x2a, 0xa1, 0xf6, 0x1d, 0xab, 0x4b, 0xf5, 0xff, 0xd4, 0x71, 0x08, - 0x12, 0x66, 0x24, 0xa8, 0x4b, 0xd0, 0xfe, 0x38, 0x0f, 0xf1, 0x96, 0xc5, 0xfe, 0x37, 0x23, 0x70, - 0x8f, 0x96, 0xa9, 0x73, 0x74, 0xab, 0xdf, 0x39, 0xfa, 0xf0, 0x47, 0xf3, 0xdf, 0xb0, 0x60, 0xb4, - 0x49, 0xb5, 0x10, 0x7e, 0x56, 0x3c, 0x7e, 0xa1, 0x76, 0x5c, 0x63, 0xcf, 0x95, 0x9d, 0x98, 0xdf, - 0xf4, 0xa9, 0xf3, 0x27, 0x5e, 0x88, 0x45, 0x1b, 0xd0, 0x77, 0x2d, 0x18, 0x77, 0x7c, 0x3f, 0x48, - 0x84, 0xeb, 0x09, 0x77, 0xdd, 0xf0, 0x8e, 0xad, 0x4d, 0x0b, 0x9a, 0x17, 0x6f, 0x98, 0x3e, 0x78, - 0xd5, 0x10, 0x6c, 0x36, 0x09, 0xcd, 0x01, 0xd4, 0x3d, 0xdf, 0x69, 0x7a, 0x6f, 0x51, 0x6b, 0xaa, - 0xc4, 0x0e, 0xd8, 0xd9, 0xd6, 0x70, 0x49, 0x95, 0x62, 0x03, 0xe3, 0xec, 0x5f, 0x86, 0x71, 0xa3, - 0xe7, 0x3d, 0x2e, 0x28, 0x4f, 0x9b, 0x17, 0x94, 0x15, 0xe3, 0x5e, 0xf1, 0xec, 0x2b, 0x70, 0x32, - 0xdb, 0xc0, 0x61, 0xea, 0xdb, 0xbf, 0x3d, 0x9a, 0x3d, 0x7e, 0xde, 0x22, 0x51, 0x8b, 0x36, 0xed, - 0x03, 0x2b, 0xf4, 0x03, 0x2b, 0xf4, 0x03, 0x2b, 0x54, 0xfe, 0xb1, 0xef, 0x94, 0x20, 0xa5, 0x19, - 0xf0, 0xd6, 0x7d, 0x04, 0xc6, 0x22, 0x12, 0x06, 0xd7, 0xf1, 0xaa, 0x90, 0xb8, 0xda, 0x65, 0x93, - 0x17, 0x63, 0x09, 0xa7, 0x92, 0x39, 0x74, 0x92, 0x1d, 0x21, 0x72, 0x95, 0x64, 0xde, 0x70, 0x92, - 0x1d, 0xcc, 0x20, 0xe8, 0x15, 0x98, 0x4a, 0x9c, 0xa8, 0x41, 0x12, 0x4c, 0xf6, 0xd8, 0x20, 0x88, - 0x23, 0xfd, 0xc7, 0x04, 0xee, 0xd4, 0x56, 0x0a, 0x8a, 0x33, 0xd8, 0xe8, 0x4d, 0x18, 0xd9, 0x21, - 0xcd, 0x96, 0x30, 0x93, 0x37, 0xf3, 0x93, 0x88, 0xac, 0xaf, 0x97, 0x49, 0xb3, 0xc5, 0xd7, 0x2b, - 0xfd, 0x85, 0x19, 0x2b, 0xfa, 0x75, 0x2a, 0xbb, 0xed, 0x38, 0x09, 0x5a, 0xde, 0x5b, 0xd2, 0x78, - 0xfe, 0x54, 0xce, 0x8c, 0xaf, 0x4a, 0xfa, 0xdc, 0xc2, 0x53, 0x7f, 0xb1, 0xe6, 0xcc, 0xda, 0x51, - 0xf3, 0x22, 0x66, 0x0c, 0x77, 0x66, 0xe0, 0x58, 0xda, 0xb1, 0x24, 0xe9, 0xf3, 0x76, 0xa8, 0xbf, - 0x58, 0x73, 0x46, 0x1d, 0x18, 0x0d, 0x9b, 0xed, 0x86, 0xe7, 0xcf, 0x8c, 0xb3, 0x36, 0x5c, 0xcf, - 0xb9, 0x0d, 0x1b, 0x8c, 0x38, 0x3f, 0xc2, 0xe0, 0xbf, 0xb1, 0x60, 0x88, 0x9e, 0x86, 0x92, 0xbb, - 0xe3, 0x44, 0xc9, 0xcc, 0x04, 0x9b, 0x34, 0xca, 0xd2, 0x5c, 0xa4, 0x85, 0x98, 0xc3, 0xd0, 0x53, - 0x50, 0x8c, 0x48, 0x9d, 0x79, 0x0a, 0x19, 0x77, 0xc8, 0x98, 0xd4, 0x31, 0x2d, 0xb7, 0xff, 0x4e, - 0x21, 0xad, 0x5c, 0xa4, 0xfb, 0xcd, 0x67, 0xbb, 0xdb, 0x8e, 0x62, 0x69, 0x8d, 0x1a, 0xb3, 0x9d, - 0x15, 0x63, 0x09, 0x47, 0x5f, 0xb2, 0x60, 0xec, 0x56, 0x1c, 0xf8, 0x3e, 0x49, 0x84, 0x20, 0xbf, - 0x91, 0xf3, 0x50, 0x5c, 0xe1, 0xd4, 0x75, 0x1b, 0x44, 0x01, 0x96, 0x7c, 0x69, 0x73, 0xc9, 0xbe, - 0xdb, 0x6c, 0xd7, 0xba, 0xee, 0x22, 0x2f, 0xf2, 0x62, 0x2c, 0xe1, 0x14, 0xd5, 0xf3, 0x39, 0xea, - 0x48, 0x1a, 0x75, 0xc5, 0x17, 0xa8, 0x02, 0x6e, 0xff, 0x6e, 0x09, 0xce, 0xf4, 0x5c, 0x1c, 0x74, - 0xdb, 0x67, 0x1b, 0xeb, 0x25, 0xaf, 0x49, 0xa4, 0x1f, 0x2d, 0xdb, 0xf6, 0x6f, 0xa8, 0x52, 0x6c, - 0x60, 0xa0, 0x5f, 0x04, 0x08, 0x9d, 0xc8, 0x69, 0x11, 0xb1, 0xdd, 0x15, 0x8f, 0xbe, 0xbb, 0xd2, - 0x76, 0x6c, 0x48, 0x9a, 0xda, 0xda, 0x52, 0x45, 0x31, 0x36, 0x58, 0xa2, 0x8f, 0xc3, 0x78, 0x44, - 0x9a, 0xc4, 0x89, 0x99, 0xa3, 0x59, 0xd6, 0x6b, 0x16, 0x6b, 0x10, 0x36, 0xf1, 0xd0, 0x33, 0xca, - 0x77, 0x20, 0x73, 0x71, 0x9b, 0xf6, 0x1f, 0x40, 0x6f, 0x5b, 0x30, 0x55, 0xf7, 0x9a, 0x44, 0x73, - 0x17, 0x3e, 0xae, 0xeb, 0x47, 0xef, 0xe4, 0x25, 0x93, 0xae, 0x96, 0x90, 0xa9, 0xe2, 0x18, 0x67, - 0xd8, 0xd3, 0xcf, 0xbc, 0x47, 0x22, 0x26, 0x5a, 0x47, 0xd3, 0x9f, 0xf9, 0x06, 0x2f, 0xc6, 0x12, - 0x8e, 0x16, 0xe0, 0x44, 0xe8, 0xc4, 0xf1, 0x62, 0x44, 0x6a, 0xc4, 0x4f, 0x3c, 0xa7, 0xc9, 0x3d, - 0x50, 0xcb, 0xda, 0x03, 0x6d, 0x23, 0x0d, 0xc6, 0x59, 0x7c, 0xf4, 0x69, 0x78, 0xdc, 0x6b, 0xf8, - 0x41, 0x44, 0xd6, 0xbc, 0x38, 0xf6, 0xfc, 0x86, 0x9e, 0x06, 0x4c, 0x52, 0x96, 0xab, 0xb3, 0x82, - 0xd4, 0xe3, 0x2b, 0xbd, 0xd1, 0x70, 0xbf, 0xfa, 0xe8, 0x39, 0x28, 0xc7, 0xbb, 0x5e, 0xb8, 0x18, - 0xd5, 0x62, 0x76, 0x9c, 0x58, 0xd6, 0x67, 0x20, 0x9b, 0xa2, 0x1c, 0x2b, 0x0c, 0xfb, 0xd7, 0x0a, - 0x69, 0xf3, 0xce, 0x5c, 0x3f, 0x28, 0xa6, 0xab, 0x24, 0xb9, 0xe1, 0x44, 0xd2, 0xf4, 0x3f, 0xa2, - 0x0f, 0xab, 0xa0, 0x7b, 0xc3, 0x89, 0xcc, 0xf5, 0xc6, 0x18, 0x60, 0xc9, 0x09, 0xdd, 0x82, 0x91, - 0xa4, 0xe9, 0xe4, 0xe4, 0xf4, 0x6e, 0x70, 0xd4, 0xd6, 0xf6, 0xea, 0x42, 0x8c, 0x19, 0x0f, 0xf4, - 0x24, 0x55, 0x5f, 0xb7, 0xa5, 0xa3, 0x8b, 0xd0, 0x38, 0xb7, 0x63, 0xcc, 0x4a, 0xed, 0xff, 0x31, - 0xda, 0x43, 0xe4, 0xa9, 0x3d, 0x06, 0x5d, 0x00, 0xa0, 0x96, 0xd0, 0x46, 0x44, 0xea, 0xde, 0xbe, - 0xd8, 0xe3, 0xd5, 0xb2, 0xba, 0xa6, 0x20, 0xd8, 0xc0, 0x92, 0x75, 0x36, 0xdb, 0x75, 0x5a, 0xa7, - 0xd0, 0x5d, 0x87, 0x43, 0xb0, 0x81, 0x85, 0x5e, 0x84, 0x51, 0xaf, 0xe5, 0x34, 0x94, 0x3f, 0xce, - 0x93, 0x74, 0x3d, 0xad, 0xb0, 0x92, 0xbb, 0x07, 0xb3, 0x53, 0xaa, 0x41, 0xac, 0x08, 0x0b, 0x5c, - 0xf4, 0x5b, 0x16, 0x4c, 0xb8, 0x41, 0xab, 0x15, 0xf8, 0xdc, 0x7e, 0x10, 0xc6, 0xd0, 0xad, 0xe3, - 0xda, 0x81, 0xe7, 0x16, 0x0d, 0x66, 0xdc, 0x1a, 0x52, 0xde, 0xf9, 0x26, 0x08, 0xa7, 0x5a, 0x65, - 0x2e, 0xbb, 0xd2, 0x21, 0xcb, 0xee, 0x9f, 0x58, 0x30, 0xcd, 0xeb, 0x1a, 0x66, 0x8d, 0x70, 0x44, - 0x0f, 0x8e, 0xb9, 0x5b, 0x5d, 0x96, 0x9e, 0x3a, 0x12, 0xea, 0x82, 0xe3, 0xee, 0x46, 0xa2, 0x65, - 0x98, 0xae, 0x07, 0x91, 0x4b, 0xcc, 0x81, 0x10, 0x32, 0x43, 0x11, 0xba, 0x94, 0x45, 0xc0, 0xdd, - 0x75, 0xd0, 0x0d, 0x78, 0xcc, 0x28, 0x34, 0xc7, 0x81, 0x8b, 0x8d, 0x73, 0x82, 0xda, 0x63, 0x97, - 0x7a, 0x62, 0xe1, 0x3e, 0xb5, 0xcf, 0x7e, 0x12, 0xa6, 0xbb, 0xbe, 0xdf, 0x50, 0xc6, 0xe6, 0x12, - 0x3c, 0xd6, 0x7b, 0xa4, 0x86, 0x32, 0x39, 0xff, 0x51, 0xc6, 0x5b, 0xc7, 0x50, 0x6c, 0x06, 0x38, - 0xbe, 0x70, 0xa0, 0x48, 0xfc, 0x3d, 0x21, 0x38, 0x2e, 0x1d, 0x6d, 0x46, 0x5c, 0xf4, 0xf7, 0xf8, - 0x87, 0x66, 0x36, 0xda, 0x45, 0x7f, 0x0f, 0x53, 0xda, 0xe8, 0x1d, 0x2b, 0xb5, 0x31, 0xf3, 0x43, - 0x8f, 0xcf, 0x1c, 0x8b, 0x26, 0x37, 0xf0, 0x5e, 0x6d, 0x7f, 0xaf, 0x00, 0xe7, 0x0f, 0x23, 0x32, - 0xc0, 0xf0, 0x3d, 0x0d, 0xa3, 0x31, 0xbb, 0x2e, 0x11, 0x2b, 0x71, 0x9c, 0xae, 0x42, 0x7e, 0x81, - 0xf2, 0x59, 0x2c, 0x40, 0xe8, 0x97, 0x2d, 0x28, 0xb6, 0x9c, 0x50, 0xf4, 0xbc, 0x71, 0xbc, 0x3d, - 0x9f, 0x5b, 0x73, 0x42, 0xfe, 0x15, 0x94, 0x3e, 0xba, 0xe6, 0x84, 0x98, 0x36, 0x00, 0xcd, 0x42, - 0xc9, 0x89, 0x22, 0xa7, 0xc3, 0xe4, 0x5a, 0x85, 0x5f, 0xab, 0x2d, 0xd0, 0x02, 0xcc, 0xcb, 0xcf, - 0x7e, 0x02, 0xca, 0xb2, 0xfa, 0x50, 0x73, 0xf0, 0x1b, 0x63, 0x29, 0x67, 0x52, 0x76, 0xdd, 0x12, - 0xc3, 0xa8, 0x30, 0x80, 0xad, 0xbc, 0xfd, 0x97, 0x79, 0x34, 0x00, 0xd3, 0xda, 0x45, 0x4c, 0x95, - 0x60, 0x85, 0xbe, 0x6e, 0xb1, 0xc8, 0x25, 0xe9, 0x60, 0x2b, 0x74, 0xe5, 0xe3, 0x09, 0xa4, 0x32, - 0xe3, 0xa1, 0x64, 0x21, 0x36, 0xb9, 0x53, 0x41, 0x1d, 0x72, 0x1f, 0xfc, 0xac, 0xc6, 0x2c, 0x63, - 0x9b, 0x24, 0x1c, 0xed, 0xf7, 0xb8, 0x56, 0xc9, 0x21, 0xfa, 0x65, 0x80, 0x8b, 0x94, 0xef, 0x5a, - 0x30, 0xcd, 0xf5, 0xa2, 0x25, 0xaf, 0x5e, 0x27, 0x11, 0xf1, 0x5d, 0x22, 0x35, 0xcb, 0x23, 0x5e, - 0xdc, 0xc9, 0x53, 0x87, 0x95, 0x2c, 0x79, 0x2d, 0xc1, 0xbb, 0x40, 0xb8, 0xbb, 0x31, 0xa8, 0x06, - 0x23, 0x9e, 0x5f, 0x0f, 0xc4, 0xbe, 0x55, 0x3d, 0x5a, 0xa3, 0x56, 0xfc, 0x7a, 0xa0, 0xd7, 0x32, - 0xfd, 0x87, 0x19, 0x75, 0xb4, 0x0a, 0xa7, 0x23, 0x61, 0xfb, 0x5f, 0xf6, 0x62, 0x6a, 0xa1, 0xad, - 0x7a, 0x2d, 0x2f, 0x61, 0x7b, 0x4e, 0xb1, 0x3a, 0x73, 0xe7, 0x60, 0xf6, 0x34, 0xee, 0x01, 0xc7, - 0x3d, 0x6b, 0xa1, 0xb7, 0x60, 0x4c, 0x86, 0x5a, 0x95, 0xf3, 0xd0, 0xd2, 0xbb, 0xe7, 0xbf, 0x9a, - 0x4c, 0x9b, 0x22, 0xaa, 0x4a, 0x32, 0xb4, 0xff, 0x25, 0x40, 0xf7, 0xb5, 0x0b, 0xfa, 0x05, 0xa8, - 0x44, 0x2a, 0xfc, 0xcb, 0xca, 0xc3, 0x2d, 0x47, 0x7e, 0x5f, 0x71, 0xe5, 0xa3, 0xce, 0xbd, 0x75, - 0xa0, 0x97, 0xe6, 0x48, 0x75, 0xd4, 0x58, 0xdf, 0xce, 0xe4, 0x30, 0xb7, 0x05, 0x57, 0x7d, 0xaa, - 0xdf, 0xf1, 0x5d, 0xcc, 0x78, 0xa0, 0x08, 0x46, 0x77, 0x88, 0xd3, 0x4c, 0x76, 0xf2, 0x39, 0x80, - 0xbc, 0xcc, 0x68, 0x65, 0x3d, 0x8f, 0x79, 0x29, 0x16, 0x9c, 0xd0, 0x3e, 0x8c, 0xed, 0xf0, 0x09, - 0x20, 0xd4, 0xc6, 0xb5, 0xa3, 0x0e, 0x6e, 0x6a, 0x56, 0xe9, 0xcf, 0x2d, 0x0a, 0xb0, 0x64, 0xc7, - 0xee, 0x64, 0x8d, 0x1b, 0x47, 0xbe, 0x74, 0xf3, 0x73, 0xba, 0x1e, 0xfc, 0xba, 0xf1, 0x73, 0x30, - 0x11, 0x11, 0x37, 0xf0, 0x5d, 0xaf, 0x49, 0x6a, 0x0b, 0xf2, 0x70, 0x71, 0x18, 0x57, 0xdd, 0x93, - 0x54, 0xf5, 0xc5, 0x06, 0x0d, 0x9c, 0xa2, 0x88, 0xbe, 0x66, 0xc1, 0x94, 0x8a, 0x19, 0xa1, 0x1f, - 0x84, 0x88, 0xe3, 0xb9, 0xd5, 0x9c, 0x22, 0x54, 0x18, 0xcd, 0x2a, 0xa2, 0xc6, 0x6f, 0xba, 0x0c, - 0x67, 0xf8, 0xa2, 0xd7, 0x00, 0x82, 0x6d, 0x76, 0xfd, 0x46, 0xbb, 0x5a, 0x1e, 0xba, 0xab, 0x53, - 0xdc, 0x67, 0x5f, 0x52, 0xc0, 0x06, 0x35, 0x74, 0x15, 0x80, 0x2f, 0x9b, 0xad, 0x4e, 0x48, 0x98, - 0x45, 0xaa, 0x7d, 0xad, 0x61, 0x53, 0x41, 0xee, 0x1e, 0xcc, 0x76, 0x9f, 0x9d, 0xb0, 0x8b, 0x51, - 0xa3, 0x3a, 0xfa, 0x79, 0x18, 0x8b, 0xdb, 0xad, 0x96, 0xa3, 0x4e, 0xf2, 0x72, 0x8c, 0x02, 0xe0, - 0x74, 0x0d, 0x51, 0xc4, 0x0b, 0xb0, 0xe4, 0x88, 0x6e, 0x51, 0xa1, 0x1a, 0x8b, 0x43, 0x1d, 0xb6, - 0x8a, 0xb8, 0x4e, 0x30, 0xce, 0xfa, 0xf4, 0x09, 0x51, 0xef, 0x34, 0xee, 0x81, 0x73, 0xf7, 0x60, - 0xf6, 0xb1, 0x74, 0xf9, 0x6a, 0x20, 0xfc, 0xf2, 0x7b, 0xd2, 0x44, 0x57, 0x64, 0xe4, 0x35, 0xed, - 0xb6, 0x0c, 0x08, 0x7c, 0x56, 0x47, 0x5e, 0xb3, 0xe2, 0xfe, 0x63, 0x66, 0x56, 0xb6, 0xfd, 0xb4, - 0x0b, 0x89, 0xe8, 0xcd, 0x8b, 0x30, 0x41, 0xf6, 0x13, 0x12, 0xf9, 0x4e, 0xf3, 0x3a, 0x5e, 0x95, - 0x87, 0x52, 0x6c, 0xd2, 0x5e, 0x34, 0xca, 0x71, 0x0a, 0x0b, 0xd9, 0xca, 0x18, 0x2d, 0xe8, 0xe0, - 0x10, 0x6e, 0x8c, 0x4a, 0xd3, 0xd3, 0xfe, 0xbf, 0x85, 0x94, 0x06, 0xb5, 0x15, 0x11, 0x82, 0x02, - 0x28, 0xf9, 0x41, 0x4d, 0x09, 0xeb, 0x2b, 0xf9, 0x08, 0xeb, 0x6b, 0x41, 0xcd, 0x88, 0xa7, 0xa6, - 0xff, 0x62, 0xcc, 0xf9, 0xb0, 0x80, 0x53, 0x19, 0x99, 0xcb, 0x00, 0xc2, 0x2e, 0xc8, 0x93, 0xb3, - 0x0a, 0x38, 0x5d, 0x37, 0x19, 0xe1, 0x34, 0x5f, 0xb4, 0x0b, 0xa5, 0x9d, 0x20, 0x4e, 0xa4, 0xb5, - 0x70, 0x44, 0xc3, 0xe4, 0x72, 0x10, 0x27, 0x6c, 0xdb, 0x57, 0xdd, 0xa6, 0x25, 0x31, 0xe6, 0x3c, - 0xec, 0xff, 0x62, 0xa5, 0x8e, 0x20, 0x6f, 0x32, 0x77, 0xaa, 0x3d, 0xe2, 0xd3, 0x75, 0x68, 0xfa, - 0x1e, 0xfc, 0xa5, 0x4c, 0xb4, 0xc3, 0x4f, 0xf6, 0xcb, 0x6e, 0x71, 0x9b, 0x52, 0x98, 0x63, 0x24, - 0x0c, 0x37, 0x85, 0x2f, 0x5a, 0xe9, 0xb8, 0x13, 0xbe, 0x11, 0xe6, 0x18, 0x06, 0x75, 0x68, 0x08, - 0x8b, 0xfd, 0x8e, 0x05, 0x63, 0x55, 0xc7, 0xdd, 0x0d, 0xea, 0x75, 0xf4, 0x1c, 0x94, 0x6b, 0xed, - 0xc8, 0x0c, 0x81, 0x51, 0x67, 0x5e, 0x4b, 0xa2, 0x1c, 0x2b, 0x0c, 0x3a, 0x87, 0xeb, 0x8e, 0x2b, - 0x83, 0xa1, 0x8a, 0x7c, 0x0e, 0x5f, 0x62, 0x25, 0x58, 0x40, 0xd0, 0xc7, 0x61, 0xbc, 0xe5, 0xec, - 0xcb, 0xca, 0xd9, 0xf3, 0xcf, 0x35, 0x0d, 0xc2, 0x26, 0x9e, 0xfd, 0xaf, 0x2c, 0x98, 0xa9, 0x3a, - 0xb1, 0xe7, 0x2e, 0xb4, 0x93, 0x9d, 0xaa, 0x97, 0x6c, 0xb7, 0xdd, 0x5d, 0x92, 0xf0, 0x08, 0x38, - 0xda, 0xca, 0x76, 0x4c, 0x97, 0x92, 0x32, 0xc3, 0x54, 0x2b, 0xaf, 0x8b, 0x72, 0xac, 0x30, 0xd0, - 0x5b, 0x30, 0x1e, 0x3a, 0x71, 0x7c, 0x3b, 0x88, 0x6a, 0x98, 0xd4, 0xf3, 0x89, 0x3f, 0xdd, 0x24, - 0x6e, 0x44, 0x12, 0x4c, 0xea, 0xe2, 0x46, 0x4b, 0xd3, 0xc7, 0x26, 0x33, 0xfb, 0xf7, 0x2a, 0x30, - 0x26, 0xae, 0xe3, 0x06, 0x8e, 0xeb, 0x93, 0x06, 0x66, 0xa1, 0xaf, 0x81, 0x19, 0xc3, 0xa8, 0xcb, - 0xb2, 0xa0, 0x08, 0x4d, 0xe6, 0x6a, 0x2e, 0xf7, 0xb7, 0x3c, 0xb1, 0x8a, 0x6e, 0x16, 0xff, 0x8f, - 0x05, 0x2b, 0xf4, 0x6d, 0x0b, 0x4e, 0xb8, 0x81, 0xef, 0x13, 0x57, 0x6f, 0xb3, 0x23, 0x79, 0x78, - 0x64, 0x2c, 0xa6, 0x89, 0xea, 0xc3, 0xdf, 0x0c, 0x00, 0x67, 0xd9, 0xa3, 0x97, 0x61, 0x92, 0x8f, - 0xd9, 0x8d, 0xd4, 0xc9, 0x97, 0x0e, 0x5f, 0x37, 0x81, 0x38, 0x8d, 0x8b, 0xe6, 0xf8, 0x09, 0xa2, - 0x08, 0x14, 0x1f, 0xd5, 0x37, 0x09, 0x46, 0x88, 0xb8, 0x81, 0x81, 0x22, 0x40, 0x11, 0xa9, 0x47, - 0x24, 0xde, 0x11, 0xd7, 0x95, 0x6c, 0x8b, 0x1f, 0xbb, 0xbf, 0xc0, 0x23, 0xdc, 0x45, 0x09, 0xf7, - 0xa0, 0x8e, 0x76, 0x85, 0x8d, 0x53, 0xce, 0x43, 0x2a, 0x88, 0xcf, 0xdc, 0xd7, 0xd4, 0x99, 0x85, - 0x52, 0xbc, 0xe3, 0x44, 0x35, 0xa6, 0x5a, 0x14, 0xf9, 0x41, 0xc0, 0x26, 0x2d, 0xc0, 0xbc, 0x1c, - 0x2d, 0xc1, 0xc9, 0x4c, 0xf0, 0x7d, 0xcc, 0x94, 0x87, 0xb2, 0xf6, 0x43, 0xcd, 0x84, 0xed, 0xc7, - 0xb8, 0xab, 0x86, 0x69, 0xff, 0x8e, 0x1f, 0x62, 0xff, 0x76, 0x94, 0x53, 0xcc, 0x04, 0x93, 0xf8, - 0xaf, 0xe6, 0x32, 0x00, 0x03, 0x79, 0xc0, 0x7c, 0x33, 0xe3, 0x01, 0x33, 0xc9, 0x1a, 0x70, 0x23, - 0x9f, 0x06, 0x0c, 0xef, 0xee, 0xf2, 0x30, 0xdd, 0x57, 0xfe, 0x8f, 0x05, 0xf2, 0xbb, 0x2e, 0x3a, - 0xee, 0x0e, 0xa1, 0x53, 0x06, 0xbd, 0x02, 0x53, 0xca, 0x8a, 0x5b, 0x0c, 0xda, 0x3e, 0xf7, 0x5c, - 0x29, 0xea, 0x5b, 0x22, 0x9c, 0x82, 0xe2, 0x0c, 0x36, 0x9a, 0x87, 0x0a, 0x1d, 0x27, 0x5e, 0x95, - 0xef, 0x1e, 0xca, 0x52, 0x5c, 0xd8, 0x58, 0x11, 0xb5, 0x34, 0x0e, 0x0a, 0x60, 0xba, 0xe9, 0xc4, - 0x09, 0x6b, 0x01, 0x35, 0xea, 0xee, 0x33, 0xec, 0x8f, 0xe5, 0x1e, 0x59, 0xcd, 0x12, 0xc2, 0xdd, - 0xb4, 0xed, 0x1f, 0x8c, 0xc0, 0x64, 0x4a, 0x32, 0x0e, 0xb9, 0xed, 0x3c, 0x07, 0x65, 0xb9, 0x13, - 0x64, 0x63, 0x85, 0xd5, 0x76, 0xa1, 0x30, 0xe8, 0x36, 0xb9, 0x4d, 0x9c, 0x88, 0x44, 0x2c, 0xad, - 0x41, 0x76, 0x9b, 0xac, 0x6a, 0x10, 0x36, 0xf1, 0x98, 0x50, 0x4e, 0x9a, 0xf1, 0x62, 0xd3, 0x23, - 0x7e, 0xc2, 0x9b, 0x99, 0x8f, 0x50, 0xde, 0x5a, 0xdd, 0x34, 0x89, 0x6a, 0xa1, 0x9c, 0x01, 0xe0, - 0x2c, 0x7b, 0xf4, 0x15, 0x0b, 0x26, 0x9d, 0xdb, 0xb1, 0x4e, 0xd5, 0x25, 0x7c, 0x5d, 0x8e, 0xb8, - 0x49, 0xa5, 0xb2, 0x7f, 0x55, 0xa7, 0xa9, 0x78, 0x4f, 0x15, 0xe1, 0x34, 0x53, 0xf4, 0x1d, 0x0b, - 0x10, 0xd9, 0x27, 0xae, 0xf4, 0xc6, 0x11, 0x6d, 0x19, 0xcd, 0xc3, 0xd8, 0xb9, 0xd8, 0x45, 0x97, - 0x4b, 0xf5, 0xee, 0x72, 0xdc, 0xa3, 0x0d, 0xf6, 0x3f, 0x2b, 0xaa, 0x05, 0xa5, 0x1d, 0xc0, 0x1c, - 0x23, 0x78, 0xc1, 0xba, 0xff, 0xe0, 0x05, 0x7d, 0x45, 0xd9, 0x15, 0xc0, 0x90, 0xf6, 0x15, 0x2f, - 0x3c, 0x24, 0x5f, 0xf1, 0x2f, 0x5b, 0xa9, 0xa8, 0xf8, 0xf1, 0x0b, 0xaf, 0xe5, 0xeb, 0x7c, 0x36, - 0xc7, 0x2f, 0xc8, 0x33, 0xd2, 0x3d, 0x7d, 0x6b, 0x4e, 0xa5, 0xa9, 0x81, 0x36, 0x94, 0x34, 0xfc, - 0x0f, 0x45, 0x18, 0x37, 0x76, 0xd2, 0x9e, 0x6a, 0x91, 0xf5, 0x88, 0xa9, 0x45, 0x85, 0x21, 0xd4, - 0xa2, 0x5f, 0x84, 0x8a, 0x2b, 0xa5, 0x7c, 0x3e, 0x79, 0xe1, 0xb2, 0x7b, 0x87, 0x16, 0xf4, 0xaa, - 0x08, 0x6b, 0x9e, 0x68, 0x39, 0xe5, 0x9d, 0x2e, 0x76, 0x88, 0x11, 0xb6, 0x43, 0xf4, 0x72, 0x1f, - 0x17, 0x3b, 0x45, 0x77, 0x1d, 0xf4, 0x02, 0xb5, 0xac, 0x3c, 0xd1, 0x2f, 0xe9, 0x22, 0xca, 0xd4, - 0xf5, 0x85, 0x8d, 0x15, 0x59, 0x8c, 0x4d, 0x1c, 0xfb, 0x07, 0x96, 0xfa, 0xb8, 0x0f, 0x20, 0x1c, - 0xf2, 0x56, 0x3a, 0x1c, 0xf2, 0x62, 0x2e, 0xc3, 0xdc, 0x27, 0x0e, 0xf2, 0x1a, 0x8c, 0x2d, 0x06, - 0xad, 0x96, 0xe3, 0xd7, 0xd0, 0x4f, 0xc0, 0x98, 0xcb, 0x7f, 0x8a, 0xa3, 0x0a, 0x76, 0x3f, 0x25, - 0xa0, 0x58, 0xc2, 0xd0, 0x93, 0x30, 0xe2, 0x44, 0x0d, 0x79, 0x3c, 0xc1, 0xae, 0xf4, 0x17, 0xa2, - 0x46, 0x8c, 0x59, 0xa9, 0xfd, 0x76, 0x11, 0x60, 0x31, 0x68, 0x85, 0x4e, 0x44, 0x6a, 0x5b, 0x01, - 0xcb, 0x4b, 0x73, 0xac, 0xf7, 0x3a, 0xda, 0x58, 0x7a, 0x94, 0xef, 0x76, 0x8c, 0xf3, 0xfd, 0xe2, - 0x83, 0x3e, 0xdf, 0xff, 0x86, 0x05, 0x88, 0x7e, 0x91, 0xc0, 0x27, 0x7e, 0xa2, 0xaf, 0x2b, 0xe7, - 0xa1, 0xe2, 0xca, 0x52, 0xa1, 0xb5, 0xe8, 0xf5, 0x27, 0x01, 0x58, 0xe3, 0x0c, 0x60, 0x7e, 0x3e, - 0x2d, 0x85, 0x63, 0x31, 0xed, 0x05, 0xc7, 0x44, 0xaa, 0x90, 0x95, 0xf6, 0xef, 0x17, 0xe0, 0x31, - 0xbe, 0xdf, 0xad, 0x39, 0xbe, 0xd3, 0x20, 0x2d, 0xda, 0xaa, 0x41, 0x2f, 0xa0, 0x5d, 0x6a, 0xf7, - 0x78, 0xd2, 0xab, 0xed, 0xa8, 0x0b, 0x83, 0x4f, 0x68, 0x3e, 0x85, 0x57, 0x7c, 0x2f, 0xc1, 0x8c, - 0x38, 0x8a, 0xa1, 0x2c, 0xb3, 0x8c, 0x0a, 0x41, 0x97, 0x13, 0x23, 0xb5, 0xe6, 0xc5, 0xa6, 0x44, - 0xb0, 0x62, 0x44, 0xb5, 0xc2, 0x66, 0xe0, 0xee, 0x62, 0x12, 0x06, 0x4c, 0xa8, 0x19, 0x4e, 0x45, - 0xab, 0xa2, 0x1c, 0x2b, 0x0c, 0xfb, 0xf7, 0x2d, 0xc8, 0x8a, 0x7b, 0x23, 0xa5, 0x87, 0x75, 0xcf, - 0x94, 0x1e, 0x43, 0xe4, 0xd4, 0xf8, 0x39, 0x18, 0x77, 0x12, 0xba, 0x43, 0x73, 0x9b, 0xb6, 0x78, - 0x7f, 0xc7, 0xd6, 0x6b, 0x41, 0xcd, 0xab, 0x7b, 0xcc, 0x96, 0x35, 0xc9, 0xd9, 0xff, 0x6b, 0x04, - 0xa6, 0xbb, 0x3c, 0x95, 0xd1, 0x4b, 0x30, 0xe1, 0x8a, 0xe9, 0x11, 0x62, 0x52, 0x17, 0x9d, 0x31, - 0x3c, 0x5d, 0x34, 0x0c, 0xa7, 0x30, 0x07, 0x98, 0xa0, 0x2b, 0x70, 0x2a, 0xa2, 0x56, 0x74, 0x9b, - 0x2c, 0xd4, 0x13, 0x12, 0x6d, 0x12, 0x37, 0xf0, 0x6b, 0x3c, 0xf1, 0x4c, 0xb1, 0xfa, 0xf8, 0x9d, - 0x83, 0xd9, 0x53, 0xb8, 0x1b, 0x8c, 0x7b, 0xd5, 0x41, 0x21, 0x4c, 0x36, 0x4d, 0x05, 0x4b, 0x68, - 0xd7, 0xf7, 0xa5, 0x9b, 0xa9, 0x0d, 0x38, 0x55, 0x8c, 0xd3, 0x0c, 0xd2, 0x5a, 0x5a, 0xe9, 0x21, - 0x69, 0x69, 0xbf, 0xa4, 0xb5, 0x34, 0x7e, 0xbf, 0xfa, 0x7a, 0xce, 0x9e, 0xea, 0xc7, 0xad, 0xa6, - 0xbd, 0x0a, 0x65, 0xe9, 0x79, 0x32, 0x90, 0xc7, 0x86, 0x49, 0xa7, 0x8f, 0x44, 0xbb, 0x5b, 0x80, - 0x1e, 0x1a, 0x3e, 0x5d, 0x67, 0x7a, 0x3b, 0x4d, 0xad, 0xb3, 0xe1, 0xb6, 0x54, 0xb4, 0xcf, 0xbd, - 0x6e, 0xf8, 0xc6, 0xf1, 0xe9, 0xbc, 0x2d, 0x14, 0xed, 0x88, 0xa3, 0x5c, 0x40, 0x94, 0x33, 0xce, - 0x05, 0x00, 0xad, 0x05, 0x09, 0x87, 0x53, 0x75, 0xad, 0xa7, 0x95, 0x25, 0x6c, 0x60, 0x51, 0x83, - 0xd5, 0xf3, 0xe3, 0xc4, 0x69, 0x36, 0x2f, 0x7b, 0x7e, 0x22, 0x4e, 0xde, 0xd4, 0x0e, 0xb9, 0xa2, - 0x41, 0xd8, 0xc4, 0x3b, 0xfb, 0x09, 0xe3, 0xbb, 0x0c, 0xf3, 0x3d, 0x77, 0xe0, 0x89, 0x65, 0x2f, - 0x51, 0x6e, 0xd2, 0x6a, 0x1e, 0x51, 0x25, 0x47, 0xb9, 0xfd, 0x5b, 0x7d, 0xdd, 0xfe, 0x0d, 0x37, - 0xe5, 0x42, 0xda, 0xab, 0x3a, 0xeb, 0xa6, 0x6c, 0xbf, 0x04, 0xa7, 0x97, 0xbd, 0xe4, 0x92, 0xd7, - 0x24, 0x43, 0x32, 0xb1, 0xbf, 0x52, 0x82, 0x09, 0x33, 0x2c, 0x65, 0x98, 0xc8, 0x85, 0x6f, 0x51, - 0x3d, 0x46, 0xf4, 0xce, 0x53, 0x77, 0x2c, 0x37, 0x8f, 0x1c, 0x23, 0xd3, 0x7b, 0xc4, 0x0c, 0x55, - 0x46, 0xf3, 0xc4, 0x66, 0x03, 0xd0, 0x6d, 0x28, 0xd5, 0x99, 0x1b, 0x6d, 0x31, 0x8f, 0x9b, 0xe3, - 0x5e, 0x23, 0xaa, 0x97, 0x19, 0x77, 0xc4, 0xe5, 0xfc, 0xe8, 0x0e, 0x19, 0xa5, 0x63, 0x33, 0x94, - 0xa0, 0x52, 0x51, 0x19, 0x0a, 0xa3, 0x9f, 0xa8, 0x2f, 0xdd, 0x87, 0xa8, 0x4f, 0x09, 0xde, 0xd1, - 0x87, 0x24, 0x78, 0x99, 0x4b, 0x74, 0xb2, 0xc3, 0xf4, 0x37, 0xe1, 0x10, 0x3b, 0xc6, 0x06, 0xc1, - 0x70, 0x89, 0x4e, 0x81, 0x71, 0x16, 0xdf, 0xfe, 0x46, 0x01, 0xa6, 0x96, 0xfd, 0xf6, 0xc6, 0xf2, - 0x46, 0x7b, 0xbb, 0xe9, 0xb9, 0x57, 0x49, 0x87, 0xca, 0xb7, 0x5d, 0xd2, 0x59, 0x59, 0x12, 0xd3, - 0x50, 0x0d, 0xfc, 0x55, 0x5a, 0x88, 0x39, 0x8c, 0xae, 0xe8, 0xba, 0xe7, 0x37, 0x48, 0x14, 0x46, - 0x9e, 0x38, 0x94, 0x33, 0x56, 0xf4, 0x25, 0x0d, 0xc2, 0x26, 0x1e, 0xa5, 0x1d, 0xdc, 0xf6, 0x49, - 0x94, 0xd5, 0x06, 0xd7, 0x69, 0x21, 0xe6, 0x30, 0x8a, 0x94, 0x44, 0xed, 0x38, 0x11, 0x5f, 0x54, - 0x21, 0x6d, 0xd1, 0x42, 0xcc, 0x61, 0x74, 0xb9, 0xc4, 0xed, 0x6d, 0x76, 0xbb, 0x9d, 0x71, 0x61, - 0xdd, 0xe4, 0xc5, 0x58, 0xc2, 0x29, 0xea, 0x2e, 0xe9, 0x2c, 0x51, 0xbb, 0x2c, 0xe3, 0x64, 0x7e, - 0x95, 0x17, 0x63, 0x09, 0x67, 0x99, 0x6e, 0xd2, 0xc3, 0xf1, 0x23, 0x97, 0xe9, 0x26, 0xdd, 0xfc, - 0x3e, 0x16, 0xde, 0x6f, 0x58, 0x30, 0x61, 0xfa, 0xa4, 0xa0, 0x46, 0x46, 0x51, 0x5c, 0xef, 0xca, - 0x5a, 0xf6, 0x33, 0xbd, 0x5e, 0x54, 0x68, 0x78, 0x49, 0x10, 0xc6, 0xcf, 0x13, 0xbf, 0xe1, 0xf9, - 0x84, 0xdd, 0x5c, 0x72, 0x5f, 0x96, 0x94, 0xc3, 0xcb, 0x62, 0x50, 0x23, 0xf7, 0xa1, 0x69, 0xda, - 0x37, 0x61, 0xba, 0x2b, 0xb2, 0x60, 0x80, 0xfd, 0xf9, 0xd0, 0xb8, 0x2e, 0x1b, 0xc3, 0x38, 0x25, - 0xbc, 0x1e, 0x72, 0xa7, 0x93, 0x45, 0x98, 0xe6, 0x3a, 0x04, 0xe5, 0xb4, 0xe9, 0xee, 0x90, 0x96, - 0x8a, 0x16, 0x61, 0x27, 0xc0, 0x37, 0xb2, 0x40, 0xdc, 0x8d, 0x6f, 0x7f, 0xd3, 0x82, 0xc9, 0x54, - 0xb0, 0x47, 0x4e, 0x9a, 0x04, 0x5b, 0x69, 0x01, 0x73, 0x91, 0x62, 0x5e, 0xa2, 0x45, 0xb6, 0x23, - 0xe9, 0x95, 0xa6, 0x41, 0xd8, 0xc4, 0xb3, 0xdf, 0x29, 0x40, 0x59, 0xde, 0x5a, 0x0f, 0xd0, 0x94, - 0xaf, 0x5b, 0x30, 0xa9, 0x4e, 0xdd, 0xd9, 0x71, 0x0e, 0x9f, 0x8c, 0xd7, 0x8e, 0x7e, 0x6f, 0xae, - 0x7c, 0xf8, 0xfc, 0x7a, 0xa0, 0xd5, 0x5a, 0x6c, 0x32, 0xc3, 0x69, 0xde, 0xe8, 0x06, 0x40, 0xdc, - 0x89, 0x13, 0xd2, 0x32, 0x0e, 0x96, 0x6c, 0x63, 0xc5, 0xcd, 0xb9, 0x41, 0x44, 0xe8, 0xfa, 0xba, - 0x16, 0xd4, 0xc8, 0xa6, 0xc2, 0xd4, 0x7a, 0x88, 0x2e, 0xc3, 0x06, 0x25, 0xfb, 0x1f, 0x14, 0xe0, - 0x64, 0xb6, 0x49, 0xe8, 0x75, 0x98, 0x90, 0xdc, 0x8d, 0xd7, 0x21, 0xe4, 0x55, 0xfd, 0x04, 0x36, - 0x60, 0x77, 0x0f, 0x66, 0x67, 0xbb, 0x5f, 0xe7, 0x98, 0x33, 0x51, 0x70, 0x8a, 0x18, 0xbf, 0xfa, - 0x10, 0x77, 0x74, 0xd5, 0xce, 0x42, 0x18, 0x8a, 0xfb, 0x0b, 0xe3, 0xea, 0xc3, 0x84, 0xe2, 0x0c, - 0x36, 0xda, 0x80, 0xd3, 0x46, 0xc9, 0x35, 0xe2, 0x35, 0x76, 0xb6, 0x83, 0x48, 0x9a, 0x27, 0x4f, - 0x6a, 0xef, 0x97, 0x6e, 0x1c, 0xdc, 0xb3, 0x26, 0xdd, 0x32, 0x5d, 0x27, 0x74, 0x5c, 0x2f, 0xe9, - 0x88, 0x93, 0x32, 0x25, 0x9b, 0x16, 0x45, 0x39, 0x56, 0x18, 0xf6, 0x1a, 0x8c, 0x0c, 0x38, 0x83, - 0x06, 0x52, 0x8b, 0x5f, 0x85, 0x32, 0x25, 0x27, 0x75, 0xa4, 0x3c, 0x48, 0x06, 0x50, 0x96, 0x09, - 0x9e, 0x91, 0x0d, 0x45, 0xcf, 0x91, 0xb7, 0x4b, 0xaa, 0x5b, 0x2b, 0x71, 0xdc, 0x66, 0x96, 0x26, - 0x05, 0xa2, 0xa7, 0xa1, 0x48, 0xf6, 0xc3, 0xec, 0x35, 0xd2, 0xc5, 0xfd, 0xd0, 0x8b, 0x48, 0x4c, - 0x91, 0xc8, 0x7e, 0x88, 0xce, 0x42, 0xc1, 0xab, 0x89, 0x4d, 0x0a, 0x04, 0x4e, 0x61, 0x65, 0x09, - 0x17, 0xbc, 0x9a, 0xbd, 0x0f, 0x15, 0x95, 0x51, 0x1a, 0xed, 0x4a, 0xd9, 0x6d, 0xe5, 0xe1, 0x66, - 0x22, 0xe9, 0xf6, 0x91, 0xda, 0x6d, 0x00, 0x1d, 0x5a, 0x93, 0x97, 0x7c, 0x39, 0x0f, 0x23, 0x6e, - 0x20, 0x22, 0xf2, 0xca, 0x9a, 0x0c, 0x13, 0xda, 0x0c, 0x62, 0xdf, 0x84, 0xa9, 0xab, 0x7e, 0x70, - 0x9b, 0xe5, 0xe0, 0xbc, 0xe4, 0x91, 0x66, 0x8d, 0x12, 0xae, 0xd3, 0x1f, 0x59, 0x15, 0x81, 0x41, - 0x31, 0x87, 0xa9, 0xb4, 0x1b, 0x85, 0x7e, 0x69, 0x37, 0xec, 0x2f, 0x5a, 0x70, 0x52, 0xc5, 0x7c, - 0x48, 0x69, 0xfc, 0x12, 0x4c, 0x6c, 0xb7, 0xbd, 0x66, 0x4d, 0xfc, 0xcf, 0xda, 0xfa, 0x55, 0x03, - 0x86, 0x53, 0x98, 0xd4, 0x32, 0xd9, 0xf6, 0x7c, 0x27, 0xea, 0x6c, 0x68, 0xf1, 0xaf, 0x24, 0x42, - 0x55, 0x41, 0xb0, 0x81, 0x65, 0x7f, 0xb9, 0x00, 0x93, 0xa9, 0x08, 0x78, 0xd4, 0x84, 0x32, 0x69, - 0xb2, 0x13, 0x28, 0xf9, 0x51, 0x8f, 0x9a, 0x7c, 0x4a, 0x4d, 0xc4, 0x8b, 0x82, 0x2e, 0x56, 0x1c, - 0x1e, 0x89, 0x6b, 0x16, 0xfb, 0x0f, 0x8a, 0x30, 0xc3, 0x0f, 0xde, 0x6a, 0xca, 0x9f, 0x61, 0x4d, - 0x6a, 0x27, 0x7f, 0x55, 0x67, 0x9b, 0xe0, 0xc3, 0xb1, 0x7d, 0xd4, 0xf4, 0x89, 0xbd, 0x19, 0x0d, - 0x74, 0xd3, 0xfe, 0xeb, 0x99, 0x9b, 0xf6, 0x42, 0x1e, 0x01, 0x11, 0x7d, 0x5b, 0xf4, 0xa3, 0x75, - 0xf5, 0xfe, 0x77, 0x0b, 0x70, 0x22, 0x93, 0x9b, 0x12, 0xbd, 0x9d, 0xce, 0x3e, 0x65, 0xe5, 0x71, - 0x3c, 0x73, 0xcf, 0x0c, 0x89, 0xc3, 0xe5, 0xa0, 0x7a, 0x58, 0x13, 0xfe, 0x0f, 0x0b, 0x30, 0x95, - 0x4e, 0xaa, 0xf9, 0x08, 0x8e, 0xd4, 0x47, 0xa1, 0xc2, 0x52, 0xd5, 0xb1, 0x77, 0x3b, 0xf8, 0x29, - 0x10, 0xcf, 0xa8, 0x26, 0x0b, 0xb1, 0x86, 0x3f, 0x12, 0xa9, 0xbd, 0xec, 0xbf, 0x67, 0xc1, 0x19, - 0xde, 0xcb, 0xec, 0x3c, 0xfc, 0x6b, 0xbd, 0x46, 0xf7, 0x8d, 0x7c, 0x1b, 0x98, 0xc9, 0x92, 0x72, - 0xd8, 0xf8, 0xb2, 0xf7, 0x02, 0x44, 0x6b, 0xd3, 0x53, 0xe1, 0x11, 0x6c, 0xec, 0x50, 0x93, 0xc1, - 0xfe, 0xc3, 0x22, 0xe8, 0x27, 0x12, 0x90, 0x27, 0xc2, 0x26, 0x72, 0xc9, 0x16, 0xb3, 0xd9, 0xf1, - 0x5d, 0xfd, 0x18, 0x43, 0x39, 0x13, 0x35, 0xf1, 0x2b, 0x16, 0x8c, 0x7b, 0xbe, 0x97, 0x78, 0x0e, - 0x53, 0x3a, 0xf3, 0xc9, 0x19, 0xaf, 0xd8, 0xad, 0x70, 0xca, 0x41, 0x64, 0x1e, 0x1d, 0x2a, 0x66, - 0xd8, 0xe4, 0x8c, 0x3e, 0x27, 0x9c, 0xe1, 0x8a, 0xb9, 0x05, 0xfc, 0x94, 0x33, 0x1e, 0x70, 0x21, - 0x94, 0x22, 0x92, 0x44, 0x32, 0xd4, 0xea, 0xea, 0x51, 0x3d, 0x9c, 0x93, 0xa8, 0xa3, 0x92, 0x83, - 0xe9, 0xc7, 0xaa, 0x68, 0x31, 0xe6, 0x8c, 0xec, 0x18, 0x50, 0xf7, 0x58, 0x0c, 0xe9, 0x68, 0x34, - 0x0f, 0x15, 0xa7, 0x9d, 0x04, 0x2d, 0x3a, 0x4c, 0xe2, 0x74, 0x53, 0xbb, 0x52, 0x49, 0x00, 0xd6, - 0x38, 0xf6, 0xdb, 0x25, 0xc8, 0xc4, 0x31, 0xa0, 0x7d, 0xf3, 0x79, 0x0f, 0x2b, 0xdf, 0xe7, 0x3d, - 0x54, 0x63, 0x7a, 0x3d, 0xf1, 0x81, 0x1a, 0x50, 0x0a, 0x77, 0x9c, 0x58, 0xea, 0x94, 0xaf, 0xca, - 0x61, 0xda, 0xa0, 0x85, 0x77, 0x0f, 0x66, 0x7f, 0x76, 0xb0, 0x33, 0x0a, 0x3a, 0x57, 0xe7, 0x79, - 0xbc, 0xb0, 0x66, 0xcd, 0x68, 0x60, 0x4e, 0x7f, 0x98, 0xac, 0xf9, 0x5f, 0x12, 0xf9, 0x0c, 0x31, - 0x89, 0xdb, 0xcd, 0x44, 0xcc, 0x86, 0x57, 0x73, 0x5c, 0x65, 0x9c, 0xb0, 0x8e, 0xc0, 0xe3, 0xff, - 0xb1, 0xc1, 0x14, 0xbd, 0x0e, 0x95, 0x38, 0x71, 0xa2, 0xe4, 0x3e, 0x63, 0x66, 0xd4, 0xa0, 0x6f, - 0x4a, 0x22, 0x58, 0xd3, 0x43, 0xaf, 0xb1, 0xe4, 0x59, 0x5e, 0xbc, 0x73, 0x9f, 0x3e, 0xac, 0x32, - 0xd1, 0x96, 0xa0, 0x80, 0x0d, 0x6a, 0x54, 0x65, 0x67, 0x73, 0x9b, 0x3b, 0x6e, 0x94, 0x99, 0x4d, - 0xa6, 0x44, 0x21, 0x56, 0x10, 0x6c, 0x60, 0xd9, 0x5f, 0x80, 0x53, 0xd9, 0xf7, 0xc0, 0xc4, 0xb1, - 0x65, 0x23, 0x0a, 0xda, 0x61, 0xd6, 0x26, 0x61, 0xef, 0x45, 0x61, 0x0e, 0xa3, 0x36, 0xc9, 0xae, - 0xe7, 0xd7, 0xb2, 0x36, 0xc9, 0x55, 0xcf, 0xaf, 0x61, 0x06, 0x19, 0xe0, 0xdd, 0x93, 0x7f, 0x6e, - 0xc1, 0xf9, 0xc3, 0x9e, 0x2d, 0x43, 0x4f, 0xc2, 0xc8, 0x6d, 0x27, 0x92, 0xc9, 0xf8, 0x98, 0xec, - 0xb8, 0xe9, 0x44, 0x3e, 0x66, 0xa5, 0xa8, 0x03, 0xa3, 0x3c, 0x46, 0x51, 0x28, 0xb0, 0xaf, 0xe6, - 0xfb, 0x88, 0xda, 0x55, 0x62, 0x68, 0xd0, 0x3c, 0x3e, 0x12, 0x0b, 0x86, 0xf6, 0xfb, 0x16, 0xa0, - 0xf5, 0x3d, 0x12, 0x45, 0x5e, 0xcd, 0x88, 0xaa, 0x44, 0x2f, 0xc2, 0xc4, 0xad, 0xcd, 0xf5, 0x6b, - 0x1b, 0x81, 0xe7, 0xb3, 0x18, 0x6b, 0x23, 0x2e, 0xe5, 0x8a, 0x51, 0x8e, 0x53, 0x58, 0x68, 0x11, - 0xa6, 0x6f, 0xbd, 0x49, 0xed, 0x28, 0x33, 0x8f, 0x6d, 0x41, 0x9f, 0x9c, 0x5d, 0x79, 0x35, 0x03, - 0xc4, 0xdd, 0xf8, 0x68, 0x1d, 0xce, 0xb4, 0xb8, 0x06, 0xce, 0xcc, 0xc7, 0x98, 0xab, 0xe3, 0x91, - 0x4c, 0xbc, 0xf0, 0xc4, 0x9d, 0x83, 0xd9, 0x33, 0x6b, 0xbd, 0x10, 0x70, 0xef, 0x7a, 0xf6, 0xbb, - 0x05, 0x18, 0x37, 0x9e, 0xfe, 0x1b, 0xc0, 0x50, 0xce, 0xbc, 0x56, 0x58, 0x18, 0xf0, 0xb5, 0xc2, - 0x67, 0xa1, 0x1c, 0x06, 0x4d, 0xcf, 0xf5, 0x54, 0x96, 0x08, 0x96, 0xcc, 0x6c, 0x43, 0x94, 0x61, - 0x05, 0x45, 0xb7, 0xa1, 0xa2, 0x9e, 0xc3, 0x12, 0xc1, 0x7d, 0x79, 0x1d, 0x15, 0xa8, 0xc5, 0xab, - 0x9f, 0xb9, 0xd2, 0xbc, 0x90, 0x0d, 0xa3, 0x6c, 0xe6, 0x4b, 0x97, 0x26, 0x16, 0x75, 0xc1, 0x96, - 0x44, 0x8c, 0x05, 0xc4, 0xfe, 0xea, 0x18, 0x9c, 0xee, 0x95, 0x80, 0x0b, 0x7d, 0x1e, 0x46, 0x79, - 0x1b, 0xf3, 0xc9, 0xf1, 0xd8, 0x8b, 0xc7, 0x32, 0x23, 0x28, 0x9a, 0xc5, 0x7e, 0x63, 0xc1, 0x53, - 0x70, 0x6f, 0x3a, 0xdb, 0x42, 0x8d, 0x38, 0x1e, 0xee, 0xab, 0x8e, 0xe6, 0xbe, 0xea, 0x70, 0xee, - 0x4d, 0x67, 0x1b, 0xed, 0x43, 0xa9, 0xe1, 0x25, 0xc4, 0x11, 0xca, 0xf4, 0xcd, 0x63, 0x61, 0x4e, - 0x1c, 0xee, 0x39, 0xcf, 0x7e, 0x62, 0xce, 0x10, 0x7d, 0xd7, 0x82, 0x13, 0xdb, 0xe9, 0x20, 0x16, - 0xb1, 0xab, 0x38, 0xc7, 0x90, 0x64, 0x2d, 0xcd, 0xa8, 0x7a, 0xea, 0xce, 0xc1, 0xec, 0x89, 0x4c, - 0x21, 0xce, 0x36, 0x07, 0xfd, 0x92, 0x05, 0x63, 0x75, 0xaf, 0x69, 0x64, 0x10, 0x3a, 0x86, 0x8f, - 0x73, 0x89, 0x31, 0xd0, 0x3b, 0x2f, 0xff, 0x1f, 0x63, 0xc9, 0xb9, 0xdf, 0x75, 0xde, 0xe8, 0x51, - 0xaf, 0xf3, 0xc6, 0x1e, 0x92, 0xf9, 0xf4, 0xd7, 0x0b, 0xf0, 0xf4, 0x00, 0xdf, 0xc8, 0x0c, 0x8a, - 0xb0, 0x0e, 0x09, 0x8a, 0x38, 0x0f, 0x23, 0x11, 0x09, 0x83, 0xec, 0x7e, 0xc7, 0x3c, 0x87, 0x18, - 0x04, 0x3d, 0x05, 0x45, 0x27, 0xf4, 0xc4, 0x76, 0xa7, 0x6e, 0xfb, 0x17, 0x36, 0x56, 0x30, 0x2d, - 0xa7, 0x5f, 0xba, 0xb2, 0x2d, 0x43, 0xab, 0xf2, 0x49, 0xd6, 0xdc, 0x2f, 0x52, 0x8b, 0x1b, 0x34, - 0x0a, 0x8a, 0x35, 0x5f, 0x7b, 0x1d, 0xce, 0xf6, 0x9f, 0x21, 0xe8, 0x05, 0x18, 0xdf, 0x8e, 0x1c, - 0xdf, 0xdd, 0x61, 0x89, 0xcd, 0xe5, 0x98, 0x30, 0x57, 0x78, 0x5d, 0x8c, 0x4d, 0x1c, 0xfb, 0x0f, - 0x0a, 0xbd, 0x29, 0x72, 0x21, 0x30, 0xcc, 0x08, 0x8b, 0xf1, 0x2b, 0xf4, 0x19, 0xbf, 0x37, 0xa1, - 0x9c, 0x30, 0x4f, 0x7c, 0x52, 0x17, 0x92, 0x24, 0xb7, 0x60, 0x32, 0xb6, 0xd7, 0x6c, 0x09, 0xe2, - 0x58, 0xb1, 0xa1, 0x22, 0xbf, 0xa9, 0x93, 0x0f, 0x09, 0x91, 0x9f, 0x39, 0x47, 0x5b, 0x82, 0x93, - 0x46, 0x2e, 0x45, 0xee, 0x88, 0xcc, 0xaf, 0x51, 0x55, 0x74, 0xce, 0x46, 0x06, 0x8e, 0xbb, 0x6a, - 0xd8, 0xbf, 0x51, 0x80, 0x27, 0xfa, 0x4a, 0x36, 0x7d, 0xd7, 0x6b, 0xdd, 0xe3, 0xae, 0xf7, 0xc8, - 0x13, 0xd4, 0x1c, 0xe0, 0x91, 0x07, 0x33, 0xc0, 0xcf, 0x41, 0xd9, 0xf3, 0x63, 0xe2, 0xb6, 0x23, - 0x3e, 0x68, 0x86, 0x5b, 0xde, 0x8a, 0x28, 0xc7, 0x0a, 0xc3, 0xfe, 0xa3, 0xfe, 0x53, 0x8d, 0xee, - 0x72, 0x3f, 0xb6, 0xa3, 0xf4, 0x32, 0x4c, 0x3a, 0x61, 0xc8, 0xf1, 0xd8, 0xbd, 0x5a, 0x26, 0xde, - 0x6e, 0xc1, 0x04, 0xe2, 0x34, 0xae, 0x31, 0x87, 0x47, 0xfb, 0xcd, 0x61, 0xfb, 0x4f, 0x2d, 0xa8, - 0x60, 0x52, 0xe7, 0x39, 0x38, 0xd1, 0x2d, 0x31, 0x44, 0x56, 0x1e, 0xc9, 0x21, 0xd8, 0xa3, 0xda, - 0x1e, 0x4b, 0x9a, 0xd0, 0x6b, 0xb0, 0xbb, 0xf3, 0x82, 0x16, 0x86, 0xca, 0x0b, 0xaa, 0x32, 0x43, - 0x16, 0xfb, 0x67, 0x86, 0xb4, 0xdf, 0x1d, 0xa3, 0xdd, 0x0b, 0x83, 0xc5, 0x88, 0xd4, 0x62, 0xfa, - 0x7d, 0xdb, 0x51, 0x33, 0xfb, 0xd6, 0xe0, 0x75, 0xbc, 0x8a, 0x69, 0x79, 0xea, 0x10, 0xa0, 0x30, - 0x54, 0xb4, 0x51, 0xf1, 0xd0, 0x68, 0xa3, 0x97, 0x61, 0x32, 0x8e, 0x77, 0x36, 0x22, 0x6f, 0xcf, - 0x49, 0xa8, 0x69, 0x21, 0xdc, 0x32, 0x74, 0x84, 0xc0, 0xe6, 0x65, 0x0d, 0xc4, 0x69, 0x5c, 0xb4, - 0x0c, 0xd3, 0x3a, 0xe6, 0x87, 0x44, 0x09, 0xf3, 0xc2, 0xe0, 0x33, 0x41, 0x39, 0xe8, 0xeb, 0x28, - 0x21, 0x81, 0x80, 0xbb, 0xeb, 0x50, 0x89, 0x95, 0x2a, 0xa4, 0x0d, 0x19, 0x4d, 0x4b, 0xac, 0x14, - 0x1d, 0xda, 0x96, 0xae, 0x1a, 0x68, 0x0d, 0x4e, 0xf1, 0x89, 0xc1, 0x1e, 0xb7, 0x55, 0x3d, 0xe2, - 0x5e, 0x33, 0x1f, 0x16, 0x84, 0x4e, 0x2d, 0x77, 0xa3, 0xe0, 0x5e, 0xf5, 0xa8, 0xdd, 0xa0, 0x8a, - 0x57, 0x96, 0x84, 0xfd, 0xaa, 0xec, 0x06, 0x45, 0x66, 0xa5, 0x86, 0x4d, 0x3c, 0xf4, 0x69, 0x78, - 0x5c, 0xff, 0xe5, 0xfe, 0x6e, 0xfc, 0x50, 0x67, 0x49, 0x84, 0x53, 0xaa, 0x3c, 0x84, 0xcb, 0x3d, - 0xd1, 0x6a, 0xb8, 0x5f, 0x7d, 0xb4, 0x0d, 0x67, 0x15, 0xe8, 0x22, 0x35, 0xd2, 0xc2, 0xc8, 0x8b, - 0x49, 0xd5, 0x89, 0xc9, 0xf5, 0xa8, 0xc9, 0x02, 0x30, 0x2b, 0x3a, 0xa1, 0xfa, 0xb2, 0x97, 0x5c, - 0xee, 0x85, 0x89, 0x57, 0xf1, 0x3d, 0xa8, 0xa0, 0x79, 0xa8, 0x10, 0xdf, 0xd9, 0x6e, 0x92, 0xf5, - 0xc5, 0x15, 0x16, 0x96, 0x69, 0x9c, 0x21, 0x5d, 0x94, 0x00, 0xac, 0x71, 0xd4, 0x4d, 0xe0, 0x44, - 0xdf, 0x04, 0xfc, 0x1b, 0x70, 0xba, 0xe1, 0x86, 0x54, 0x0f, 0xf0, 0x5c, 0xb2, 0xe0, 0xba, 0xd4, - 0xd0, 0xa7, 0x1f, 0x86, 0xe7, 0x45, 0x55, 0xd7, 0xdc, 0xcb, 0x8b, 0x1b, 0x5d, 0x38, 0xb8, 0x67, - 0x4d, 0xba, 0xc6, 0xc2, 0x28, 0xd8, 0xef, 0xcc, 0x9c, 0x4a, 0xaf, 0xb1, 0x0d, 0x5a, 0x88, 0x39, - 0x0c, 0x5d, 0x01, 0xc4, 0x7c, 0x26, 0x2e, 0x27, 0x49, 0xa8, 0x14, 0x8f, 0x99, 0xd3, 0xac, 0x4b, - 0x67, 0x45, 0x0d, 0x74, 0xa9, 0x0b, 0x03, 0xf7, 0xa8, 0x65, 0xff, 0x89, 0x05, 0x93, 0x6a, 0xbd, - 0x3e, 0x00, 0xaf, 0xa1, 0x66, 0xda, 0x6b, 0x68, 0xf9, 0xe8, 0x12, 0x8f, 0xb5, 0xbc, 0xcf, 0xd5, - 0xf3, 0x57, 0xc7, 0x01, 0xb4, 0x54, 0x54, 0x1b, 0x92, 0xd5, 0x77, 0x43, 0x7a, 0x64, 0x25, 0x52, - 0xaf, 0x18, 0xac, 0xd2, 0xc3, 0x8d, 0xc1, 0xda, 0x84, 0x33, 0x52, 0x5d, 0xe0, 0x47, 0x32, 0x97, - 0x83, 0x58, 0x09, 0xb8, 0x72, 0xf5, 0x29, 0x41, 0xe8, 0xcc, 0x4a, 0x2f, 0x24, 0xdc, 0xbb, 0x6e, - 0x4a, 0x4b, 0x19, 0x3b, 0x4c, 0x4b, 0xd1, 0x6b, 0x7a, 0xb5, 0x2e, 0xb3, 0x1a, 0x66, 0xd6, 0xf4, - 0xea, 0xa5, 0x4d, 0xac, 0x71, 0x7a, 0x0b, 0xf6, 0x4a, 0x4e, 0x82, 0x1d, 0x86, 0x16, 0xec, 0x52, - 0xc4, 0x8c, 0xf7, 0x15, 0x31, 0xf2, 0x14, 0x68, 0xa2, 0xef, 0x29, 0xd0, 0x2b, 0x30, 0xe5, 0xf9, - 0x3b, 0x24, 0xf2, 0x12, 0x52, 0x63, 0x6b, 0x41, 0x3c, 0xe0, 0xae, 0xb6, 0xf5, 0x95, 0x14, 0x14, - 0x67, 0xb0, 0xd3, 0x72, 0x71, 0x6a, 0x00, 0xb9, 0xd8, 0x67, 0x37, 0x3a, 0x91, 0xcf, 0x6e, 0x74, - 0xf2, 0xe8, 0xbb, 0xd1, 0xf4, 0xb1, 0xee, 0x46, 0x28, 0x97, 0xdd, 0x68, 0x20, 0x41, 0x6f, 0x18, - 0x74, 0xa7, 0x0f, 0x31, 0xe8, 0xfa, 0x6d, 0x45, 0x67, 0xee, 0x7b, 0x2b, 0xea, 0xbd, 0xcb, 0x3c, - 0x76, 0x5f, 0xbb, 0xcc, 0xd7, 0x0a, 0x70, 0x46, 0xcb, 0x61, 0x3a, 0xfb, 0xbd, 0x3a, 0x95, 0x44, - 0x2c, 0x31, 0x2e, 0x77, 0x47, 0x31, 0x9c, 0xd8, 0xb4, 0x3f, 0x9c, 0x82, 0x60, 0x03, 0x8b, 0xf9, - 0x82, 0x91, 0x88, 0xa5, 0x98, 0xc9, 0x0a, 0xe9, 0x45, 0x51, 0x8e, 0x15, 0x06, 0x9d, 0x5f, 0xf4, - 0xb7, 0xf0, 0xaf, 0xcd, 0x86, 0x9d, 0x2f, 0x6a, 0x10, 0x36, 0xf1, 0xd0, 0xb3, 0x9c, 0x09, 0x13, - 0x10, 0x54, 0x50, 0x4f, 0x88, 0x27, 0x1f, 0xa4, 0x4c, 0x50, 0x50, 0xd9, 0x1c, 0xe6, 0xf4, 0x57, - 0xea, 0x6e, 0x0e, 0xbb, 0x7c, 0x53, 0x18, 0xf6, 0xff, 0xb6, 0xe0, 0x89, 0x9e, 0x43, 0xf1, 0x00, - 0x36, 0xdf, 0xfd, 0xf4, 0xe6, 0xbb, 0x99, 0x97, 0xb9, 0x61, 0xf4, 0xa2, 0xcf, 0x46, 0xfc, 0xef, - 0x2d, 0x98, 0xd2, 0xf8, 0x0f, 0xa0, 0xab, 0x5e, 0xba, 0xab, 0xf9, 0x59, 0x56, 0x95, 0xae, 0xbe, - 0xfd, 0x09, 0xeb, 0x1b, 0xbf, 0xc3, 0x58, 0x70, 0xe5, 0xdb, 0xfd, 0x87, 0x9c, 0xdd, 0x77, 0x60, - 0x94, 0x65, 0x65, 0x8d, 0xf3, 0xb9, 0x4b, 0x49, 0xf3, 0x67, 0xde, 0xbc, 0xfa, 0x2e, 0x85, 0xfd, - 0x8d, 0xb1, 0x60, 0xc8, 0x12, 0x20, 0x79, 0x31, 0x95, 0xe6, 0x35, 0xe1, 0x3e, 0xa7, 0x13, 0x20, - 0x89, 0x72, 0xac, 0x30, 0xec, 0x16, 0xcc, 0xa4, 0x89, 0x2f, 0x91, 0x3a, 0xbb, 0xb2, 0x1e, 0xa8, - 0x9b, 0xf3, 0x50, 0x71, 0x58, 0xad, 0xd5, 0xb6, 0x93, 0x7d, 0x25, 0x68, 0x41, 0x02, 0xb0, 0xc6, - 0xb1, 0x7f, 0xc7, 0x82, 0x53, 0x3d, 0x3a, 0x93, 0xa3, 0xdb, 0x60, 0xa2, 0xa5, 0x40, 0xaf, 0x0d, - 0xf7, 0x23, 0x30, 0x56, 0x23, 0x75, 0x47, 0x5e, 0x8a, 0x1a, 0x32, 0x77, 0x89, 0x17, 0x63, 0x09, - 0xb7, 0xff, 0xbb, 0x05, 0x27, 0xd2, 0x6d, 0x8d, 0xa9, 0xd4, 0xe4, 0x9d, 0x59, 0xf2, 0x62, 0x37, - 0xd8, 0x23, 0x51, 0x87, 0xf6, 0x9c, 0xb7, 0x5a, 0x49, 0xcd, 0x85, 0x2e, 0x0c, 0xdc, 0xa3, 0x16, - 0x4b, 0xd0, 0x52, 0x53, 0xa3, 0x2d, 0x67, 0xca, 0x8d, 0x3c, 0x67, 0x8a, 0xfe, 0x98, 0xe6, 0xc5, - 0x91, 0x62, 0x89, 0x4d, 0xfe, 0xf6, 0xfb, 0x23, 0xa0, 0xfc, 0x8a, 0xd9, 0xf5, 0x5b, 0x4e, 0x97, - 0x97, 0xa9, 0xa7, 0xa4, 0x8a, 0x03, 0x3c, 0x25, 0x25, 0x27, 0xc3, 0xc8, 0xbd, 0xae, 0xc6, 0xf8, - 0xe9, 0x85, 0x79, 0x48, 0xa8, 0x7a, 0xb8, 0xa5, 0x41, 0xd8, 0xc4, 0xa3, 0x2d, 0x69, 0x7a, 0x7b, - 0x84, 0x57, 0x1a, 0x4d, 0xb7, 0x64, 0x55, 0x02, 0xb0, 0xc6, 0xa1, 0x2d, 0xa9, 0x79, 0xf5, 0xba, - 0x30, 0xc5, 0x55, 0x4b, 0xe8, 0xe8, 0x60, 0x06, 0xa1, 0x18, 0x3b, 0x41, 0xb0, 0x2b, 0xb4, 0x53, - 0x85, 0x71, 0x39, 0x08, 0x76, 0x31, 0x83, 0x50, 0x7d, 0xca, 0x0f, 0xa2, 0x16, 0x7b, 0xc5, 0xa9, - 0xa6, 0xb8, 0x08, 0xad, 0x54, 0xe9, 0x53, 0xd7, 0xba, 0x51, 0x70, 0xaf, 0x7a, 0x74, 0x06, 0x86, - 0x11, 0xa9, 0x79, 0x6e, 0x62, 0x52, 0x83, 0xf4, 0x0c, 0xdc, 0xe8, 0xc2, 0xc0, 0x3d, 0x6a, 0xa1, - 0x05, 0x38, 0x21, 0xfd, 0xc2, 0x65, 0xe8, 0xdc, 0x78, 0x3a, 0x54, 0x07, 0xa7, 0xc1, 0x38, 0x8b, - 0x4f, 0xa5, 0x4d, 0x4b, 0x44, 0xcd, 0x32, 0x25, 0xd6, 0x90, 0x36, 0x32, 0x9a, 0x16, 0x2b, 0x0c, - 0xfb, 0x4b, 0x45, 0xba, 0x3b, 0xf6, 0xc9, 0x9e, 0xfb, 0xc0, 0x2e, 0xcb, 0xd3, 0x33, 0x72, 0x64, - 0x80, 0x19, 0xf9, 0x22, 0x4c, 0xdc, 0x8a, 0x03, 0x5f, 0x5d, 0x44, 0x97, 0xfa, 0x5e, 0x44, 0x1b, - 0x58, 0xbd, 0x2f, 0xa2, 0x47, 0xf3, 0xba, 0x88, 0x1e, 0xbb, 0xcf, 0x8b, 0xe8, 0xef, 0x95, 0x40, - 0xe5, 0x9f, 0xbc, 0x46, 0x92, 0xdb, 0x41, 0xb4, 0xeb, 0xf9, 0x0d, 0xe6, 0x4f, 0xff, 0x5d, 0x0b, - 0x26, 0xf8, 0x7a, 0x59, 0x35, 0x7d, 0x6b, 0xeb, 0x39, 0xe5, 0x49, 0x4c, 0x31, 0x9b, 0xdb, 0x32, - 0x18, 0x65, 0x1e, 0x09, 0x30, 0x41, 0x38, 0xd5, 0x22, 0xf4, 0x0b, 0x00, 0xf2, 0xdc, 0xb2, 0x2e, - 0x45, 0xe6, 0x4a, 0x3e, 0xed, 0xc3, 0xa4, 0xae, 0x75, 0xd3, 0x2d, 0xc5, 0x04, 0x1b, 0x0c, 0xd1, - 0xd7, 0xb2, 0xaf, 0xdc, 0x7d, 0xee, 0x58, 0xc6, 0x66, 0x10, 0xaf, 0x63, 0x0c, 0x63, 0x9e, 0xdf, - 0xa0, 0xf3, 0x44, 0xdc, 0xdd, 0xff, 0x64, 0xaf, 0x58, 0x94, 0xd5, 0xc0, 0xa9, 0x55, 0x9d, 0xa6, - 0xe3, 0xbb, 0x24, 0x5a, 0xe1, 0xe8, 0xe6, 0xab, 0x35, 0xac, 0x00, 0x4b, 0x42, 0x5d, 0x89, 0x40, - 0x4b, 0x83, 0x24, 0x02, 0x3d, 0xfb, 0x49, 0x98, 0xee, 0xfa, 0x98, 0x43, 0x39, 0x19, 0xdf, 0xbf, - 0x7f, 0xb2, 0xfd, 0x2f, 0x46, 0xf5, 0xa6, 0x75, 0x2d, 0xa8, 0xf1, 0x74, 0x94, 0x91, 0xfe, 0xa2, - 0x42, 0xf7, 0xcc, 0x71, 0x8a, 0x18, 0x2f, 0xdf, 0xa8, 0x42, 0x6c, 0xb2, 0xa4, 0x73, 0x34, 0x74, - 0x22, 0xe2, 0x1f, 0xf7, 0x1c, 0xdd, 0x50, 0x4c, 0xb0, 0xc1, 0x10, 0xed, 0xa4, 0xbc, 0x0c, 0x2f, - 0x1d, 0xdd, 0xcb, 0x90, 0x85, 0xba, 0xf6, 0xca, 0xb7, 0xf7, 0x6d, 0x0b, 0xa6, 0xfc, 0xd4, 0xcc, - 0x15, 0xf7, 0x38, 0x5b, 0xc7, 0xb1, 0x2a, 0x78, 0xfa, 0xe2, 0x74, 0x19, 0xce, 0xf0, 0xef, 0xb5, - 0xa5, 0x95, 0x86, 0xdc, 0xd2, 0x74, 0x5e, 0xdb, 0xd1, 0x7e, 0x79, 0x6d, 0x91, 0xaf, 0x32, 0x71, - 0x8f, 0xe5, 0x9e, 0x89, 0x1b, 0x7a, 0x64, 0xe1, 0xbe, 0x09, 0x15, 0x37, 0x22, 0x4e, 0x72, 0x9f, - 0x49, 0x99, 0xd9, 0x25, 0xf6, 0xa2, 0x24, 0x80, 0x35, 0x2d, 0xfb, 0xdf, 0x15, 0xe1, 0xa4, 0x1c, - 0x11, 0xe9, 0x81, 0x45, 0xf7, 0x47, 0xce, 0x57, 0x2b, 0xb7, 0x6a, 0x7f, 0xbc, 0x2c, 0x01, 0x58, - 0xe3, 0x50, 0x7d, 0xac, 0x1d, 0x93, 0xf5, 0x90, 0xf8, 0xab, 0xde, 0x76, 0x2c, 0xee, 0x1f, 0xd5, - 0x42, 0xb9, 0xae, 0x41, 0xd8, 0xc4, 0xa3, 0xca, 0x38, 0xd7, 0x8b, 0xe3, 0xac, 0x43, 0xa3, 0xd0, - 0xb7, 0xb1, 0x84, 0xa3, 0x5f, 0xeb, 0x99, 0xce, 0x3f, 0x1f, 0x57, 0xde, 0x2e, 0xc7, 0xb3, 0x21, - 0xf3, 0xf8, 0xbf, 0x6d, 0xc1, 0x89, 0xdd, 0x54, 0x2c, 0x92, 0x14, 0xc9, 0x47, 0x8c, 0x9a, 0x4d, - 0x07, 0x38, 0xe9, 0x29, 0x9c, 0x2e, 0x8f, 0x71, 0x96, 0xbb, 0xfd, 0x3f, 0x2d, 0x30, 0xc5, 0xd3, - 0x60, 0x9a, 0x95, 0xf1, 0xfe, 0x4e, 0xe1, 0x90, 0xf7, 0x77, 0xa4, 0x12, 0x56, 0x1c, 0x4c, 0xe9, - 0x1f, 0x19, 0x42, 0xe9, 0x2f, 0xf5, 0xd5, 0xda, 0x9e, 0x82, 0x62, 0xdb, 0xab, 0x09, 0xbd, 0x5d, - 0xdf, 0x36, 0xae, 0x2c, 0x61, 0x5a, 0x6e, 0xff, 0xd3, 0x92, 0xb6, 0xd3, 0x85, 0x07, 0xea, 0x8f, - 0x45, 0xb7, 0xeb, 0x2a, 0x08, 0x9a, 0xf7, 0xfc, 0x5a, 0x57, 0x10, 0xf4, 0x4f, 0x0f, 0xef, 0x60, - 0xcc, 0x07, 0xa8, 0x5f, 0x0c, 0xf4, 0xd8, 0x21, 0xde, 0xc5, 0xb7, 0xa0, 0x4c, 0x4d, 0x1b, 0x76, - 0xe0, 0x56, 0x4e, 0x35, 0xaa, 0x7c, 0x59, 0x94, 0xdf, 0x3d, 0x98, 0xfd, 0xa9, 0xe1, 0x9b, 0x25, - 0x6b, 0x63, 0x45, 0x1f, 0xc5, 0x50, 0xa1, 0xbf, 0x99, 0x23, 0xb4, 0x30, 0x9a, 0xae, 0x2b, 0x59, - 0x24, 0x01, 0xb9, 0x78, 0x59, 0x6b, 0x3e, 0xc8, 0x87, 0x0a, 0x7b, 0x4a, 0x84, 0x31, 0xe5, 0xb6, - 0xd5, 0x86, 0x72, 0x47, 0x96, 0x80, 0xbb, 0x07, 0xb3, 0x2f, 0x0f, 0xcf, 0x54, 0x55, 0xc7, 0x9a, - 0x85, 0xfd, 0xce, 0x88, 0x9e, 0xbb, 0x22, 0xf6, 0xfd, 0xc7, 0x62, 0xee, 0xbe, 0x94, 0x99, 0xbb, - 0xe7, 0xbb, 0xe6, 0xee, 0x94, 0x7e, 0xf2, 0x22, 0x35, 0x1b, 0x1f, 0xf4, 0x06, 0x7b, 0xb8, 0x1d, - 0xcf, 0x34, 0x8b, 0x37, 0xdb, 0x5e, 0x44, 0xe2, 0x8d, 0xa8, 0xed, 0x7b, 0x7e, 0x43, 0xbc, 0xa9, - 0x67, 0x68, 0x16, 0x29, 0x30, 0xce, 0xe2, 0xb3, 0xf7, 0xf8, 0x3a, 0xbe, 0x7b, 0xd3, 0xd9, 0xe3, - 0xb3, 0xca, 0x08, 0x07, 0xde, 0x14, 0xe5, 0x58, 0x61, 0xd8, 0xef, 0xb2, 0xbb, 0x5b, 0x23, 0x02, - 0x83, 0xce, 0x89, 0x26, 0x7b, 0xbb, 0x85, 0xc7, 0x12, 0xab, 0x39, 0xc1, 0x1f, 0x6c, 0xe1, 0x30, - 0x74, 0x1b, 0xc6, 0xb6, 0x79, 0x2e, 0xf4, 0x7c, 0x92, 0x8f, 0x89, 0xc4, 0xea, 0x2c, 0x3f, 0xa8, - 0xcc, 0xb2, 0x7e, 0x57, 0xff, 0xc4, 0x92, 0x9b, 0xfd, 0xde, 0x08, 0x9c, 0xc8, 0xbc, 0xee, 0x91, - 0x4a, 0x85, 0x52, 0x38, 0x34, 0x15, 0xca, 0x67, 0x00, 0x6a, 0x24, 0x6c, 0x06, 0x1d, 0xa6, 0xe6, - 0x8c, 0x0c, 0xad, 0xe6, 0x28, 0xcd, 0x78, 0x49, 0x51, 0xc1, 0x06, 0x45, 0x11, 0x40, 0xcd, 0x33, - 0xab, 0x64, 0x02, 0xa8, 0x8d, 0xfc, 0x7f, 0xa3, 0x0f, 0x36, 0xff, 0x9f, 0x07, 0x27, 0x78, 0x13, - 0x55, 0x9c, 0xc3, 0x7d, 0x84, 0x33, 0x30, 0x0f, 0xd9, 0xa5, 0x34, 0x19, 0x9c, 0xa5, 0xfb, 0x30, - 0x1f, 0xef, 0x41, 0x1f, 0x85, 0x8a, 0xfc, 0xce, 0xf1, 0x4c, 0x45, 0xc7, 0x8a, 0xc9, 0x69, 0xc0, - 0x1e, 0xd5, 0x11, 0x3f, 0xed, 0x6f, 0x15, 0xa8, 0x56, 0xca, 0xff, 0xa9, 0x98, 0xdf, 0x67, 0x60, - 0xd4, 0x69, 0x27, 0x3b, 0x41, 0x57, 0xf6, 0xf9, 0x05, 0x56, 0x8a, 0x05, 0x14, 0xad, 0xc2, 0x48, - 0x4d, 0xc7, 0x71, 0x0e, 0x33, 0x8a, 0xfa, 0x80, 0xcf, 0x49, 0x08, 0x66, 0x54, 0xd0, 0x93, 0x30, - 0x92, 0x38, 0x8d, 0xd4, 0xbb, 0x90, 0x5b, 0x4e, 0x23, 0xc6, 0xac, 0xd4, 0xdc, 0x34, 0x47, 0x0e, - 0xd9, 0x34, 0x5f, 0x86, 0xc9, 0xd8, 0x6b, 0xf8, 0x4e, 0xd2, 0x8e, 0x88, 0x71, 0x99, 0xa4, 0xfd, - 0x03, 0x4c, 0x20, 0x4e, 0xe3, 0xda, 0xef, 0x57, 0xe0, 0x74, 0xaf, 0xf7, 0xbb, 0xf3, 0xf6, 0x86, - 0xef, 0xc5, 0xe3, 0xc1, 0x79, 0xc3, 0xf7, 0xe1, 0xde, 0x34, 0xbc, 0xe1, 0x9b, 0x86, 0x37, 0xfc, - 0xd7, 0x2c, 0xa8, 0x28, 0x27, 0x70, 0xe1, 0xc8, 0xfa, 0xfa, 0x31, 0xbc, 0x91, 0x2e, 0x59, 0x08, - 0x5f, 0x60, 0xf9, 0x17, 0x6b, 0xe6, 0xc7, 0xe7, 0x1e, 0x7f, 0xcf, 0x06, 0x0d, 0xe5, 0x1e, 0xaf, - 0x62, 0x07, 0x4a, 0x79, 0xc4, 0x0e, 0xf4, 0xf9, 0x54, 0x3d, 0x63, 0x07, 0xbe, 0x6d, 0xc1, 0xb8, - 0xf3, 0x56, 0x3b, 0x22, 0x4b, 0x64, 0x6f, 0x3d, 0x8c, 0x85, 0x80, 0x7d, 0x23, 0xff, 0x06, 0x2c, - 0x68, 0x26, 0x22, 0x4d, 0xae, 0x2e, 0xc0, 0x66, 0x13, 0x52, 0xb1, 0x02, 0x63, 0x79, 0xc4, 0x0a, - 0xf4, 0x6a, 0xce, 0xa1, 0xb1, 0x02, 0x2f, 0xc3, 0xa4, 0xdb, 0x0c, 0x7c, 0xb2, 0x11, 0x05, 0x49, - 0xe0, 0x06, 0x4d, 0xa1, 0x4c, 0x2b, 0x91, 0xb0, 0x68, 0x02, 0x71, 0x1a, 0xb7, 0x5f, 0xa0, 0x41, - 0xe5, 0xa8, 0x81, 0x06, 0xf0, 0x90, 0x02, 0x0d, 0xfe, 0xbc, 0x00, 0xb3, 0x87, 0x7c, 0x54, 0xf4, - 0x12, 0x4c, 0x04, 0x51, 0xc3, 0xf1, 0xbd, 0xb7, 0x78, 0x9c, 0x67, 0x29, 0x9d, 0x86, 0x63, 0xdd, - 0x80, 0xe1, 0x14, 0xa6, 0x74, 0x45, 0x1e, 0xed, 0xe3, 0x8a, 0xfc, 0x71, 0x18, 0x4f, 0x88, 0xd3, - 0x12, 0x7e, 0x17, 0xc2, 0x00, 0xd2, 0x17, 0x4a, 0x1a, 0x84, 0x4d, 0x3c, 0x3a, 0x8d, 0xa6, 0x1c, - 0xd7, 0x25, 0x71, 0x2c, 0x7d, 0x8d, 0xc5, 0xe1, 0x4c, 0x6e, 0x8e, 0xcc, 0xec, 0xcc, 0x6b, 0x21, - 0xc5, 0x02, 0x67, 0x58, 0xd2, 0xc6, 0x3b, 0xcd, 0x26, 0x0f, 0x2b, 0x20, 0xf2, 0xa5, 0x67, 0x9d, - 0x15, 0x42, 0x83, 0xb0, 0x89, 0x67, 0xff, 0x66, 0x01, 0x9e, 0xba, 0xa7, 0x78, 0x19, 0xd8, 0x0d, - 0xbc, 0x1d, 0x93, 0x28, 0x7b, 0x21, 0x73, 0x3d, 0x26, 0x11, 0x66, 0x10, 0x3e, 0x4a, 0x61, 0x68, - 0x3c, 0x31, 0x93, 0x77, 0xd4, 0x01, 0x1f, 0xa5, 0x14, 0x0b, 0x9c, 0x61, 0x99, 0x1d, 0xa5, 0x91, - 0x01, 0x47, 0xe9, 0xef, 0x17, 0xe0, 0xe9, 0x01, 0x84, 0x70, 0x8e, 0xd1, 0x19, 0xe9, 0xe8, 0x96, - 0xe2, 0xc3, 0x89, 0x6e, 0xb9, 0xdf, 0xe1, 0x7a, 0xb7, 0x00, 0x67, 0xfb, 0xcb, 0x42, 0xf4, 0x33, - 0xd4, 0x88, 0x92, 0xce, 0x16, 0x66, 0x64, 0xcc, 0x29, 0x6e, 0x40, 0xa5, 0x40, 0x38, 0x8b, 0x8b, - 0xe6, 0x00, 0x42, 0x27, 0xd9, 0x89, 0x2f, 0xee, 0x7b, 0x71, 0x22, 0x62, 0x3a, 0xa7, 0xf8, 0x51, - 0xb8, 0x2c, 0xc5, 0x06, 0x06, 0x65, 0xc7, 0xfe, 0x2d, 0x05, 0xd7, 0x82, 0x84, 0x57, 0xe2, 0x7a, - 0xdc, 0x29, 0x99, 0x87, 0xd0, 0x00, 0xe1, 0x2c, 0x2e, 0x65, 0xc7, 0x2e, 0x5b, 0x78, 0x43, 0xc5, - 0x33, 0xf6, 0x94, 0xdd, 0xaa, 0x2a, 0xc5, 0x06, 0x46, 0x36, 0xe6, 0xa7, 0x34, 0x40, 0xcc, 0xcf, - 0x3f, 0x2e, 0xc0, 0x13, 0x7d, 0xf7, 0xd2, 0xc1, 0x16, 0xe0, 0xa3, 0x17, 0xec, 0x73, 0x7f, 0x73, - 0x67, 0xc8, 0x10, 0x96, 0x3f, 0xed, 0x33, 0xd3, 0x44, 0x08, 0x4b, 0x76, 0xab, 0xb0, 0x86, 0xdd, - 0x2a, 0x1e, 0xa1, 0xf1, 0xec, 0x8a, 0x5a, 0x19, 0x19, 0x22, 0x6a, 0x25, 0xf3, 0x31, 0x4a, 0x03, - 0x2e, 0xe4, 0xef, 0xf7, 0x1f, 0x5e, 0xaa, 0x7b, 0x0f, 0x74, 0x3c, 0xb5, 0x04, 0x27, 0x3d, 0x9f, - 0xe5, 0xa4, 0xdd, 0x6c, 0x6f, 0x8b, 0x88, 0xdf, 0x42, 0xfa, 0xb9, 0xa5, 0x95, 0x0c, 0x1c, 0x77, - 0xd5, 0x78, 0x04, 0xa3, 0x88, 0xee, 0x73, 0x48, 0x3f, 0x03, 0x15, 0x45, 0x9b, 0x7b, 0x46, 0xaa, - 0x0f, 0xda, 0xe5, 0x19, 0xa9, 0xbe, 0xa6, 0x81, 0x45, 0x47, 0x62, 0x97, 0x74, 0xb2, 0x33, 0xf3, - 0x2a, 0xe9, 0xb0, 0x5b, 0x52, 0xfb, 0x63, 0x30, 0xa1, 0x8c, 0xc8, 0x41, 0x73, 0xa6, 0xda, 0xef, - 0x8c, 0xc2, 0x64, 0x2a, 0xb3, 0x43, 0xea, 0xcc, 0xc6, 0x3a, 0xf4, 0xcc, 0x86, 0x79, 0xba, 0xb6, - 0x7d, 0x99, 0x95, 0xd8, 0xf0, 0x74, 0x6d, 0xfb, 0x04, 0x73, 0x18, 0x35, 0xdd, 0x6b, 0x51, 0x07, - 0xb7, 0x7d, 0xe1, 0x91, 0xa6, 0x4c, 0xf7, 0x25, 0x56, 0x8a, 0x05, 0x14, 0x7d, 0xd1, 0x82, 0x89, - 0x98, 0x1d, 0x08, 0xf2, 0x13, 0x2f, 0xf1, 0x41, 0xaf, 0xe4, 0xf1, 0xaa, 0xae, 0xc8, 0x62, 0xc2, - 0x2e, 0xb3, 0xcd, 0x12, 0x9c, 0xe2, 0x88, 0xbe, 0x62, 0x99, 0xef, 0x09, 0x8f, 0xe6, 0xe1, 0x49, - 0x99, 0x4d, 0x9c, 0xc1, 0x8f, 0x4a, 0xee, 0xfd, 0xac, 0xb0, 0x7e, 0x66, 0x7c, 0xec, 0xc1, 0x3d, - 0x33, 0xfe, 0x51, 0xa8, 0xb4, 0x1c, 0xdf, 0xab, 0x93, 0x38, 0xe1, 0x27, 0x44, 0x32, 0x9f, 0x8f, - 0x2c, 0xc4, 0x1a, 0x4e, 0x37, 0xbb, 0x98, 0x75, 0x2c, 0x31, 0x8e, 0x74, 0xd8, 0x66, 0xb7, 0xa9, - 0x8b, 0xb1, 0x89, 0x63, 0x9e, 0x3f, 0xc1, 0x43, 0x3d, 0x7f, 0x1a, 0x3f, 0xe4, 0xfc, 0xe9, 0x1f, - 0x5a, 0x70, 0xa6, 0xe7, 0x57, 0x7b, 0x74, 0x7d, 0x94, 0xec, 0xf7, 0x8b, 0x70, 0xaa, 0x47, 0x8a, - 0x16, 0xd4, 0x39, 0xb6, 0xf7, 0xb1, 0x45, 0x0e, 0x98, 0xc9, 0xbe, 0x93, 0x78, 0xb8, 0xd3, 0x5f, - 0x7d, 0x02, 0x5b, 0x7c, 0xb0, 0x27, 0xb0, 0xc6, 0xb4, 0x1c, 0x79, 0xa8, 0xd3, 0xb2, 0x74, 0xc8, - 0xb4, 0x7c, 0xbf, 0x08, 0xc6, 0x73, 0xf7, 0xe8, 0x0b, 0x66, 0xda, 0x24, 0x2b, 0xaf, 0x14, 0x3f, - 0x9c, 0xb8, 0x4a, 0xbb, 0xc4, 0x9b, 0xd3, 0x2b, 0x0b, 0x53, 0x56, 0x02, 0x14, 0x06, 0x90, 0x00, - 0x4d, 0x99, 0x9f, 0xaa, 0x98, 0x7f, 0x7e, 0xaa, 0x4a, 0x36, 0x37, 0x15, 0xfa, 0x5d, 0x0b, 0x66, - 0x5a, 0x7d, 0xf2, 0x28, 0xe6, 0x93, 0x36, 0xa0, 0x5f, 0x96, 0xc6, 0xea, 0x93, 0x77, 0x0e, 0x66, - 0xfb, 0xa6, 0xaf, 0xc4, 0x7d, 0x5b, 0x65, 0xff, 0x4d, 0x8b, 0xaf, 0xe2, 0xcc, 0x57, 0xd0, 0xdb, - 0xac, 0x75, 0x8f, 0x6d, 0xf6, 0x39, 0xf6, 0x02, 0x5b, 0xfd, 0x32, 0x71, 0x9a, 0x62, 0x3b, 0x36, - 0x1f, 0x53, 0x63, 0xe5, 0x58, 0x61, 0xb0, 0x37, 0x13, 0x9a, 0xcd, 0xe0, 0xf6, 0xc5, 0x56, 0x98, - 0x74, 0xc4, 0xc6, 0xac, 0xdf, 0x4c, 0x50, 0x10, 0x6c, 0x60, 0xd9, 0x7f, 0xbb, 0xc0, 0x67, 0xa0, - 0xb8, 0xa4, 0x7c, 0x29, 0x93, 0xa0, 0x7b, 0xf0, 0xfb, 0xbd, 0xcf, 0x03, 0xb8, 0xea, 0xf1, 0xa5, - 0x7c, 0x1e, 0xcf, 0xd7, 0x8f, 0x39, 0x99, 0x2f, 0xba, 0xcb, 0x32, 0x6c, 0xf0, 0x4b, 0x09, 0xa6, - 0xe2, 0xa1, 0x82, 0x29, 0xb5, 0x46, 0x47, 0x0e, 0x59, 0xa3, 0x7f, 0x6e, 0x41, 0x4a, 0xbd, 0x40, - 0x21, 0x94, 0x68, 0x73, 0x3b, 0xf9, 0xbc, 0x2b, 0x65, 0x92, 0xa6, 0x72, 0x46, 0x4c, 0x7b, 0xf6, - 0x13, 0x73, 0x46, 0xa8, 0x29, 0xee, 0x32, 0x0b, 0x79, 0xbc, 0x7d, 0x66, 0x32, 0xbc, 0x1c, 0x04, - 0xbb, 0xfc, 0x0a, 0x44, 0xdf, 0x8b, 0xda, 0x2f, 0xc1, 0x74, 0x57, 0xa3, 0x58, 0x2e, 0xde, 0x40, - 0x3e, 0xa6, 0x65, 0x4c, 0x57, 0x16, 0x50, 0x84, 0x39, 0xcc, 0x7e, 0xd7, 0x82, 0x93, 0x59, 0xf2, - 0xe8, 0x3b, 0x16, 0x4c, 0xc7, 0x59, 0x7a, 0xc7, 0x35, 0x76, 0xca, 0xcf, 0xa7, 0x0b, 0x84, 0xbb, - 0x1b, 0x61, 0xff, 0x3f, 0x31, 0xf9, 0x6f, 0x7a, 0x7e, 0x2d, 0xb8, 0xad, 0x76, 0x79, 0xab, 0xef, - 0x2e, 0x4f, 0xd7, 0xa3, 0xbb, 0x43, 0x6a, 0xed, 0x66, 0x57, 0x24, 0xd3, 0xa6, 0x28, 0xc7, 0x0a, - 0x23, 0xf5, 0x72, 0x75, 0xf1, 0xd0, 0x97, 0xab, 0x5f, 0x84, 0x09, 0xf3, 0xc1, 0x38, 0x31, 0x2f, - 0x99, 0x76, 0x6b, 0xbe, 0x2d, 0x87, 0x53, 0x58, 0x99, 0x27, 0x83, 0x4b, 0x87, 0x3e, 0x19, 0xfc, - 0x2c, 0x94, 0xc5, 0xf3, 0xb7, 0xd2, 0x1b, 0x8e, 0x87, 0x49, 0x89, 0x32, 0xac, 0xa0, 0x54, 0x9a, - 0xb4, 0x1c, 0xbf, 0xed, 0x34, 0xe9, 0x08, 0x89, 0xd8, 0x4e, 0xb5, 0x0c, 0xd7, 0x14, 0x04, 0x1b, - 0x58, 0xb4, 0xc7, 0x89, 0xd7, 0x22, 0xaf, 0x05, 0xbe, 0xf4, 0x23, 0xd1, 0x07, 0xc4, 0xa2, 0x1c, - 0x2b, 0x0c, 0xfb, 0xbf, 0x5a, 0x90, 0x7d, 0xbb, 0x33, 0x75, 0x64, 0x60, 0x1d, 0x1a, 0x4f, 0x9a, - 0x8e, 0x46, 0x2b, 0x0c, 0x14, 0x8d, 0x66, 0x06, 0x8a, 0x15, 0xef, 0x19, 0x28, 0xf6, 0x13, 0xfa, - 0x45, 0x07, 0x1e, 0x51, 0x36, 0xde, 0xeb, 0x35, 0x07, 0x64, 0xc3, 0xa8, 0xeb, 0xa8, 0x8c, 0x03, - 0x13, 0x5c, 0x11, 0x5f, 0x5c, 0x60, 0x48, 0x02, 0x52, 0xdd, 0x7e, 0xef, 0x87, 0xe7, 0x3e, 0xf4, - 0xfd, 0x1f, 0x9e, 0xfb, 0xd0, 0x1f, 0xff, 0xf0, 0xdc, 0x87, 0xbe, 0x78, 0xe7, 0x9c, 0xf5, 0xde, - 0x9d, 0x73, 0xd6, 0xf7, 0xef, 0x9c, 0xb3, 0xfe, 0xf8, 0xce, 0x39, 0xeb, 0xfd, 0x3b, 0xe7, 0xac, - 0x6f, 0xff, 0xa7, 0x73, 0x1f, 0x7a, 0xad, 0xa7, 0xdf, 0x0f, 0xfd, 0xf1, 0xbc, 0x5b, 0x9b, 0xdf, - 0xbb, 0xc0, 0x5c, 0x4f, 0xe8, 0x6a, 0x98, 0x37, 0xa6, 0xc0, 0xbc, 0x5c, 0x0d, 0xff, 0x3f, 0x00, - 0x00, 0xff, 0xff, 0x1e, 0x5d, 0x63, 0x46, 0x8d, 0xc2, 0x00, 0x00, + 0x25, 0x95, 0xaa, 0xb8, 0x2a, 0x1f, 0x7f, 0x72, 0xe5, 0x1f, 0xae, 0xfe, 0xee, 0x99, 0xdd, 0x3d, + 0x2c, 0x80, 0xc1, 0xdd, 0x49, 0xc5, 0x7f, 0xbb, 0xfd, 0xde, 0xbc, 0xd7, 0xd3, 0xd3, 0xfd, 0xfa, + 0xbd, 0x7e, 0x1f, 0x0d, 0xcb, 0x0d, 0x2f, 0xd9, 0x6a, 0x6f, 0xce, 0xb8, 0x41, 0x6b, 0xd6, 0x89, + 0x1a, 0x41, 0x18, 0x05, 0xb7, 0xd8, 0x8f, 0xe7, 0xdd, 0xda, 0xec, 0xce, 0x85, 0xd9, 0x70, 0xbb, + 0x31, 0xeb, 0x84, 0x5e, 0x3c, 0xeb, 0x84, 0x61, 0xd3, 0x73, 0x9d, 0xc4, 0x0b, 0xfc, 0xd9, 0x9d, + 0x17, 0x9c, 0x66, 0xb8, 0xe5, 0xbc, 0x30, 0xdb, 0x20, 0x3e, 0x89, 0x9c, 0x84, 0xd4, 0x66, 0xc2, + 0x28, 0x48, 0x02, 0xf4, 0x53, 0x9a, 0xda, 0x8c, 0xa4, 0xc6, 0x7e, 0x7c, 0xce, 0xad, 0xcd, 0xec, + 0x5c, 0x98, 0x09, 0xb7, 0x1b, 0x33, 0x94, 0xda, 0x8c, 0x41, 0x6d, 0x46, 0x52, 0x3b, 0xfb, 0xbc, + 0xd1, 0x97, 0x46, 0xd0, 0x08, 0x66, 0x19, 0xd1, 0xcd, 0x76, 0x9d, 0xfd, 0x63, 0x7f, 0xd8, 0x2f, + 0xce, 0xec, 0xac, 0xbd, 0xfd, 0x52, 0x3c, 0xe3, 0x05, 0xb4, 0x7b, 0xb3, 0x6e, 0x10, 0x91, 0xd9, + 0x9d, 0xae, 0x0e, 0x9d, 0xbd, 0xac, 0x71, 0xc8, 0x6e, 0x42, 0xfc, 0xd8, 0x0b, 0xfc, 0xf8, 0x79, + 0xda, 0x05, 0x12, 0xed, 0x90, 0xc8, 0x7c, 0x3d, 0x03, 0xa1, 0x17, 0xa5, 0x17, 0x35, 0xa5, 0x96, + 0xe3, 0x6e, 0x79, 0x3e, 0x89, 0x3a, 0xfa, 0xf1, 0x16, 0x49, 0x9c, 0x5e, 0x4f, 0xcd, 0xf6, 0x7b, + 0x2a, 0x6a, 0xfb, 0x89, 0xd7, 0x22, 0x5d, 0x0f, 0x7c, 0x72, 0xbf, 0x07, 0x62, 0x77, 0x8b, 0xb4, + 0x9c, 0xae, 0xe7, 0x3e, 0xde, 0xef, 0xb9, 0x76, 0xe2, 0x35, 0x67, 0x3d, 0x3f, 0x89, 0x93, 0x28, + 0xfb, 0x90, 0xfd, 0x26, 0x8c, 0xcf, 0xdd, 0x5c, 0x9f, 0x6b, 0x27, 0x5b, 0xf3, 0x81, 0x5f, 0xf7, + 0x1a, 0xe8, 0x13, 0x30, 0xea, 0x36, 0xdb, 0x71, 0x42, 0xa2, 0x6b, 0x4e, 0x8b, 0x4c, 0x59, 0xe7, + 0xad, 0x67, 0x2b, 0xd5, 0x53, 0xef, 0xef, 0x4d, 0x3f, 0x72, 0x67, 0x6f, 0x7a, 0x74, 0x5e, 0x83, + 0xb0, 0x89, 0x87, 0x3e, 0x0a, 0x23, 0x51, 0xd0, 0x24, 0x73, 0xf8, 0xda, 0x54, 0x81, 0x3d, 0x72, + 0x42, 0x3c, 0x32, 0x82, 0x79, 0x33, 0x96, 0x70, 0xfb, 0x8f, 0x0a, 0x00, 0x73, 0x61, 0xb8, 0x16, + 0x05, 0xb7, 0x88, 0x9b, 0xa0, 0xcf, 0x43, 0x99, 0x0e, 0x5d, 0xcd, 0x49, 0x1c, 0xc6, 0x6d, 0xf4, + 0xc2, 0x5f, 0x9d, 0xe1, 0x6f, 0x32, 0x63, 0xbe, 0x89, 0x9e, 0x38, 0x14, 0x7b, 0x66, 0xe7, 0x85, + 0x99, 0xd5, 0x4d, 0xfa, 0xfc, 0x0a, 0x49, 0x9c, 0x2a, 0x12, 0xcc, 0x40, 0xb7, 0x61, 0x45, 0x15, + 0xf9, 0x30, 0x14, 0x87, 0xc4, 0x65, 0x1d, 0x1b, 0xbd, 0xb0, 0x3c, 0x73, 0x94, 0x19, 0x3a, 0xa3, + 0x7b, 0xbe, 0x1e, 0x12, 0xb7, 0x3a, 0x26, 0x38, 0x0f, 0xd1, 0x7f, 0x98, 0xf1, 0x41, 0x3b, 0x30, + 0x1c, 0x27, 0x4e, 0xd2, 0x8e, 0xa7, 0x8a, 0x8c, 0xe3, 0xb5, 0xdc, 0x38, 0x32, 0xaa, 0xd5, 0x09, + 0xc1, 0x73, 0x98, 0xff, 0xc7, 0x82, 0x9b, 0xfd, 0x5f, 0x2c, 0x98, 0xd0, 0xc8, 0xcb, 0x5e, 0x9c, + 0xa0, 0x9f, 0xed, 0x1a, 0xdc, 0x99, 0xc1, 0x06, 0x97, 0x3e, 0xcd, 0x86, 0xf6, 0xa4, 0x60, 0x56, + 0x96, 0x2d, 0xc6, 0xc0, 0xb6, 0xa0, 0xe4, 0x25, 0xa4, 0x15, 0x4f, 0x15, 0xce, 0x17, 0x9f, 0x1d, + 0xbd, 0x70, 0x39, 0xaf, 0xf7, 0xac, 0x8e, 0x0b, 0xa6, 0xa5, 0x25, 0x4a, 0x1e, 0x73, 0x2e, 0xf6, + 0xef, 0x8c, 0x99, 0xef, 0x47, 0x07, 0x1c, 0xbd, 0x00, 0xa3, 0x71, 0xd0, 0x8e, 0x5c, 0x82, 0x49, + 0x18, 0xc4, 0x53, 0xd6, 0xf9, 0x22, 0x9d, 0x7a, 0x74, 0xa6, 0xae, 0xeb, 0x66, 0x6c, 0xe2, 0xa0, + 0x6f, 0x5b, 0x30, 0x56, 0x23, 0x71, 0xe2, 0xf9, 0x8c, 0xbf, 0xec, 0xfc, 0xc6, 0x91, 0x3b, 0x2f, + 0x1b, 0x17, 0x34, 0xf1, 0xea, 0x69, 0xf1, 0x22, 0x63, 0x46, 0x63, 0x8c, 0x53, 0xfc, 0xe9, 0x8a, + 0xab, 0x91, 0xd8, 0x8d, 0xbc, 0x90, 0xfe, 0x67, 0x73, 0xc6, 0x58, 0x71, 0x0b, 0x1a, 0x84, 0x4d, + 0x3c, 0xe4, 0x43, 0x89, 0xae, 0xa8, 0x78, 0x6a, 0x88, 0xf5, 0x7f, 0xe9, 0x68, 0xfd, 0x17, 0x83, + 0x4a, 0x17, 0xab, 0x1e, 0x7d, 0xfa, 0x2f, 0xc6, 0x9c, 0x0d, 0xfa, 0x96, 0x05, 0x53, 0x62, 0xc5, + 0x63, 0xc2, 0x07, 0xf4, 0xe6, 0x96, 0x97, 0x90, 0xa6, 0x17, 0x27, 0x53, 0x25, 0xd6, 0x87, 0xd9, + 0xc1, 0xe6, 0xd6, 0x62, 0x14, 0xb4, 0xc3, 0xab, 0x9e, 0x5f, 0xab, 0x9e, 0x17, 0x9c, 0xa6, 0xe6, + 0xfb, 0x10, 0xc6, 0x7d, 0x59, 0xa2, 0x5f, 0xb1, 0xe0, 0xac, 0xef, 0xb4, 0x48, 0x1c, 0x3a, 0xf4, + 0xd3, 0x72, 0x70, 0xb5, 0xe9, 0xb8, 0xdb, 0xac, 0x47, 0xc3, 0x87, 0xeb, 0x91, 0x2d, 0x7a, 0x74, + 0xf6, 0x5a, 0x5f, 0xd2, 0xf8, 0x1e, 0x6c, 0xd1, 0x6f, 0x5a, 0x30, 0x19, 0x44, 0xe1, 0x96, 0xe3, + 0x93, 0x9a, 0x84, 0xc6, 0x53, 0x23, 0x6c, 0xe9, 0x7d, 0xf6, 0x68, 0x9f, 0x68, 0x35, 0x4b, 0x76, + 0x25, 0xf0, 0xbd, 0x24, 0x88, 0xd6, 0x49, 0x92, 0x78, 0x7e, 0x23, 0xae, 0x9e, 0xb9, 0xb3, 0x37, + 0x3d, 0xd9, 0x85, 0x85, 0xbb, 0xfb, 0x83, 0x7e, 0x0e, 0x46, 0xe3, 0x8e, 0xef, 0xde, 0xf4, 0xfc, + 0x5a, 0x70, 0x3b, 0x9e, 0x2a, 0xe7, 0xb1, 0x7c, 0xd7, 0x15, 0x41, 0xb1, 0x00, 0x35, 0x03, 0x6c, + 0x72, 0xeb, 0xfd, 0xe1, 0xf4, 0x54, 0xaa, 0xe4, 0xfd, 0xe1, 0xf4, 0x64, 0xba, 0x07, 0x5b, 0xf4, + 0xcb, 0x16, 0x8c, 0xc7, 0x5e, 0xc3, 0x77, 0x92, 0x76, 0x44, 0xae, 0x92, 0x4e, 0x3c, 0x05, 0xac, + 0x23, 0x57, 0x8e, 0x38, 0x2a, 0x06, 0xc9, 0xea, 0x19, 0xd1, 0xc7, 0x71, 0xb3, 0x35, 0xc6, 0x69, + 0xbe, 0xbd, 0x16, 0x9a, 0x9e, 0xd6, 0xa3, 0xf9, 0x2e, 0x34, 0x3d, 0xa9, 0xfb, 0xb2, 0x44, 0x3f, + 0x03, 0x27, 0x79, 0x93, 0x1a, 0xd9, 0x78, 0x6a, 0x8c, 0x09, 0xda, 0xd3, 0x77, 0xf6, 0xa6, 0x4f, + 0xae, 0x67, 0x60, 0xb8, 0x0b, 0x1b, 0xbd, 0x09, 0xd3, 0x21, 0x89, 0x5a, 0x5e, 0xb2, 0xea, 0x37, + 0x3b, 0x52, 0x7c, 0xbb, 0x41, 0x48, 0x6a, 0xa2, 0x3b, 0xf1, 0xd4, 0xf8, 0x79, 0xeb, 0xd9, 0x72, + 0xf5, 0x23, 0xa2, 0x9b, 0xd3, 0x6b, 0xf7, 0x46, 0xc7, 0xfb, 0xd1, 0xb3, 0xff, 0x5d, 0x01, 0x4e, + 0x66, 0x37, 0x4e, 0xf4, 0xdb, 0x16, 0x9c, 0xb8, 0x75, 0x3b, 0xd9, 0x08, 0xb6, 0x89, 0x1f, 0x57, + 0x3b, 0x54, 0xbc, 0xb1, 0x2d, 0x63, 0xf4, 0x82, 0x9b, 0xef, 0x16, 0x3d, 0x73, 0x25, 0xcd, 0xe5, + 0xa2, 0x9f, 0x44, 0x9d, 0xea, 0x63, 0xe2, 0xed, 0x4e, 0x5c, 0xb9, 0xb9, 0x61, 0x42, 0x71, 0xb6, + 0x53, 0x67, 0xbf, 0x61, 0xc1, 0xe9, 0x5e, 0x24, 0xd0, 0x49, 0x28, 0x6e, 0x93, 0x0e, 0xd7, 0xca, + 0x30, 0xfd, 0x89, 0xde, 0x80, 0xd2, 0x8e, 0xd3, 0x6c, 0x13, 0xa1, 0xdd, 0x2c, 0x1e, 0xed, 0x45, + 0x54, 0xcf, 0x30, 0xa7, 0xfa, 0x93, 0x85, 0x97, 0x2c, 0xfb, 0x3f, 0x14, 0x61, 0xd4, 0xd8, 0xdf, + 0xee, 0x83, 0xc6, 0x16, 0xa4, 0x34, 0xb6, 0x95, 0xdc, 0xb6, 0xe6, 0xbe, 0x2a, 0xdb, 0xed, 0x8c, + 0xca, 0xb6, 0x9a, 0x1f, 0xcb, 0x7b, 0xea, 0x6c, 0x28, 0x81, 0x4a, 0x10, 0x52, 0x8d, 0x9c, 0x6e, + 0xfd, 0x43, 0x79, 0x7c, 0xc2, 0x55, 0x49, 0xae, 0x3a, 0x7e, 0x67, 0x6f, 0xba, 0xa2, 0xfe, 0x62, + 0xcd, 0xc8, 0xfe, 0x81, 0x05, 0xa7, 0x8d, 0x3e, 0xce, 0x07, 0x7e, 0xcd, 0x63, 0x9f, 0xf6, 0x3c, + 0x0c, 0x25, 0x9d, 0x50, 0xaa, 0xfd, 0x6a, 0xa4, 0x36, 0x3a, 0x21, 0xc1, 0x0c, 0x42, 0x15, 0xfd, + 0x16, 0x89, 0x63, 0xa7, 0x41, 0xb2, 0x8a, 0xfe, 0x0a, 0x6f, 0xc6, 0x12, 0x8e, 0x22, 0x40, 0x4d, + 0x27, 0x4e, 0x36, 0x22, 0xc7, 0x8f, 0x19, 0xf9, 0x0d, 0xaf, 0x45, 0xc4, 0x00, 0xff, 0x95, 0xc1, + 0x66, 0x0c, 0x7d, 0xa2, 0xfa, 0xe8, 0x9d, 0xbd, 0x69, 0xb4, 0xdc, 0x45, 0x09, 0xf7, 0xa0, 0x6e, + 0xff, 0x8a, 0x05, 0x8f, 0xf6, 0xd6, 0xc5, 0xd0, 0x33, 0x30, 0xcc, 0x4d, 0x3e, 0xf1, 0x76, 0xfa, + 0x93, 0xb0, 0x56, 0x2c, 0xa0, 0x68, 0x16, 0x2a, 0x6a, 0x9f, 0x10, 0xef, 0x38, 0x29, 0x50, 0x2b, + 0x7a, 0x73, 0xd1, 0x38, 0x74, 0xd0, 0xe8, 0x1f, 0xa1, 0xb9, 0xa9, 0x41, 0x63, 0x46, 0x12, 0x83, + 0xd8, 0x7f, 0x66, 0xc1, 0x09, 0xa3, 0x57, 0xf7, 0x41, 0x35, 0xf7, 0xd3, 0xaa, 0xf9, 0x52, 0x6e, + 0xf3, 0xb9, 0x8f, 0x6e, 0xfe, 0x2d, 0x0b, 0xce, 0x1a, 0x58, 0x2b, 0x4e, 0xe2, 0x6e, 0x5d, 0xdc, + 0x0d, 0x23, 0x12, 0x53, 0x73, 0x1a, 0x3d, 0x65, 0xc8, 0xad, 0xea, 0xa8, 0xa0, 0x50, 0xbc, 0x4a, + 0x3a, 0x5c, 0x88, 0x3d, 0x07, 0x65, 0x3e, 0x39, 0x83, 0x48, 0x8c, 0xb8, 0x7a, 0xb7, 0x55, 0xd1, + 0x8e, 0x15, 0x06, 0xb2, 0x61, 0x98, 0x09, 0x27, 0xba, 0x58, 0xe9, 0x36, 0x04, 0xf4, 0x23, 0xde, + 0x60, 0x2d, 0x58, 0x40, 0xec, 0xd5, 0x54, 0x77, 0xd6, 0x22, 0xc2, 0x3e, 0x6e, 0xed, 0x92, 0x47, + 0x9a, 0xb5, 0x98, 0x9a, 0x0d, 0x8e, 0xef, 0x07, 0x89, 0xb0, 0x00, 0x0c, 0xb3, 0x61, 0x4e, 0x37, + 0x63, 0x13, 0xc7, 0xbe, 0x53, 0x60, 0xc6, 0x87, 0x5a, 0xd6, 0xe4, 0x7e, 0x58, 0xae, 0x51, 0x4a, + 0x0e, 0xae, 0xe5, 0x27, 0x94, 0x48, 0x7f, 0xeb, 0xf5, 0xad, 0x8c, 0x28, 0xc4, 0xb9, 0x72, 0xbd, + 0xb7, 0x05, 0xfb, 0x7b, 0x05, 0x98, 0x4e, 0x3f, 0xd0, 0x25, 0x49, 0xa9, 0xb9, 0x64, 0x30, 0xca, + 0x1e, 0x50, 0x18, 0xf8, 0xd8, 0xc4, 0xeb, 0x23, 0x8c, 0x0a, 0xc7, 0x29, 0x8c, 0x4c, 0x59, 0x59, + 0xdc, 0x47, 0x56, 0x3e, 0xa3, 0x46, 0x7d, 0x28, 0x23, 0x9c, 0xd2, 0xfb, 0xc5, 0x79, 0x18, 0x8a, + 0x13, 0x12, 0x4e, 0x95, 0xd2, 0xb2, 0x66, 0x3d, 0x21, 0x21, 0x66, 0x10, 0xfb, 0x7f, 0x16, 0xe0, + 0xb1, 0xf4, 0x18, 0x6a, 0xf1, 0xfe, 0xa9, 0x94, 0x78, 0xff, 0x98, 0x29, 0xde, 0xef, 0xee, 0x4d, + 0x3f, 0xd1, 0xe7, 0xb1, 0x1f, 0x19, 0xe9, 0x8f, 0x16, 0x33, 0xa3, 0x38, 0x9b, 0x1e, 0xc5, 0xbb, + 0x7b, 0xd3, 0x4f, 0xf5, 0x79, 0xc7, 0xcc, 0x30, 0x3f, 0x03, 0xc3, 0x11, 0x71, 0xe2, 0xc0, 0x17, + 0x03, 0xad, 0x3e, 0x07, 0x66, 0xad, 0x58, 0x40, 0xed, 0x3f, 0x2b, 0x67, 0x07, 0x7b, 0x91, 0x1f, + 0xb0, 0x05, 0x11, 0xf2, 0x60, 0x88, 0xa9, 0xec, 0x5c, 0x34, 0x5c, 0x3d, 0xda, 0x32, 0xa2, 0x22, + 0x5e, 0x91, 0xae, 0x96, 0xe9, 0x57, 0xa3, 0x4d, 0x98, 0xb1, 0x40, 0xbb, 0x50, 0x76, 0xa5, 0x26, + 0x5d, 0xc8, 0xe3, 0xcc, 0x49, 0xe8, 0xd1, 0x9a, 0xe3, 0x18, 0x95, 0xc5, 0x4a, 0xfd, 0x56, 0xdc, + 0x10, 0x81, 0x62, 0xc3, 0x4b, 0xc4, 0x67, 0x3d, 0xa2, 0xad, 0xb4, 0xe8, 0x19, 0xaf, 0x38, 0x42, + 0x37, 0x88, 0x45, 0x2f, 0xc1, 0x94, 0x3e, 0xfa, 0x9a, 0x05, 0xa3, 0xb1, 0xdb, 0x5a, 0x8b, 0x82, + 0x1d, 0xaf, 0x46, 0x22, 0xa1, 0x29, 0x1d, 0x51, 0x34, 0xad, 0xcf, 0xaf, 0x48, 0x82, 0x9a, 0x2f, + 0xb7, 0x5d, 0x35, 0x04, 0x9b, 0x7c, 0xa9, 0x05, 0xf1, 0x98, 0x78, 0xf7, 0x05, 0xe2, 0x7a, 0x74, + 0x6f, 0x93, 0x06, 0x13, 0x9b, 0x29, 0x47, 0xd6, 0x1c, 0x17, 0xda, 0xee, 0x36, 0x5d, 0x6f, 0xba, + 0x43, 0x4f, 0xdc, 0xd9, 0x9b, 0x7e, 0x6c, 0xbe, 0x37, 0x4f, 0xdc, 0xaf, 0x33, 0x6c, 0xc0, 0xc2, + 0x76, 0xb3, 0x89, 0xc9, 0x9b, 0x6d, 0xc2, 0x8e, 0x43, 0x72, 0x18, 0xb0, 0x35, 0x4d, 0x30, 0x33, + 0x60, 0x06, 0x04, 0x9b, 0x7c, 0xd1, 0x9b, 0x30, 0xdc, 0x72, 0x92, 0xc8, 0xdb, 0x15, 0x67, 0x20, + 0x47, 0xd4, 0xe5, 0x57, 0x18, 0x2d, 0xcd, 0x9c, 0x6d, 0xfd, 0xbc, 0x11, 0x0b, 0x46, 0xa8, 0x05, + 0xa5, 0x16, 0x89, 0x1a, 0x64, 0xaa, 0x9c, 0xc7, 0x79, 0xef, 0x0a, 0x25, 0xa5, 0x19, 0x56, 0xa8, + 0xe6, 0xc3, 0xda, 0x30, 0xe7, 0x82, 0xde, 0x80, 0x72, 0x4c, 0x9a, 0xc4, 0xa5, 0xba, 0x4b, 0x85, + 0x71, 0xfc, 0xf8, 0x80, 0x7a, 0x9c, 0xb3, 0x49, 0x9a, 0xeb, 0xe2, 0x51, 0xbe, 0xc0, 0xe4, 0x3f, + 0xac, 0x48, 0xda, 0xff, 0xcd, 0x02, 0x94, 0x96, 0x30, 0xf7, 0x41, 0x7b, 0x7c, 0x33, 0xad, 0x3d, + 0x2e, 0xe7, 0xa9, 0x02, 0xf4, 0x51, 0x20, 0xdf, 0x2f, 0x43, 0x46, 0x36, 0x5f, 0x23, 0x71, 0x42, + 0x6a, 0x1f, 0xca, 0xd3, 0x0f, 0xe5, 0xe9, 0x87, 0xf2, 0x54, 0xc9, 0xd3, 0xcd, 0x8c, 0x3c, 0x7d, + 0xc5, 0x58, 0xf5, 0xda, 0x7b, 0xf9, 0x39, 0xe5, 0xde, 0x34, 0x7b, 0x60, 0x20, 0x50, 0x49, 0x70, + 0x65, 0x7d, 0xf5, 0x5a, 0x4f, 0x01, 0xfa, 0xb9, 0xb4, 0x00, 0x3d, 0x2a, 0x8b, 0xfb, 0x2e, 0x32, + 0xff, 0x76, 0x01, 0x1e, 0x4f, 0x8b, 0x12, 0x1c, 0x34, 0x9b, 0x41, 0x3b, 0xa1, 0x5a, 0x32, 0xfa, + 0x75, 0x0b, 0x4e, 0xb6, 0xd2, 0xe6, 0x69, 0x2c, 0x4e, 0x01, 0x3f, 0x9d, 0x9b, 0x9c, 0xcb, 0xd8, + 0xbf, 0xd5, 0x29, 0x21, 0xf3, 0x4e, 0x66, 0x00, 0x31, 0xee, 0xea, 0x0b, 0x7a, 0x03, 0x2a, 0x2d, + 0x67, 0xf7, 0x7a, 0x58, 0x73, 0x12, 0x69, 0xa0, 0xf4, 0xb7, 0x2b, 0xdb, 0x89, 0xd7, 0x9c, 0xe1, + 0xbe, 0xdd, 0x99, 0x25, 0x3f, 0x59, 0x8d, 0xd6, 0x93, 0xc8, 0xf3, 0x1b, 0xfc, 0xec, 0x67, 0x45, + 0x92, 0xc1, 0x9a, 0xa2, 0xfd, 0x77, 0xad, 0xac, 0xa0, 0x55, 0xa3, 0x13, 0x39, 0x09, 0x69, 0x74, + 0xd0, 0x17, 0xa0, 0x44, 0x2d, 0x09, 0x39, 0x2a, 0x37, 0xf3, 0x94, 0xfe, 0xc6, 0x97, 0xd0, 0x1b, + 0x01, 0xfd, 0x17, 0x63, 0xce, 0xd4, 0xfe, 0x8b, 0x52, 0x76, 0xc3, 0x63, 0x9e, 0xbe, 0x0b, 0x00, + 0x8d, 0x60, 0x83, 0xb4, 0xc2, 0x26, 0x1d, 0x16, 0x8b, 0x1d, 0x17, 0x2b, 0xe3, 0x79, 0x51, 0x41, + 0xb0, 0x81, 0x85, 0xfe, 0x86, 0x05, 0xd0, 0x90, 0x0b, 0x4b, 0x6e, 0x66, 0xd7, 0xf3, 0x7c, 0x1d, + 0xbd, 0x6c, 0x75, 0x5f, 0x14, 0x43, 0x6c, 0x30, 0x47, 0x5f, 0xb1, 0xa0, 0x9c, 0xc8, 0xee, 0x73, + 0xf1, 0xbe, 0x91, 0x67, 0x4f, 0xe4, 0x4b, 0xeb, 0x7d, 0x5d, 0x0d, 0x89, 0xe2, 0x8b, 0x7e, 0xc9, + 0x02, 0x88, 0x3b, 0xbe, 0xbb, 0x16, 0x34, 0x3d, 0xb7, 0x23, 0xa4, 0xfe, 0x8d, 0x5c, 0x0d, 0x7c, + 0x45, 0xbd, 0x3a, 0x41, 0x47, 0x43, 0xff, 0xc7, 0x06, 0x67, 0xf4, 0x45, 0x28, 0xc7, 0x62, 0xba, + 0x09, 0x39, 0xbf, 0x91, 0xef, 0x31, 0x03, 0xa7, 0x2d, 0x44, 0x84, 0xf8, 0x87, 0x15, 0x4f, 0xf4, + 0xab, 0x16, 0x9c, 0x08, 0xd3, 0x87, 0x42, 0x42, 0xa4, 0xe7, 0x27, 0x03, 0x32, 0x87, 0x4e, 0xd5, + 0x53, 0x77, 0xf6, 0xa6, 0x4f, 0x64, 0x1a, 0x71, 0xb6, 0x17, 0xf6, 0xf7, 0x0a, 0xa9, 0xa3, 0x59, + 0x75, 0x66, 0xc2, 0x26, 0xb3, 0x2b, 0xcd, 0x55, 0xb9, 0x36, 0x73, 0x9d, 0xcc, 0xca, 0x18, 0xd6, + 0x93, 0x59, 0x35, 0xc5, 0xd8, 0x60, 0x4e, 0xb7, 0xed, 0x49, 0x27, 0x7b, 0x32, 0x23, 0xd6, 0xd7, + 0x1b, 0x79, 0x76, 0xa9, 0xfb, 0x20, 0xfd, 0x71, 0xd1, 0xb5, 0xc9, 0x2e, 0x10, 0xee, 0xee, 0x92, + 0xfd, 0xbd, 0xf4, 0x71, 0xb0, 0x31, 0x35, 0x06, 0x38, 0xea, 0xfe, 0xb6, 0x05, 0xa3, 0x51, 0xd0, + 0x6c, 0x7a, 0x7e, 0x83, 0x4e, 0x63, 0x21, 0x8b, 0x5f, 0x3f, 0x16, 0x71, 0x28, 0xe6, 0x2b, 0xdb, + 0xfc, 0xb1, 0xe6, 0x89, 0xcd, 0x0e, 0xd8, 0x5f, 0xb6, 0x60, 0xaa, 0xdf, 0x72, 0x43, 0x04, 0x9e, + 0x90, 0x73, 0x49, 0x39, 0x7a, 0x57, 0xfd, 0x05, 0xd2, 0x24, 0xea, 0x9c, 0xac, 0x5c, 0x7d, 0x5a, + 0xbc, 0xe6, 0x13, 0x6b, 0xfd, 0x51, 0xf1, 0xbd, 0xe8, 0xd8, 0xbf, 0x55, 0xc8, 0x8e, 0xa8, 0x12, + 0xb7, 0xdf, 0xb5, 0xba, 0x8c, 0x92, 0x4f, 0x1f, 0x87, 0x88, 0x63, 0xe6, 0x8b, 0xf2, 0xf7, 0xf6, + 0xc7, 0x79, 0x80, 0x0e, 0x25, 0xfb, 0xdf, 0x0f, 0xc1, 0x3d, 0x7a, 0xa6, 0x5c, 0x06, 0x56, 0x3f, + 0x97, 0xc1, 0xc1, 0xbd, 0x10, 0xdf, 0xb4, 0x60, 0xb8, 0x49, 0xf5, 0x23, 0x7e, 0x2c, 0x3e, 0x7a, + 0xa1, 0x76, 0x5c, 0x63, 0xcf, 0xd5, 0xb0, 0x98, 0x3b, 0x35, 0xd5, 0xc9, 0x18, 0x6f, 0xc4, 0xa2, + 0x0f, 0xe8, 0x5d, 0x2b, 0x7d, 0xc6, 0xce, 0xa3, 0x54, 0xbc, 0x63, 0xeb, 0x93, 0x71, 0x70, 0xcf, + 0x3b, 0xa6, 0x8f, 0x84, 0xfb, 0x1c, 0xe9, 0xa3, 0x19, 0x80, 0xba, 0xe7, 0x3b, 0x4d, 0xef, 0x2d, + 0x6a, 0xe7, 0x95, 0x98, 0x13, 0x80, 0x6d, 0x5a, 0x97, 0x54, 0x2b, 0x36, 0x30, 0xce, 0xfe, 0x75, + 0x18, 0x35, 0xde, 0xbc, 0x87, 0x2f, 0xf6, 0xb4, 0xe9, 0x8b, 0xad, 0x18, 0x2e, 0xd4, 0xb3, 0xaf, + 0xc0, 0xc9, 0x6c, 0x07, 0x0f, 0xf2, 0xbc, 0xfd, 0xdb, 0xc3, 0xd9, 0x83, 0xf1, 0x0d, 0x12, 0xb5, + 0x68, 0xd7, 0x3e, 0xb4, 0x8f, 0x3f, 0xb4, 0x8f, 0x3f, 0xb4, 0x8f, 0xe5, 0x1f, 0xfb, 0x4e, 0x09, + 0x52, 0x9a, 0x01, 0xef, 0xdd, 0x47, 0x61, 0x24, 0x22, 0x61, 0x70, 0x1d, 0x2f, 0x0b, 0x89, 0xab, + 0xa3, 0x53, 0x79, 0x33, 0x96, 0x70, 0x2a, 0x99, 0x43, 0x27, 0xd9, 0x12, 0x22, 0x57, 0x49, 0xe6, + 0x35, 0x27, 0xd9, 0xc2, 0x0c, 0x82, 0x5e, 0x81, 0x89, 0xc4, 0x89, 0x1a, 0x24, 0xc1, 0x64, 0x87, + 0x0d, 0x82, 0x70, 0x36, 0x3c, 0x2a, 0x70, 0x27, 0x36, 0x52, 0x50, 0x9c, 0xc1, 0x46, 0x6f, 0xc2, + 0xd0, 0x16, 0x69, 0xb6, 0x84, 0x01, 0xbf, 0x9e, 0x9f, 0x44, 0x64, 0xef, 0x7a, 0x99, 0x34, 0x5b, + 0x7c, 0xbd, 0xd2, 0x5f, 0x98, 0xb1, 0xa2, 0x5f, 0xa7, 0xb2, 0xdd, 0x8e, 0x93, 0xa0, 0xe5, 0xbd, + 0x25, 0xcd, 0xfa, 0x4f, 0xe7, 0xcc, 0xf8, 0xaa, 0xa4, 0xcf, 0x6d, 0x4f, 0xf5, 0x17, 0x6b, 0xce, + 0xac, 0x1f, 0x35, 0x2f, 0x62, 0x66, 0x7a, 0x67, 0x0a, 0x8e, 0xa5, 0x1f, 0x0b, 0x92, 0x3e, 0xef, + 0x87, 0xfa, 0x8b, 0x35, 0x67, 0xd4, 0x81, 0xe1, 0xb0, 0xd9, 0x6e, 0x78, 0xfe, 0xd4, 0x28, 0xeb, + 0xc3, 0xf5, 0x9c, 0xfb, 0xb0, 0xc6, 0x88, 0xf3, 0xc3, 0x15, 0xfe, 0x1b, 0x0b, 0x86, 0xe8, 0x69, + 0x28, 0xb9, 0x5b, 0x4e, 0x94, 0x4c, 0x8d, 0xb1, 0x49, 0xa3, 0x6c, 0xe0, 0x79, 0xda, 0x88, 0x39, + 0x0c, 0x3d, 0x05, 0xc5, 0x88, 0xd4, 0x59, 0x50, 0x94, 0xe1, 0x2e, 0xc7, 0xa4, 0x8e, 0x69, 0xbb, + 0xfd, 0xf7, 0x0b, 0x69, 0xe5, 0x22, 0xfd, 0xde, 0x7c, 0xb6, 0xbb, 0xed, 0x28, 0x96, 0x76, 0xb2, + 0x31, 0xdb, 0x59, 0x33, 0x96, 0x70, 0xf4, 0x65, 0x0b, 0x46, 0x6e, 0xc5, 0x81, 0xef, 0x93, 0x44, + 0x08, 0xf2, 0x1b, 0x39, 0x0f, 0xc5, 0x15, 0x4e, 0x5d, 0xf7, 0x41, 0x34, 0x60, 0xc9, 0x97, 0x76, + 0x97, 0xec, 0xba, 0xcd, 0x76, 0xad, 0xcb, 0x4b, 0x7a, 0x91, 0x37, 0x63, 0x09, 0xa7, 0xa8, 0x9e, + 0xcf, 0x51, 0x87, 0xd2, 0xa8, 0x4b, 0xbe, 0x40, 0x15, 0x70, 0xfb, 0x77, 0x4b, 0x70, 0xa6, 0xe7, + 0xe2, 0xa0, 0xdb, 0x3e, 0xdb, 0x58, 0x2f, 0x79, 0x4d, 0x22, 0x7d, 0xff, 0x6c, 0xdb, 0xbf, 0xa1, + 0x5a, 0xb1, 0x81, 0x81, 0x7e, 0x01, 0x20, 0x74, 0x22, 0xa7, 0x45, 0xc4, 0x76, 0x57, 0x3c, 0xfa, + 0xee, 0x4a, 0xfb, 0xb1, 0x26, 0x69, 0x6a, 0x6b, 0x4b, 0x35, 0xc5, 0xd8, 0x60, 0x89, 0x3e, 0x01, + 0xa3, 0x11, 0x69, 0x12, 0x27, 0x66, 0x31, 0x75, 0xd9, 0x00, 0x61, 0xac, 0x41, 0xd8, 0xc4, 0x43, + 0xcf, 0xa8, 0x30, 0x89, 0x8c, 0x4b, 0x39, 0x1d, 0x2a, 0x81, 0xde, 0xb6, 0x60, 0xa2, 0xee, 0x35, + 0x89, 0xe6, 0x2e, 0xc2, 0x79, 0x57, 0x8f, 0xfe, 0x92, 0x97, 0x4c, 0xba, 0x5a, 0x42, 0xa6, 0x9a, + 0x63, 0x9c, 0x61, 0x4f, 0x3f, 0xf3, 0x0e, 0x89, 0x98, 0x68, 0x1d, 0x4e, 0x7f, 0xe6, 0x1b, 0xbc, + 0x19, 0x4b, 0x38, 0x9a, 0x83, 0x13, 0xa1, 0x13, 0xc7, 0xf3, 0x11, 0xa9, 0x11, 0x3f, 0xf1, 0x9c, + 0x26, 0x0f, 0xb6, 0x2d, 0xeb, 0x60, 0xbb, 0xb5, 0x34, 0x18, 0x67, 0xf1, 0xd1, 0x67, 0xe0, 0x31, + 0xaf, 0xe1, 0x07, 0x11, 0x59, 0xf1, 0xe2, 0xd8, 0xf3, 0x1b, 0x7a, 0x1a, 0x30, 0x49, 0x59, 0xae, + 0x4e, 0x0b, 0x52, 0x8f, 0x2d, 0xf5, 0x46, 0xc3, 0xfd, 0x9e, 0x47, 0xcf, 0x41, 0x39, 0xde, 0xf6, + 0xc2, 0xf9, 0xa8, 0x16, 0xb3, 0x83, 0xce, 0xb2, 0x3e, 0x9d, 0x59, 0x17, 0xed, 0x58, 0x61, 0xd8, + 0xbf, 0x56, 0x48, 0x9b, 0x77, 0xe6, 0xfa, 0x41, 0x31, 0x5d, 0x25, 0xc9, 0x0d, 0x27, 0x92, 0xa6, + 0xff, 0x11, 0xc3, 0x75, 0x05, 0xdd, 0x1b, 0x4e, 0x64, 0xae, 0x37, 0xc6, 0x00, 0x4b, 0x4e, 0xe8, + 0x16, 0x0c, 0x25, 0x4d, 0x27, 0xa7, 0xf8, 0x7e, 0x83, 0xa3, 0xb6, 0xb6, 0x97, 0xe7, 0x62, 0xcc, + 0x78, 0xa0, 0x27, 0xa9, 0xfa, 0xba, 0x29, 0x63, 0x7a, 0x84, 0xc6, 0xb9, 0x19, 0x63, 0xd6, 0x6a, + 0xbf, 0x3b, 0xd2, 0x43, 0xe4, 0xa9, 0x3d, 0x06, 0x5d, 0x00, 0xa0, 0x96, 0xd0, 0x5a, 0x44, 0xea, + 0xde, 0xae, 0xd8, 0xe3, 0xd5, 0xb2, 0xba, 0xa6, 0x20, 0xd8, 0xc0, 0x92, 0xcf, 0xac, 0xb7, 0xeb, + 0xf4, 0x99, 0x42, 0xf7, 0x33, 0x1c, 0x82, 0x0d, 0x2c, 0xf4, 0x22, 0x0c, 0x7b, 0x2d, 0xa7, 0xa1, + 0x42, 0x8f, 0x9e, 0xa4, 0xeb, 0x69, 0x89, 0xb5, 0xdc, 0xdd, 0x9b, 0x9e, 0x50, 0x1d, 0x62, 0x4d, + 0x58, 0xe0, 0xa2, 0xdf, 0xb2, 0x60, 0xcc, 0x0d, 0x5a, 0xad, 0xc0, 0xe7, 0xf6, 0x83, 0x30, 0x86, + 0x6e, 0x1d, 0xd7, 0x0e, 0x3c, 0x33, 0x6f, 0x30, 0xe3, 0xd6, 0x90, 0x4a, 0x44, 0x30, 0x41, 0x38, + 0xd5, 0x2b, 0x73, 0xd9, 0x95, 0xf6, 0x59, 0x76, 0xff, 0xdc, 0x82, 0x49, 0xfe, 0xac, 0x61, 0xd6, + 0x88, 0x98, 0xfb, 0xe0, 0x98, 0x5f, 0xab, 0xcb, 0xd2, 0x53, 0x47, 0x42, 0x5d, 0x70, 0xdc, 0xdd, + 0x49, 0xb4, 0x08, 0x93, 0xf5, 0x20, 0x72, 0x89, 0x39, 0x10, 0x42, 0x66, 0x28, 0x42, 0x97, 0xb2, + 0x08, 0xb8, 0xfb, 0x19, 0x74, 0x03, 0x1e, 0x35, 0x1a, 0xcd, 0x71, 0xe0, 0x62, 0xe3, 0x9c, 0xa0, + 0xf6, 0xe8, 0xa5, 0x9e, 0x58, 0xb8, 0xcf, 0xd3, 0x69, 0xcb, 0xbf, 0xb2, 0xbf, 0xe5, 0x7f, 0xf6, + 0x53, 0x30, 0xd9, 0xf5, 0xc1, 0x0f, 0x64, 0x9d, 0x2e, 0xc0, 0xa3, 0xbd, 0x87, 0xf6, 0x40, 0x36, + 0xea, 0x3f, 0xcd, 0x04, 0x1e, 0x19, 0x9a, 0xd0, 0x00, 0xe7, 0x1d, 0x0e, 0x14, 0x89, 0xbf, 0x23, + 0x24, 0xcd, 0xa5, 0xa3, 0x4d, 0xa1, 0x8b, 0xfe, 0x0e, 0x9f, 0x19, 0xcc, 0xa8, 0xbb, 0xe8, 0xef, + 0x60, 0x4a, 0x1b, 0xbd, 0x63, 0xa5, 0x76, 0x72, 0x7e, 0x4a, 0xf2, 0xd9, 0x63, 0x51, 0xfd, 0x06, + 0xde, 0xdc, 0xed, 0xef, 0x15, 0xe0, 0xfc, 0x7e, 0x44, 0x06, 0x18, 0xbe, 0xa7, 0x61, 0x38, 0x66, + 0x9e, 0x1f, 0xb1, 0x74, 0x47, 0xe9, 0xb2, 0xe5, 0xbe, 0xa0, 0xcf, 0x61, 0x01, 0x42, 0xbf, 0x64, + 0x41, 0xb1, 0xe5, 0x84, 0xe2, 0xcd, 0x1b, 0xc7, 0xfb, 0xe6, 0x33, 0x2b, 0x4e, 0xc8, 0xbf, 0x82, + 0x52, 0x60, 0x57, 0x9c, 0x10, 0xd3, 0x0e, 0xa0, 0x69, 0x28, 0x39, 0x51, 0xe4, 0x74, 0x98, 0x20, + 0xac, 0x70, 0x0f, 0xe1, 0x1c, 0x6d, 0xc0, 0xbc, 0xfd, 0xec, 0x27, 0xa1, 0x2c, 0x1f, 0x3f, 0xd0, + 0x1c, 0xfc, 0xe6, 0x48, 0x2a, 0xd0, 0x96, 0x79, 0x8e, 0x62, 0x18, 0x16, 0x16, 0xb3, 0x95, 0x77, + 0x6c, 0x37, 0xcf, 0x94, 0x60, 0x6a, 0xbe, 0xc8, 0x37, 0x13, 0xac, 0xd0, 0x37, 0x2c, 0x96, 0xd5, + 0x25, 0x83, 0x8f, 0x85, 0x72, 0x7d, 0x3c, 0x49, 0x66, 0x66, 0xae, 0x98, 0x6c, 0xc4, 0x26, 0x77, + 0x2a, 0xd9, 0x43, 0x9e, 0x9f, 0x90, 0x55, 0xb1, 0x65, 0xde, 0x97, 0x84, 0xa3, 0xdd, 0x1e, 0x1e, + 0xa2, 0x1c, 0x32, 0x83, 0x06, 0xf0, 0x09, 0xbd, 0x6b, 0xc1, 0x24, 0x57, 0xa4, 0x16, 0xbc, 0x7a, + 0x9d, 0x44, 0xc4, 0x77, 0x89, 0x54, 0x45, 0x8f, 0xe8, 0x83, 0x94, 0xc7, 0x14, 0x4b, 0x59, 0xf2, + 0x5a, 0xe4, 0x77, 0x81, 0x70, 0x77, 0x67, 0x50, 0x0d, 0x86, 0x3c, 0xbf, 0x1e, 0x88, 0x8d, 0xae, + 0x7a, 0xb4, 0x4e, 0x2d, 0xf9, 0xf5, 0x40, 0xaf, 0x65, 0xfa, 0x0f, 0x33, 0xea, 0x68, 0x19, 0x4e, + 0x47, 0xe2, 0xb0, 0xe0, 0xb2, 0x17, 0x53, 0x93, 0x6e, 0xd9, 0x6b, 0x79, 0x09, 0xdb, 0xa4, 0x8a, + 0xd5, 0xa9, 0x3b, 0x7b, 0xd3, 0xa7, 0x71, 0x0f, 0x38, 0xee, 0xf9, 0x14, 0x7a, 0x0b, 0x46, 0x64, + 0x1a, 0x5a, 0x39, 0x0f, 0xb5, 0xbe, 0x7b, 0xfe, 0xab, 0xc9, 0xb4, 0x2e, 0x32, 0xce, 0x24, 0x43, + 0xfb, 0xdf, 0x00, 0x74, 0xfb, 0x69, 0xd0, 0xcf, 0x43, 0x25, 0x52, 0xa9, 0x71, 0x56, 0x1e, 0x11, + 0x46, 0xf2, 0xfb, 0x0a, 0x1f, 0x91, 0xda, 0x2e, 0x75, 0x12, 0x9c, 0xe6, 0x48, 0x95, 0xda, 0x58, + 0xbb, 0x73, 0x72, 0x98, 0xdb, 0x82, 0xab, 0x76, 0x03, 0x74, 0x7c, 0x17, 0x33, 0x1e, 0x28, 0x82, + 0xe1, 0x2d, 0xe2, 0x34, 0x93, 0xad, 0x7c, 0x4e, 0x2c, 0x2f, 0x33, 0x5a, 0xd9, 0x20, 0x6a, 0xde, + 0x8a, 0x05, 0x27, 0xb4, 0x0b, 0x23, 0x5b, 0x7c, 0x02, 0x08, 0x3d, 0x73, 0xe5, 0xa8, 0x83, 0x9b, + 0x9a, 0x55, 0xfa, 0x73, 0x8b, 0x06, 0x2c, 0xd9, 0x31, 0xf7, 0xb2, 0xe1, 0xa2, 0xe4, 0x4b, 0x37, + 0xbf, 0xf8, 0xf1, 0xc1, 0xfd, 0x93, 0x9f, 0x87, 0xb1, 0x88, 0xb8, 0x81, 0xef, 0x7a, 0x4d, 0x52, + 0x9b, 0x93, 0xa7, 0x91, 0x07, 0x89, 0x3a, 0x3e, 0x49, 0x75, 0x65, 0x6c, 0xd0, 0xc0, 0x29, 0x8a, + 0xe8, 0xeb, 0x16, 0x4c, 0xa8, 0x7c, 0x1a, 0xfa, 0x41, 0x88, 0x38, 0xcf, 0x5b, 0xce, 0x29, 0x7b, + 0x87, 0xd1, 0xac, 0x22, 0x6a, 0x2d, 0xa7, 0xdb, 0x70, 0x86, 0x2f, 0x7a, 0x0d, 0x20, 0xd8, 0xe4, + 0x3e, 0xe4, 0xb9, 0x44, 0x1c, 0xee, 0x1d, 0xe4, 0x55, 0x27, 0x78, 0xfa, 0x81, 0xa4, 0x80, 0x0d, + 0x6a, 0xe8, 0x2a, 0x00, 0x5f, 0x36, 0x1b, 0x9d, 0x50, 0x2a, 0xa3, 0x32, 0x6c, 0x1c, 0xd6, 0x15, + 0xe4, 0xee, 0xde, 0x74, 0xf7, 0x61, 0x0b, 0xf3, 0xa4, 0x1a, 0x8f, 0xa3, 0x9f, 0x83, 0x91, 0xb8, + 0xdd, 0x6a, 0x39, 0xea, 0xe8, 0x2f, 0xc7, 0x84, 0x06, 0x4e, 0xd7, 0x10, 0x45, 0xbc, 0x01, 0x4b, + 0x8e, 0xe8, 0x16, 0x15, 0xaa, 0xb1, 0x38, 0x05, 0x62, 0xab, 0x88, 0xeb, 0x04, 0xa3, 0xec, 0x9d, + 0x3e, 0x29, 0x9e, 0x3b, 0x8d, 0x7b, 0xe0, 0xdc, 0xdd, 0x9b, 0x7e, 0x34, 0xdd, 0xbe, 0x1c, 0x88, + 0x14, 0x83, 0x9e, 0x34, 0xd1, 0x15, 0x99, 0x95, 0x4e, 0x5f, 0x5b, 0x26, 0x4b, 0x3e, 0xab, 0xb3, + 0xd2, 0x59, 0x73, 0xff, 0x31, 0x33, 0x1f, 0xb6, 0xfd, 0x74, 0x34, 0x8c, 0x78, 0x9b, 0x17, 0x61, + 0x8c, 0xec, 0x26, 0x24, 0xf2, 0x9d, 0xe6, 0x75, 0xbc, 0x2c, 0x4f, 0xb1, 0xd8, 0xa4, 0xbd, 0x68, + 0xb4, 0xe3, 0x14, 0x16, 0xb2, 0x95, 0xf5, 0x5a, 0xd0, 0x89, 0x33, 0xdc, 0x7a, 0x95, 0xb6, 0xaa, + 0xfd, 0xff, 0x0b, 0x29, 0x0d, 0x6a, 0x23, 0x22, 0x04, 0x05, 0x50, 0xf2, 0x83, 0x9a, 0x12, 0xd6, + 0x57, 0xf2, 0x11, 0xd6, 0xd7, 0x82, 0x9a, 0x91, 0x6b, 0x4e, 0xff, 0xc5, 0x98, 0xf3, 0x61, 0xc9, + 0xb8, 0x32, 0x6b, 0x99, 0x01, 0x84, 0x5d, 0x90, 0x27, 0x67, 0x95, 0x8c, 0xbb, 0x6a, 0x32, 0xc2, + 0x69, 0xbe, 0x68, 0x1b, 0x4a, 0x5b, 0x41, 0x9c, 0x48, 0x6b, 0xe1, 0x88, 0x86, 0xc9, 0xe5, 0x20, + 0x4e, 0xd8, 0xb6, 0xaf, 0x5e, 0x9b, 0xb6, 0xc4, 0x98, 0xf3, 0xb0, 0xff, 0xbb, 0x95, 0x3a, 0xb3, + 0xbc, 0xc9, 0x22, 0xc3, 0x76, 0x88, 0x4f, 0xd7, 0xa1, 0x19, 0xac, 0xf0, 0xd7, 0x32, 0x89, 0x1b, + 0x1f, 0xe9, 0x57, 0xf9, 0xe3, 0x36, 0xa5, 0x30, 0xc3, 0x48, 0x18, 0x71, 0x0d, 0x5f, 0xb2, 0xd2, + 0x29, 0x34, 0x7c, 0x23, 0xcc, 0x31, 0x45, 0x6c, 0xdf, 0x6c, 0x1c, 0xfb, 0x1d, 0x0b, 0x46, 0xaa, + 0x8e, 0xbb, 0x1d, 0xd4, 0xeb, 0xe8, 0x39, 0x28, 0xd7, 0xda, 0x91, 0x99, 0xcd, 0xa3, 0x0e, 0xc9, + 0x16, 0x44, 0x3b, 0x56, 0x18, 0x74, 0x0e, 0xd7, 0x1d, 0x57, 0x26, 0x8a, 0x15, 0xf9, 0x1c, 0xbe, + 0xc4, 0x5a, 0xb0, 0x80, 0xa0, 0x4f, 0xc0, 0x68, 0xcb, 0xd9, 0x95, 0x0f, 0x67, 0x0f, 0x4c, 0x57, + 0x34, 0x08, 0x9b, 0x78, 0xf6, 0xbf, 0xb5, 0x60, 0xaa, 0xea, 0xc4, 0x9e, 0x3b, 0xd7, 0x4e, 0xb6, + 0xaa, 0x5e, 0xb2, 0xd9, 0x76, 0xb7, 0x49, 0xc2, 0xb3, 0x03, 0x69, 0x2f, 0xdb, 0x31, 0x5d, 0x4a, + 0xca, 0x0c, 0x53, 0xbd, 0xbc, 0x2e, 0xda, 0xb1, 0xc2, 0x40, 0x6f, 0xc1, 0x68, 0xe8, 0xc4, 0xf1, + 0xed, 0x20, 0xaa, 0x61, 0x52, 0xcf, 0x27, 0x37, 0x77, 0x9d, 0xb8, 0x11, 0x49, 0x30, 0xa9, 0x0b, + 0x17, 0x98, 0xa6, 0x8f, 0x4d, 0x66, 0xf6, 0xef, 0x55, 0x60, 0x44, 0xf8, 0xef, 0x06, 0xce, 0x79, + 0x94, 0x06, 0x66, 0xa1, 0xaf, 0x81, 0x19, 0xc3, 0xb0, 0xcb, 0x2a, 0xc4, 0x08, 0x4d, 0xe6, 0x6a, + 0x2e, 0x0e, 0x5f, 0x5e, 0x74, 0x46, 0x77, 0x8b, 0xff, 0xc7, 0x82, 0x15, 0xfa, 0x8e, 0x05, 0x27, + 0xdc, 0xc0, 0xf7, 0x89, 0xab, 0xb7, 0xd9, 0xa1, 0x3c, 0x42, 0x38, 0xe6, 0xd3, 0x44, 0xf5, 0x69, + 0x71, 0x06, 0x80, 0xb3, 0xec, 0xd1, 0xcb, 0x30, 0xce, 0xc7, 0xec, 0x46, 0xea, 0xa8, 0x4c, 0xa7, + 0xf6, 0x9b, 0x40, 0x9c, 0xc6, 0x45, 0x33, 0xfc, 0xc8, 0x51, 0x24, 0xd1, 0x0f, 0x6b, 0xd7, 0x83, + 0x91, 0x3e, 0x6f, 0x60, 0xa0, 0x08, 0x50, 0x44, 0xea, 0x11, 0x89, 0xb7, 0x84, 0x7f, 0x93, 0x6d, + 0xf1, 0x23, 0x87, 0xcb, 0xa1, 0xc2, 0x5d, 0x94, 0x70, 0x0f, 0xea, 0x68, 0x5b, 0xd8, 0x38, 0xe5, + 0x3c, 0xa4, 0x82, 0xf8, 0xcc, 0x7d, 0x4d, 0x9d, 0x69, 0x28, 0xc5, 0x5b, 0x4e, 0x54, 0x63, 0xaa, + 0x45, 0x91, 0x1f, 0x04, 0xac, 0xd3, 0x06, 0xcc, 0xdb, 0xd1, 0x02, 0x9c, 0xcc, 0x14, 0x26, 0x88, + 0x99, 0xf2, 0x50, 0xd6, 0x21, 0xb5, 0x99, 0x92, 0x06, 0x31, 0xee, 0x7a, 0xc2, 0xb4, 0x7f, 0x47, + 0xf7, 0xb1, 0x7f, 0x3b, 0x2a, 0x8a, 0x66, 0x8c, 0x49, 0xfc, 0x57, 0x73, 0x19, 0x80, 0x81, 0x42, + 0x66, 0xbe, 0x95, 0x09, 0x99, 0x19, 0x67, 0x1d, 0xb8, 0x91, 0x4f, 0x07, 0x0e, 0x1e, 0x1f, 0xf3, + 0x20, 0xe3, 0x5d, 0xfe, 0x9f, 0x05, 0xf2, 0xbb, 0xce, 0x3b, 0xee, 0x16, 0xa1, 0x53, 0x06, 0xbd, + 0x02, 0x13, 0xca, 0x8a, 0x9b, 0x0f, 0xda, 0x3e, 0x0f, 0x75, 0x29, 0x6a, 0xb7, 0x12, 0x4e, 0x41, + 0x71, 0x06, 0x1b, 0xcd, 0x42, 0x85, 0x8e, 0x13, 0x7f, 0x94, 0xef, 0x1e, 0xca, 0x52, 0x9c, 0x5b, + 0x5b, 0x12, 0x4f, 0x69, 0x1c, 0x14, 0xc0, 0x64, 0xd3, 0x89, 0x13, 0xd6, 0x03, 0x6a, 0xd4, 0x1d, + 0x32, 0x83, 0x91, 0xd5, 0x65, 0x59, 0xce, 0x12, 0xc2, 0xdd, 0xb4, 0xed, 0x1f, 0x0c, 0xc1, 0x78, + 0x4a, 0x32, 0x1e, 0x70, 0xdb, 0x79, 0x0e, 0xca, 0x72, 0x27, 0xc8, 0xe6, 0x51, 0xab, 0xed, 0x42, + 0x61, 0xd0, 0x6d, 0x72, 0x93, 0x38, 0x11, 0x89, 0x58, 0xc9, 0x87, 0xec, 0x36, 0x59, 0xd5, 0x20, + 0x6c, 0xe2, 0x31, 0xa1, 0x9c, 0x34, 0xe3, 0xf9, 0xa6, 0x47, 0xfc, 0x84, 0x77, 0x33, 0x1f, 0xa1, + 0xbc, 0xb1, 0xbc, 0x6e, 0x12, 0xd5, 0x42, 0x39, 0x03, 0xc0, 0x59, 0xf6, 0xe8, 0xab, 0x16, 0x8c, + 0x3b, 0xb7, 0x63, 0x5d, 0xc6, 0x4c, 0x04, 0xc7, 0x1c, 0x71, 0x93, 0x4a, 0x55, 0x46, 0xab, 0x4e, + 0x52, 0xf1, 0x9e, 0x6a, 0xc2, 0x69, 0xa6, 0xe8, 0xbb, 0x16, 0x20, 0xb2, 0x4b, 0x5c, 0x19, 0xbe, + 0x23, 0xfa, 0x32, 0x9c, 0x87, 0xb1, 0x73, 0xb1, 0x8b, 0x2e, 0x97, 0xea, 0xdd, 0xed, 0xb8, 0x47, + 0x1f, 0xec, 0x7f, 0x59, 0x54, 0x0b, 0x4a, 0x47, 0x8c, 0x39, 0x46, 0x1e, 0x86, 0x75, 0xf8, 0x3c, + 0x0c, 0xed, 0xd3, 0xec, 0xca, 0xc5, 0x48, 0x87, 0xbd, 0x17, 0x1e, 0x50, 0xd8, 0xfb, 0x57, 0xac, + 0x54, 0xc5, 0x80, 0xd1, 0x0b, 0xaf, 0xe5, 0x1b, 0xad, 0x36, 0xc3, 0x3d, 0xea, 0x19, 0xe9, 0x9e, + 0x76, 0xb3, 0x53, 0x69, 0x6a, 0xa0, 0x1d, 0x48, 0x1a, 0xfe, 0xe7, 0x22, 0x8c, 0x1a, 0x3b, 0x69, + 0x4f, 0xb5, 0xc8, 0x7a, 0xc8, 0xd4, 0xa2, 0xc2, 0x01, 0xd4, 0xa2, 0x5f, 0x80, 0x8a, 0x2b, 0xa5, + 0x7c, 0x3e, 0x35, 0xf3, 0xb2, 0x7b, 0x87, 0x16, 0xf4, 0xaa, 0x09, 0x6b, 0x9e, 0x68, 0x31, 0x15, + 0xce, 0x2e, 0x76, 0x88, 0x21, 0xb6, 0x43, 0xf4, 0x8a, 0x37, 0x17, 0x3b, 0x45, 0xf7, 0x33, 0xac, + 0xb0, 0x44, 0xe8, 0x89, 0xf7, 0x92, 0x31, 0xa5, 0xbc, 0xb0, 0xc4, 0xda, 0x92, 0x6c, 0xc6, 0x26, + 0x8e, 0xfd, 0x03, 0x4b, 0x7d, 0xdc, 0xfb, 0x90, 0xd9, 0x79, 0x2b, 0x9d, 0xd9, 0x79, 0x31, 0x97, + 0x61, 0xee, 0x93, 0xd2, 0x79, 0x0d, 0x46, 0xe6, 0x83, 0x56, 0xcb, 0xf1, 0x6b, 0xe8, 0x27, 0x60, + 0xc4, 0xe5, 0x3f, 0xc5, 0x51, 0x05, 0xf3, 0x4f, 0x09, 0x28, 0x96, 0x30, 0xf4, 0x24, 0x0c, 0x39, + 0x51, 0x43, 0x1e, 0x4f, 0xb0, 0x18, 0x80, 0xb9, 0xa8, 0x11, 0x63, 0xd6, 0x6a, 0xbf, 0x5d, 0x04, + 0x98, 0x0f, 0x5a, 0xa1, 0x13, 0x91, 0xda, 0x46, 0xc0, 0x6a, 0xf6, 0x1c, 0xab, 0x5f, 0x47, 0x1b, + 0x4b, 0x0f, 0xb3, 0x6f, 0xc7, 0x38, 0xdf, 0x2f, 0xde, 0xef, 0xf3, 0xfd, 0x6f, 0x5a, 0x80, 0xe8, + 0x17, 0x09, 0x7c, 0xe2, 0x27, 0xda, 0x5d, 0x39, 0x0b, 0x15, 0x57, 0xb6, 0x0a, 0xad, 0x45, 0xaf, + 0x3f, 0x09, 0xc0, 0x1a, 0x67, 0x00, 0xf3, 0xf3, 0x69, 0x29, 0x1c, 0x8b, 0xe9, 0xb0, 0x39, 0x26, + 0x52, 0x85, 0xac, 0xb4, 0x7f, 0xbf, 0x00, 0x8f, 0xf2, 0xfd, 0x6e, 0xc5, 0xf1, 0x9d, 0x06, 0x69, + 0xd1, 0x5e, 0x0d, 0xea, 0x80, 0x76, 0xa9, 0xdd, 0xe3, 0xc9, 0x30, 0xb8, 0xa3, 0x2e, 0x0c, 0x3e, + 0xa1, 0xf9, 0x14, 0x5e, 0xf2, 0xbd, 0x04, 0x33, 0xe2, 0x28, 0x86, 0xb2, 0xac, 0xc0, 0x2a, 0x04, + 0x5d, 0x4e, 0x8c, 0xd4, 0x9a, 0x17, 0x9b, 0x12, 0xc1, 0x8a, 0x11, 0xd5, 0x0a, 0x9b, 0x81, 0xbb, + 0x8d, 0x49, 0x18, 0x30, 0xa1, 0x66, 0x44, 0x21, 0x2d, 0x8b, 0x76, 0xac, 0x30, 0xec, 0xdf, 0xb7, + 0x20, 0x2b, 0xee, 0x8d, 0xea, 0x24, 0xd6, 0x3d, 0xab, 0x93, 0x1c, 0xa0, 0x3c, 0xc8, 0xcf, 0xc2, + 0xa8, 0x93, 0xd0, 0x1d, 0x9a, 0xdb, 0xb4, 0xc5, 0xc3, 0x1d, 0x5b, 0xaf, 0x04, 0x35, 0xaf, 0xee, + 0x31, 0x5b, 0xd6, 0x24, 0x67, 0xff, 0x9f, 0x21, 0x98, 0xec, 0x0a, 0x6d, 0x46, 0x2f, 0xc1, 0x98, + 0x2b, 0xa6, 0x47, 0x88, 0x49, 0x5d, 0xbc, 0x8c, 0x11, 0x1a, 0xa3, 0x61, 0x38, 0x85, 0x39, 0xc0, + 0x04, 0x5d, 0x82, 0x53, 0x11, 0xb5, 0xa2, 0xdb, 0x64, 0xae, 0x9e, 0x90, 0x68, 0x9d, 0xb8, 0x81, + 0x5f, 0xe3, 0x35, 0x74, 0x8a, 0xd5, 0xc7, 0xee, 0xec, 0x4d, 0x9f, 0xc2, 0xdd, 0x60, 0xdc, 0xeb, + 0x19, 0x14, 0xc2, 0x78, 0xd3, 0x54, 0xb0, 0x84, 0x76, 0x7d, 0x28, 0xdd, 0x4c, 0x6d, 0xc0, 0xa9, + 0x66, 0x9c, 0x66, 0x90, 0xd6, 0xd2, 0x4a, 0x0f, 0x48, 0x4b, 0xfb, 0x45, 0xad, 0xa5, 0x71, 0xff, + 0xea, 0xeb, 0x39, 0x87, 0xb6, 0x1f, 0xb7, 0x9a, 0xf6, 0x2a, 0x94, 0x65, 0xe4, 0xc9, 0x40, 0x11, + 0x1b, 0x26, 0x9d, 0x3e, 0x12, 0xed, 0x6e, 0x01, 0x7a, 0x68, 0xf8, 0x74, 0x9d, 0xe9, 0xed, 0x34, + 0xb5, 0xce, 0x0e, 0xb6, 0xa5, 0xa2, 0x5d, 0x1e, 0x75, 0xc3, 0x37, 0x8e, 0xcf, 0xe4, 0x6d, 0xa1, + 0xe8, 0x40, 0x1c, 0x15, 0x02, 0xa2, 0x82, 0x71, 0x2e, 0x00, 0x68, 0x2d, 0x48, 0x44, 0xa8, 0x2a, + 0xb7, 0x9e, 0x56, 0x96, 0xb0, 0x81, 0x45, 0x0d, 0x56, 0xcf, 0x8f, 0x13, 0xa7, 0xd9, 0xbc, 0xec, + 0xf9, 0x89, 0x38, 0x79, 0x53, 0x3b, 0xe4, 0x92, 0x06, 0x61, 0x13, 0xef, 0xec, 0x27, 0x8d, 0xef, + 0x72, 0x90, 0xef, 0xb9, 0x05, 0x8f, 0x2f, 0x7a, 0x89, 0x8a, 0xab, 0x56, 0xf3, 0x88, 0x2a, 0x39, + 0x2a, 0x4f, 0xc0, 0xea, 0x9b, 0x27, 0x60, 0xc4, 0x35, 0x17, 0xd2, 0x61, 0xd8, 0xd9, 0xb8, 0x66, + 0xfb, 0x25, 0x38, 0xbd, 0xe8, 0x25, 0x97, 0xbc, 0x26, 0x39, 0x20, 0x13, 0xfb, 0xab, 0x25, 0x18, + 0x33, 0xf3, 0x58, 0x0e, 0x92, 0xea, 0xf0, 0x6d, 0xaa, 0xc7, 0x88, 0xb7, 0xf3, 0x94, 0x8f, 0xe5, + 0xe6, 0x91, 0x93, 0x6a, 0x7a, 0x8f, 0x98, 0xa1, 0xca, 0x68, 0x9e, 0xd8, 0xec, 0x00, 0xba, 0x0d, + 0xa5, 0x3a, 0x8b, 0xbb, 0x2d, 0xe6, 0xe1, 0x39, 0xee, 0x35, 0xa2, 0x7a, 0x99, 0xf1, 0xc8, 0x5d, + 0xce, 0x8f, 0xee, 0x90, 0x51, 0x3a, 0x99, 0x43, 0x09, 0x2a, 0x95, 0xc6, 0xa1, 0x30, 0xfa, 0x89, + 0xfa, 0xd2, 0x21, 0x44, 0x7d, 0x4a, 0xf0, 0x0e, 0x3f, 0x20, 0xc1, 0xcb, 0x62, 0xa8, 0x93, 0x2d, + 0xa6, 0xbf, 0x89, 0x08, 0xda, 0x11, 0x36, 0x08, 0x46, 0x0c, 0x75, 0x0a, 0x8c, 0xb3, 0xf8, 0xf6, + 0x37, 0x0b, 0x30, 0xb1, 0xe8, 0xb7, 0xd7, 0x16, 0xd7, 0xda, 0x9b, 0x4d, 0xcf, 0xbd, 0x4a, 0x3a, + 0x54, 0xbe, 0x6d, 0x93, 0xce, 0xd2, 0x82, 0x98, 0x86, 0x6a, 0xe0, 0xaf, 0xd2, 0x46, 0xcc, 0x61, + 0x74, 0x45, 0xd7, 0x3d, 0xbf, 0x41, 0xa2, 0x30, 0xf2, 0xc4, 0xa1, 0x9c, 0xb1, 0xa2, 0x2f, 0x69, + 0x10, 0x36, 0xf1, 0x28, 0xed, 0xe0, 0xb6, 0x4f, 0xa2, 0xac, 0x36, 0xb8, 0x4a, 0x1b, 0x31, 0x87, + 0x51, 0xa4, 0x24, 0x6a, 0xc7, 0x89, 0xf8, 0xa2, 0x0a, 0x69, 0x83, 0x36, 0x62, 0x0e, 0xa3, 0xcb, + 0x25, 0x6e, 0x6f, 0x32, 0xef, 0x76, 0x26, 0xe6, 0x75, 0x9d, 0x37, 0x63, 0x09, 0xa7, 0xa8, 0xdb, + 0xa4, 0xb3, 0x40, 0xed, 0xb2, 0x4c, 0x54, 0xfa, 0x55, 0xde, 0x8c, 0x25, 0x9c, 0x15, 0xed, 0x49, + 0x0f, 0xc7, 0x8f, 0x5c, 0xd1, 0x9e, 0x74, 0xf7, 0xfb, 0x58, 0x78, 0xbf, 0x61, 0xc1, 0x98, 0x19, + 0x93, 0x82, 0x1a, 0x19, 0x45, 0x71, 0xb5, 0xab, 0x00, 0xdb, 0x4f, 0xf7, 0xba, 0x6d, 0xa2, 0xe1, + 0x25, 0x41, 0x18, 0x3f, 0x4f, 0xfc, 0x86, 0xe7, 0x13, 0xe6, 0xb9, 0xe4, 0xb1, 0x2c, 0xa9, 0x80, + 0x97, 0xf9, 0xa0, 0x46, 0x0e, 0xa1, 0x69, 0xda, 0x37, 0x61, 0xb2, 0x2b, 0x15, 0x61, 0x80, 0xfd, + 0x79, 0xdf, 0x44, 0x30, 0x1b, 0xc3, 0x28, 0x25, 0xbc, 0x1a, 0xf2, 0xa0, 0x93, 0x79, 0x98, 0xe4, + 0x3a, 0x04, 0xe5, 0xb4, 0xee, 0x6e, 0x91, 0x96, 0x4a, 0x2f, 0x61, 0x27, 0xc0, 0x37, 0xb2, 0x40, + 0xdc, 0x8d, 0x6f, 0x7f, 0xcb, 0x82, 0xf1, 0x54, 0x76, 0x48, 0x4e, 0x9a, 0x04, 0x5b, 0x69, 0x01, + 0x0b, 0x91, 0x62, 0x51, 0xa2, 0x45, 0xb6, 0x23, 0xe9, 0x95, 0xa6, 0x41, 0xd8, 0xc4, 0xb3, 0xdf, + 0x29, 0x40, 0x59, 0x7a, 0xad, 0x07, 0xe8, 0xca, 0x37, 0x2c, 0x18, 0x57, 0xa7, 0xee, 0xec, 0x38, + 0x87, 0x4f, 0xc6, 0x6b, 0x47, 0xf7, 0x9b, 0xab, 0x18, 0x3e, 0xbf, 0x1e, 0x68, 0xb5, 0x16, 0x9b, + 0xcc, 0x70, 0x9a, 0x37, 0xba, 0x01, 0x10, 0x77, 0xe2, 0x84, 0xb4, 0x8c, 0x83, 0x25, 0xdb, 0x58, + 0x71, 0x33, 0x6e, 0x10, 0x11, 0xba, 0xbe, 0xae, 0x05, 0x35, 0xb2, 0xae, 0x30, 0xb5, 0x1e, 0xa2, + 0xdb, 0xb0, 0x41, 0xc9, 0xfe, 0xc7, 0x05, 0x38, 0x99, 0xed, 0x12, 0x7a, 0x1d, 0xc6, 0x24, 0x77, + 0xe3, 0xe6, 0x0c, 0xe9, 0xaa, 0x1f, 0xc3, 0x06, 0xec, 0xee, 0xde, 0xf4, 0x74, 0xf7, 0xcd, 0x25, + 0x33, 0x26, 0x0a, 0x4e, 0x11, 0xe3, 0xae, 0x0f, 0xe1, 0xa3, 0xab, 0x76, 0xe6, 0xc2, 0x50, 0xf8, + 0x2f, 0x0c, 0xd7, 0x87, 0x09, 0xc5, 0x19, 0x6c, 0xb4, 0x06, 0xa7, 0x8d, 0x96, 0x6b, 0xc4, 0x6b, + 0x6c, 0x6d, 0x06, 0x91, 0x34, 0x4f, 0x9e, 0xd4, 0xd1, 0x2f, 0xdd, 0x38, 0xb8, 0xe7, 0x93, 0x74, + 0xcb, 0x74, 0x9d, 0xd0, 0x71, 0xbd, 0xa4, 0x23, 0x4e, 0xca, 0x94, 0x6c, 0x9a, 0x17, 0xed, 0x58, + 0x61, 0xd8, 0x2b, 0x30, 0x34, 0xe0, 0x0c, 0x1a, 0x48, 0x2d, 0x7e, 0x15, 0xca, 0x94, 0x9c, 0xd4, + 0x91, 0xf2, 0x20, 0x19, 0x40, 0x59, 0x16, 0xbf, 0x46, 0x36, 0x14, 0x3d, 0x47, 0x7a, 0x97, 0xd4, + 0x6b, 0x2d, 0xc5, 0x71, 0x9b, 0x59, 0x9a, 0x14, 0x88, 0x9e, 0x86, 0x22, 0xd9, 0x0d, 0xb3, 0x6e, + 0xa4, 0x8b, 0xbb, 0xa1, 0x17, 0x91, 0x98, 0x22, 0x91, 0xdd, 0x10, 0x9d, 0x85, 0x82, 0x57, 0x13, + 0x9b, 0x14, 0x08, 0x9c, 0xc2, 0xd2, 0x02, 0x2e, 0x78, 0x35, 0x7b, 0x17, 0x2a, 0xaa, 0xda, 0x36, + 0xda, 0x96, 0xb2, 0xdb, 0xca, 0x23, 0xcc, 0x44, 0xd2, 0xed, 0x23, 0xb5, 0xdb, 0x00, 0x3a, 0x17, + 0x27, 0x2f, 0xf9, 0x72, 0x1e, 0x86, 0xdc, 0x40, 0xa4, 0xf0, 0x95, 0x35, 0x19, 0x26, 0xb4, 0x19, + 0xc4, 0xbe, 0x09, 0x13, 0x57, 0xfd, 0xe0, 0x36, 0x2b, 0x27, 0xca, 0x8a, 0x9d, 0x50, 0xc2, 0x75, + 0xfa, 0x23, 0xab, 0x22, 0x30, 0x28, 0xe6, 0x30, 0x55, 0xa7, 0xa3, 0xd0, 0xaf, 0x4e, 0x87, 0xfd, + 0x25, 0x0b, 0x4e, 0xaa, 0x24, 0x11, 0x29, 0x8d, 0x5f, 0x82, 0xb1, 0xcd, 0xb6, 0xd7, 0xac, 0x89, + 0xff, 0x59, 0x5b, 0xbf, 0x6a, 0xc0, 0x70, 0x0a, 0x93, 0x5a, 0x26, 0x9b, 0x9e, 0xef, 0x44, 0x9d, + 0x35, 0x2d, 0xfe, 0x95, 0x44, 0xa8, 0x2a, 0x08, 0x36, 0xb0, 0xec, 0xaf, 0x14, 0x60, 0x3c, 0x95, + 0x32, 0x8f, 0x9a, 0x50, 0x26, 0x4d, 0x76, 0x02, 0x25, 0x3f, 0xea, 0x51, 0xeb, 0x68, 0xa9, 0x89, + 0x78, 0x51, 0xd0, 0xc5, 0x8a, 0xc3, 0x43, 0xe1, 0x66, 0xb1, 0xff, 0xa0, 0x08, 0x53, 0xfc, 0xe0, + 0xad, 0xa6, 0xe2, 0x19, 0x56, 0xa4, 0x76, 0xf2, 0x37, 0x75, 0x79, 0x0a, 0x3e, 0x1c, 0x9b, 0x47, + 0xad, 0x04, 0xd9, 0x9b, 0xd1, 0x40, 0x9e, 0xf6, 0x5f, 0xcf, 0x78, 0xda, 0x0b, 0x79, 0x24, 0x44, + 0xf4, 0xed, 0xd1, 0x8f, 0x96, 0xeb, 0xfd, 0x1f, 0x14, 0xe0, 0x44, 0xa6, 0xcc, 0x26, 0x7a, 0x3b, + 0x5d, 0x48, 0xcb, 0xca, 0xe3, 0x78, 0xe6, 0x9e, 0xc5, 0x1e, 0x0f, 0x56, 0x4e, 0xeb, 0x41, 0x4d, + 0xf8, 0x3f, 0x2c, 0xc0, 0x44, 0xba, 0x3e, 0xe8, 0x43, 0x38, 0x52, 0x1f, 0x83, 0x0a, 0xab, 0xba, + 0xc7, 0xee, 0x34, 0xe1, 0xa7, 0x40, 0xbc, 0x38, 0x9c, 0x6c, 0xc4, 0x1a, 0xfe, 0x50, 0x54, 0x29, + 0xb3, 0xff, 0xa1, 0x05, 0x67, 0xf8, 0x5b, 0x66, 0xe7, 0xe1, 0xdf, 0xea, 0x35, 0xba, 0x6f, 0xe4, + 0xdb, 0xc1, 0x4c, 0x59, 0x95, 0xfd, 0xc6, 0x97, 0xdd, 0xa5, 0x20, 0x7a, 0x9b, 0x9e, 0x0a, 0x0f, + 0x61, 0x67, 0x0f, 0x34, 0x19, 0xec, 0x3f, 0x2c, 0x82, 0xbe, 0x3e, 0x02, 0x79, 0x22, 0x6d, 0x22, + 0x97, 0xf2, 0x32, 0xeb, 0x1d, 0xdf, 0xd5, 0x17, 0x55, 0x94, 0x33, 0x59, 0x13, 0xbf, 0x6c, 0xc1, + 0xa8, 0xe7, 0x7b, 0x89, 0xe7, 0x30, 0xa5, 0x33, 0x9f, 0xf2, 0xf7, 0x8a, 0xdd, 0x12, 0xa7, 0x1c, + 0x44, 0xe6, 0xd1, 0xa1, 0x62, 0x86, 0x4d, 0xce, 0xe8, 0xf3, 0x22, 0x18, 0xae, 0x98, 0x5b, 0xc2, + 0x4f, 0x39, 0x13, 0x01, 0x17, 0x42, 0x29, 0x22, 0x49, 0x24, 0x53, 0xad, 0xae, 0x1e, 0x35, 0xc2, + 0x39, 0x89, 0x3a, 0xaa, 0x9a, 0x98, 0xbe, 0xc8, 0x8b, 0x36, 0x63, 0xce, 0xc8, 0x8e, 0x01, 0x75, + 0x8f, 0xc5, 0x01, 0x03, 0x8d, 0x66, 0xa1, 0xe2, 0xb4, 0x93, 0xa0, 0x45, 0x87, 0x49, 0x9c, 0x6e, + 0xea, 0x50, 0x2a, 0x09, 0xc0, 0x1a, 0xc7, 0x7e, 0xbb, 0x04, 0x99, 0x3c, 0x06, 0xb4, 0x6b, 0x5e, + 0x7d, 0x62, 0xe5, 0x7b, 0xf5, 0x89, 0xea, 0x4c, 0xaf, 0xeb, 0x4f, 0x50, 0x03, 0x4a, 0xe1, 0x96, + 0x13, 0x4b, 0x9d, 0xf2, 0x55, 0x39, 0x4c, 0x6b, 0xb4, 0xf1, 0xee, 0xde, 0xf4, 0xcf, 0x0c, 0x76, + 0x46, 0x41, 0xe7, 0xea, 0x2c, 0x4f, 0x30, 0xd6, 0xac, 0x19, 0x0d, 0xcc, 0xe9, 0x1f, 0xe4, 0x02, + 0x80, 0x2f, 0x8b, 0xd2, 0x8c, 0x98, 0xc4, 0xed, 0x66, 0x22, 0x66, 0xc3, 0xab, 0x39, 0xae, 0x32, + 0x4e, 0x58, 0x67, 0xe0, 0xf1, 0xff, 0xd8, 0x60, 0x8a, 0x5e, 0x87, 0x4a, 0x9c, 0x38, 0x51, 0x72, + 0xc8, 0x9c, 0x19, 0x35, 0xe8, 0xeb, 0x92, 0x08, 0xd6, 0xf4, 0xd0, 0x6b, 0xac, 0xda, 0x96, 0x17, + 0x6f, 0x1d, 0x32, 0x86, 0x55, 0x56, 0xe6, 0x12, 0x14, 0xb0, 0x41, 0x8d, 0xaa, 0xec, 0x6c, 0x6e, + 0xf3, 0xc0, 0x8d, 0x32, 0xb3, 0xc9, 0x94, 0x28, 0xc4, 0x0a, 0x82, 0x0d, 0x2c, 0xfb, 0x8b, 0x70, + 0x2a, 0x7b, 0x57, 0x9a, 0x38, 0xb6, 0x6c, 0x44, 0x41, 0x3b, 0xcc, 0xda, 0x24, 0xec, 0x2e, 0x2d, + 0xcc, 0x61, 0xd4, 0x26, 0xd9, 0xf6, 0xfc, 0x5a, 0xd6, 0x26, 0xb9, 0xea, 0xf9, 0x35, 0xcc, 0x20, + 0x03, 0xdc, 0x09, 0xf3, 0xaf, 0x2c, 0x38, 0xbf, 0xdf, 0x95, 0x6e, 0xe8, 0x49, 0x18, 0xba, 0xed, + 0x44, 0xb2, 0x7a, 0x1f, 0x93, 0x1d, 0x37, 0x9d, 0xc8, 0xc7, 0xac, 0x15, 0x75, 0x60, 0x98, 0xe7, + 0x28, 0x0a, 0x05, 0xf6, 0xd5, 0x7c, 0x2f, 0x98, 0xbb, 0x4a, 0x0c, 0x0d, 0x9a, 0xe7, 0x47, 0x62, + 0xc1, 0xd0, 0xfe, 0xc0, 0x02, 0xb4, 0xba, 0x43, 0xa2, 0xc8, 0xab, 0x19, 0x59, 0x95, 0xe8, 0x45, + 0x18, 0xbb, 0xb5, 0xbe, 0x7a, 0x6d, 0x2d, 0xf0, 0x7c, 0x96, 0x63, 0x6d, 0xe4, 0xa5, 0x5c, 0x31, + 0xda, 0x71, 0x0a, 0x0b, 0xcd, 0xc3, 0xe4, 0xad, 0x37, 0xa9, 0x1d, 0x65, 0x96, 0xe4, 0x2d, 0xe8, + 0x93, 0xb3, 0x2b, 0xaf, 0x66, 0x80, 0xb8, 0x1b, 0x1f, 0xad, 0xc2, 0x99, 0x16, 0xd7, 0xc0, 0x79, + 0x25, 0x4d, 0xae, 0x8e, 0x47, 0xb2, 0x52, 0xc3, 0xe3, 0x77, 0xf6, 0xa6, 0xcf, 0xac, 0xf4, 0x42, + 0xc0, 0xbd, 0x9f, 0xb3, 0xdf, 0x2b, 0xc0, 0xa8, 0x71, 0x2d, 0xe2, 0x00, 0x86, 0x72, 0xe6, 0x26, + 0xc7, 0xc2, 0x80, 0x37, 0x39, 0x3e, 0x0b, 0xe5, 0x30, 0x68, 0x7a, 0xae, 0xa7, 0xca, 0x4a, 0xb0, + 0xea, 0x67, 0x6b, 0xa2, 0x0d, 0x2b, 0x28, 0xba, 0x0d, 0x15, 0x75, 0x55, 0x98, 0x48, 0xee, 0xcb, + 0xeb, 0xa8, 0x40, 0x2d, 0x5e, 0x7d, 0x05, 0x98, 0xe6, 0x85, 0x6c, 0x18, 0x66, 0x33, 0x5f, 0x86, + 0x34, 0xb1, 0xac, 0x0b, 0xb6, 0x24, 0x62, 0x2c, 0x20, 0xf6, 0xd7, 0x46, 0xe0, 0x74, 0xaf, 0x8a, + 0x5d, 0xe8, 0x0b, 0x30, 0xcc, 0xfb, 0x98, 0x4f, 0x51, 0xc8, 0x5e, 0x3c, 0x16, 0x19, 0x41, 0xd1, + 0x2d, 0xf6, 0x1b, 0x0b, 0x9e, 0x82, 0x7b, 0xd3, 0xd9, 0x14, 0x6a, 0xc4, 0xf1, 0x70, 0x5f, 0x76, + 0x34, 0xf7, 0x65, 0x87, 0x73, 0x6f, 0x3a, 0x9b, 0x68, 0x17, 0x4a, 0x0d, 0x2f, 0x21, 0x8e, 0x50, + 0xa6, 0x6f, 0x1e, 0x0b, 0x73, 0xe2, 0xf0, 0xc8, 0x79, 0xf6, 0x13, 0x73, 0x86, 0xe8, 0x5d, 0x0b, + 0x4e, 0x6c, 0xa6, 0x93, 0x58, 0xc4, 0xae, 0xe2, 0x1c, 0x43, 0x55, 0xb6, 0x34, 0x23, 0x5e, 0xeb, + 0x36, 0xd3, 0x88, 0xb3, 0xdd, 0x41, 0xbf, 0x68, 0xc1, 0x48, 0xdd, 0x6b, 0x1a, 0x25, 0x87, 0x8e, + 0xe1, 0xe3, 0x5c, 0x62, 0x0c, 0xf4, 0xce, 0xcb, 0xff, 0xc7, 0x58, 0x72, 0xee, 0xe7, 0xce, 0x1b, + 0x3e, 0xaa, 0x3b, 0x6f, 0xe4, 0x01, 0x99, 0x4f, 0xbf, 0x5a, 0x80, 0xa7, 0x07, 0xf8, 0x46, 0x66, + 0x52, 0x84, 0xb5, 0x4f, 0x52, 0xc4, 0x79, 0x18, 0x8a, 0x48, 0x18, 0x64, 0xf7, 0x3b, 0x16, 0x39, + 0xc4, 0x20, 0xe8, 0x29, 0x28, 0x3a, 0xa1, 0x27, 0xb6, 0x3b, 0xe5, 0xed, 0x9f, 0x5b, 0x5b, 0xc2, + 0xb4, 0x9d, 0x7e, 0xe9, 0xca, 0xa6, 0x4c, 0xad, 0xca, 0xa7, 0xee, 0x74, 0xbf, 0x4c, 0x2d, 0x6e, + 0xd0, 0x28, 0x28, 0xd6, 0x7c, 0xed, 0x55, 0x38, 0xdb, 0x7f, 0x86, 0xa0, 0x17, 0x60, 0x74, 0x33, + 0x72, 0x7c, 0x77, 0x8b, 0xd5, 0x68, 0x97, 0x63, 0xc2, 0x42, 0xe1, 0x75, 0x33, 0x36, 0x71, 0xec, + 0x3f, 0x28, 0xf4, 0xa6, 0xc8, 0x85, 0xc0, 0x41, 0x46, 0x58, 0x8c, 0x5f, 0xa1, 0xcf, 0xf8, 0xbd, + 0x09, 0xe5, 0x84, 0x45, 0xe2, 0x93, 0xba, 0x90, 0x24, 0xb9, 0x25, 0x93, 0xb1, 0xbd, 0x66, 0x43, + 0x10, 0xc7, 0x8a, 0x0d, 0x15, 0xf9, 0x4d, 0x5d, 0xad, 0x48, 0x88, 0xfc, 0xcc, 0x39, 0xda, 0x02, + 0x9c, 0x34, 0x8a, 0x2f, 0xf2, 0x40, 0x64, 0xee, 0x46, 0x55, 0xd9, 0x39, 0x6b, 0x19, 0x38, 0xee, + 0x7a, 0xc2, 0xfe, 0x8d, 0x02, 0x3c, 0xde, 0x57, 0xb2, 0x69, 0x5f, 0xaf, 0x75, 0x0f, 0x5f, 0xef, + 0x91, 0x27, 0xa8, 0x39, 0xc0, 0x43, 0xf7, 0x67, 0x80, 0x9f, 0x83, 0xb2, 0xe7, 0xc7, 0xc4, 0x6d, + 0x47, 0x7c, 0xd0, 0x8c, 0xb0, 0xbc, 0x25, 0xd1, 0x8e, 0x15, 0x86, 0xfd, 0x47, 0xfd, 0xa7, 0x1a, + 0xdd, 0xe5, 0x7e, 0x6c, 0x47, 0xe9, 0x65, 0x18, 0x77, 0xc2, 0x90, 0xe3, 0x31, 0xbf, 0x5a, 0x26, + 0xdf, 0x6e, 0xce, 0x04, 0xe2, 0x34, 0xae, 0x31, 0x87, 0x87, 0xfb, 0xcd, 0x61, 0xfb, 0x4f, 0x2d, + 0xa8, 0x60, 0x52, 0xe7, 0x45, 0x3b, 0xd1, 0x2d, 0x31, 0x44, 0x56, 0x1e, 0xc5, 0x21, 0xd8, 0x85, + 0xe3, 0x1e, 0x2b, 0x9a, 0xd0, 0x6b, 0xb0, 0xbb, 0x0b, 0x89, 0x16, 0x0e, 0x54, 0x48, 0x54, 0x95, + 0x92, 0x2c, 0xf6, 0x2f, 0x25, 0x69, 0xbf, 0x37, 0x42, 0x5f, 0x2f, 0x0c, 0xe6, 0x23, 0x52, 0x8b, + 0xe9, 0xf7, 0x6d, 0x47, 0xcd, 0xec, 0x3d, 0x8c, 0xd7, 0xf1, 0x32, 0xa6, 0xed, 0xa9, 0x43, 0x80, + 0xc2, 0x81, 0xb2, 0x8d, 0x8a, 0xfb, 0x66, 0x1b, 0xbd, 0x0c, 0xe3, 0x71, 0xbc, 0xb5, 0x16, 0x79, + 0x3b, 0x4e, 0x42, 0x4d, 0x0b, 0x11, 0x96, 0xa1, 0x33, 0x04, 0xd6, 0x2f, 0x6b, 0x20, 0x4e, 0xe3, + 0xa2, 0x45, 0x98, 0xd4, 0x39, 0x3f, 0x24, 0x4a, 0x58, 0x14, 0x06, 0x9f, 0x09, 0x2a, 0x40, 0x5f, + 0x67, 0x09, 0x09, 0x04, 0xdc, 0xfd, 0x0c, 0x95, 0x58, 0xa9, 0x46, 0xda, 0x91, 0xe1, 0xb4, 0xc4, + 0x4a, 0xd1, 0xa1, 0x7d, 0xe9, 0x7a, 0x02, 0xad, 0xc0, 0x29, 0x3e, 0x31, 0xd8, 0xc5, 0xbf, 0xea, + 0x8d, 0x78, 0xd4, 0xcc, 0x13, 0x82, 0xd0, 0xa9, 0xc5, 0x6e, 0x14, 0xdc, 0xeb, 0x39, 0x6a, 0x37, + 0xa8, 0xe6, 0xa5, 0x05, 0x61, 0xbf, 0x2a, 0xbb, 0x41, 0x91, 0x59, 0xaa, 0x61, 0x13, 0x0f, 0x7d, + 0x06, 0x1e, 0xd3, 0x7f, 0x79, 0xbc, 0x1b, 0x3f, 0xd4, 0x59, 0x10, 0xe9, 0x94, 0xaa, 0x70, 0xe1, + 0x62, 0x4f, 0xb4, 0x1a, 0xee, 0xf7, 0x3c, 0xda, 0x84, 0xb3, 0x0a, 0x74, 0x91, 0x1a, 0x69, 0x61, + 0xe4, 0xc5, 0xa4, 0xea, 0xc4, 0xe4, 0x7a, 0xd4, 0x64, 0x09, 0x98, 0x15, 0x5d, 0x81, 0x7d, 0xd1, + 0x4b, 0x2e, 0xf7, 0xc2, 0xc4, 0xcb, 0xf8, 0x1e, 0x54, 0xd0, 0x2c, 0x54, 0x88, 0xef, 0x6c, 0x36, + 0xc9, 0xea, 0xfc, 0x12, 0x4b, 0xcb, 0x34, 0xce, 0x90, 0x2e, 0x4a, 0x00, 0xd6, 0x38, 0xca, 0x13, + 0x38, 0xd6, 0xb7, 0x62, 0xff, 0x1a, 0x9c, 0x6e, 0xb8, 0x21, 0xd5, 0x03, 0x3c, 0x97, 0xcc, 0xb9, + 0x2e, 0x35, 0xf4, 0xe9, 0x87, 0xe1, 0x85, 0x54, 0x95, 0x9b, 0x7b, 0x71, 0x7e, 0xad, 0x0b, 0x07, + 0xf7, 0x7c, 0x92, 0xae, 0xb1, 0x30, 0x0a, 0x76, 0x3b, 0x53, 0xa7, 0xd2, 0x6b, 0x6c, 0x8d, 0x36, + 0x62, 0x0e, 0x43, 0x57, 0x00, 0xb1, 0x98, 0x89, 0xcb, 0x49, 0x12, 0x2a, 0xc5, 0x63, 0xea, 0x34, + 0x7b, 0xa5, 0xb3, 0xe2, 0x09, 0x74, 0xa9, 0x0b, 0x03, 0xf7, 0x78, 0xca, 0xfe, 0x13, 0x0b, 0xc6, + 0xd5, 0x7a, 0xbd, 0x0f, 0x51, 0x43, 0xcd, 0x74, 0xd4, 0xd0, 0xe2, 0xd1, 0x25, 0x1e, 0xeb, 0x79, + 0x1f, 0xd7, 0xf3, 0xd7, 0x46, 0x01, 0xb4, 0x54, 0x54, 0x1b, 0x92, 0xd5, 0x77, 0x43, 0x7a, 0x68, + 0x25, 0x52, 0xaf, 0x1c, 0xac, 0xd2, 0x83, 0xcd, 0xc1, 0x5a, 0x87, 0x33, 0x52, 0x5d, 0xe0, 0x47, + 0x32, 0x97, 0x83, 0x58, 0x09, 0xb8, 0x72, 0xf5, 0x29, 0x41, 0xe8, 0xcc, 0x52, 0x2f, 0x24, 0xdc, + 0xfb, 0xd9, 0x94, 0x96, 0x32, 0xb2, 0x9f, 0x96, 0xa2, 0xd7, 0xf4, 0x72, 0x5d, 0x96, 0x41, 0xcc, + 0xac, 0xe9, 0xe5, 0x4b, 0xeb, 0x58, 0xe3, 0xf4, 0x16, 0xec, 0x95, 0x9c, 0x04, 0x3b, 0x1c, 0x58, + 0xb0, 0x4b, 0x11, 0x33, 0xda, 0x57, 0xc4, 0xc8, 0x53, 0xa0, 0xb1, 0xbe, 0xa7, 0x40, 0xaf, 0xc0, + 0x84, 0xe7, 0x6f, 0x91, 0xc8, 0x4b, 0x48, 0x8d, 0xad, 0x05, 0x71, 0xb9, 0xbd, 0xda, 0xd6, 0x97, + 0x52, 0x50, 0x9c, 0xc1, 0x4e, 0xcb, 0xc5, 0x89, 0x01, 0xe4, 0x62, 0x9f, 0xdd, 0xe8, 0x44, 0x3e, + 0xbb, 0xd1, 0xc9, 0xa3, 0xef, 0x46, 0x93, 0xc7, 0xba, 0x1b, 0xa1, 0x5c, 0x76, 0xa3, 0x81, 0x04, + 0xbd, 0x61, 0xd0, 0x9d, 0xde, 0xc7, 0xa0, 0xeb, 0xb7, 0x15, 0x9d, 0x39, 0xf4, 0x56, 0xd4, 0x7b, + 0x97, 0x79, 0xf4, 0x50, 0xbb, 0xcc, 0xd7, 0x0b, 0x70, 0x46, 0xcb, 0x61, 0x3a, 0xfb, 0xbd, 0x3a, + 0x95, 0x44, 0xac, 0x92, 0x2e, 0x0f, 0x47, 0x31, 0x82, 0xd8, 0x74, 0x3c, 0x9c, 0x82, 0x60, 0x03, + 0x8b, 0xc5, 0x82, 0x91, 0x88, 0x95, 0x98, 0xc9, 0x0a, 0xe9, 0x79, 0xd1, 0x8e, 0x15, 0x06, 0x9d, + 0x5f, 0xf4, 0xb7, 0x88, 0xaf, 0xcd, 0xa6, 0x9d, 0xcf, 0x6b, 0x10, 0x36, 0xf1, 0xd0, 0xb3, 0x9c, + 0x09, 0x13, 0x10, 0x54, 0x50, 0x8f, 0x89, 0x3b, 0x22, 0xa4, 0x4c, 0x50, 0x50, 0xd9, 0x1d, 0x16, + 0xf4, 0x57, 0xea, 0xee, 0x0e, 0x73, 0xbe, 0x29, 0x0c, 0xfb, 0xff, 0x5a, 0xf0, 0x78, 0xcf, 0xa1, + 0xb8, 0x0f, 0x9b, 0xef, 0x6e, 0x7a, 0xf3, 0x5d, 0xcf, 0xcb, 0xdc, 0x30, 0xde, 0xa2, 0xcf, 0x46, + 0xfc, 0x9f, 0x2c, 0x98, 0xd0, 0xf8, 0xf7, 0xe1, 0x55, 0xbd, 0xf4, 0xab, 0xe6, 0x67, 0x59, 0x55, + 0xba, 0xde, 0xed, 0x4f, 0xd8, 0xbb, 0x71, 0x1f, 0xc6, 0x1c, 0xdb, 0x1f, 0x07, 0x38, 0xbb, 0xef, + 0xc0, 0x30, 0xab, 0xca, 0x1a, 0xe7, 0xe3, 0x4b, 0x49, 0xf3, 0x67, 0xd1, 0xbc, 0xda, 0x97, 0xc2, + 0xfe, 0xc6, 0x58, 0x30, 0x64, 0x05, 0x90, 0xbc, 0x98, 0x4a, 0xf3, 0x9a, 0x08, 0x9f, 0xd3, 0x05, + 0x90, 0x44, 0x3b, 0x56, 0x18, 0x76, 0x0b, 0xa6, 0xd2, 0xc4, 0x17, 0x48, 0x9d, 0xb9, 0xac, 0x07, + 0x7a, 0xcd, 0x59, 0xa8, 0x38, 0xec, 0xa9, 0xe5, 0xb6, 0x93, 0xbd, 0x56, 0x68, 0x4e, 0x02, 0xb0, + 0xc6, 0xb1, 0x7f, 0xc7, 0x82, 0x53, 0x3d, 0x5e, 0x26, 0xc7, 0xb0, 0xc1, 0x44, 0x4b, 0x81, 0x5e, + 0x1b, 0xee, 0x47, 0x61, 0xa4, 0x46, 0xea, 0x8e, 0x74, 0x8a, 0x1a, 0x32, 0x77, 0x81, 0x37, 0x63, + 0x09, 0xb7, 0xff, 0x97, 0x05, 0x27, 0xd2, 0x7d, 0x8d, 0xa9, 0xd4, 0xe4, 0x2f, 0xb3, 0xe0, 0xc5, + 0x6e, 0xb0, 0x43, 0xa2, 0x0e, 0x7d, 0x73, 0xde, 0x6b, 0x25, 0x35, 0xe7, 0xba, 0x30, 0x70, 0x8f, + 0xa7, 0x58, 0x81, 0x96, 0x9a, 0x1a, 0x6d, 0x39, 0x53, 0x6e, 0xe4, 0x39, 0x53, 0xf4, 0xc7, 0x34, + 0x1d, 0x47, 0x8a, 0x25, 0x36, 0xf9, 0xdb, 0x1f, 0x0c, 0x81, 0x8a, 0x2b, 0x66, 0xee, 0xb7, 0x9c, + 0x9c, 0x97, 0xa9, 0x0a, 0xd4, 0xc5, 0x01, 0xee, 0x9e, 0x92, 0x93, 0x61, 0xe8, 0x5e, 0xae, 0x31, + 0x7e, 0x7a, 0x61, 0x1e, 0x12, 0xaa, 0x37, 0xdc, 0xd0, 0x20, 0x6c, 0xe2, 0xd1, 0x9e, 0x34, 0xbd, + 0x1d, 0xc2, 0x1f, 0x1a, 0x4e, 0xf7, 0x64, 0x59, 0x02, 0xb0, 0xc6, 0xa1, 0x3d, 0xa9, 0x79, 0xf5, + 0xba, 0x30, 0xc5, 0x55, 0x4f, 0xe8, 0xe8, 0x60, 0x06, 0xa1, 0x18, 0x5b, 0x41, 0xb0, 0x2d, 0xb4, + 0x53, 0x85, 0x71, 0x39, 0x08, 0xb6, 0x31, 0x83, 0x50, 0x7d, 0xca, 0x0f, 0xa2, 0x16, 0xbb, 0xf6, + 0xa9, 0xa6, 0xb8, 0x08, 0xad, 0x54, 0xe9, 0x53, 0xd7, 0xba, 0x51, 0x70, 0xaf, 0xe7, 0xe8, 0x0c, + 0x0c, 0x23, 0x52, 0xf3, 0xdc, 0xc4, 0xa4, 0x06, 0xe9, 0x19, 0xb8, 0xd6, 0x85, 0x81, 0x7b, 0x3c, + 0x85, 0xe6, 0xe0, 0x84, 0x8c, 0x0b, 0x97, 0xa9, 0x73, 0xa3, 0xe9, 0x54, 0x1d, 0x9c, 0x06, 0xe3, + 0x2c, 0x3e, 0x95, 0x36, 0x2d, 0x91, 0x35, 0xcb, 0x94, 0x58, 0x43, 0xda, 0xc8, 0x6c, 0x5a, 0xac, + 0x30, 0xec, 0x2f, 0x17, 0xe9, 0xee, 0xd8, 0xa7, 0x7a, 0xee, 0x7d, 0x73, 0x96, 0xa7, 0x67, 0xe4, + 0xd0, 0x00, 0x33, 0xf2, 0x45, 0x18, 0xbb, 0x15, 0x07, 0xbe, 0x72, 0x44, 0x97, 0xfa, 0x3a, 0xa2, + 0x0d, 0xac, 0xde, 0x8e, 0xe8, 0xe1, 0xbc, 0x1c, 0xd1, 0x23, 0x87, 0x74, 0x44, 0x7f, 0xaf, 0x04, + 0xaa, 0xfe, 0xe4, 0x35, 0x92, 0xdc, 0x0e, 0xa2, 0x6d, 0xcf, 0x6f, 0xb0, 0x78, 0xfa, 0x77, 0x2d, + 0x18, 0xe3, 0xeb, 0x65, 0xd9, 0x8c, 0xad, 0xad, 0xe7, 0x54, 0x27, 0x31, 0xc5, 0x6c, 0x66, 0xc3, + 0x60, 0x94, 0xb9, 0x55, 0xc0, 0x04, 0xe1, 0x54, 0x8f, 0xd0, 0xcf, 0x03, 0xc8, 0x73, 0xcb, 0xba, + 0x14, 0x99, 0x4b, 0xf9, 0xf4, 0x0f, 0x93, 0xba, 0xd6, 0x4d, 0x37, 0x14, 0x13, 0x6c, 0x30, 0x44, + 0x5f, 0xcf, 0x5e, 0x8b, 0xf7, 0xf9, 0x63, 0x19, 0x9b, 0x41, 0xa2, 0x8e, 0x31, 0x8c, 0x78, 0x7e, + 0x83, 0xce, 0x13, 0xe1, 0xbb, 0xff, 0x48, 0xaf, 0x5c, 0x94, 0xe5, 0xc0, 0xa9, 0x55, 0x9d, 0xa6, + 0xe3, 0xbb, 0x24, 0x5a, 0xe2, 0xe8, 0xe6, 0x35, 0x37, 0xac, 0x01, 0x4b, 0x42, 0x5d, 0x85, 0x40, + 0x4b, 0x83, 0x14, 0x02, 0x3d, 0xfb, 0x29, 0x98, 0xec, 0xfa, 0x98, 0x07, 0x0a, 0x32, 0x3e, 0x7c, + 0x7c, 0xb2, 0xfd, 0xaf, 0x87, 0xf5, 0xa6, 0x75, 0x2d, 0xa8, 0xf1, 0x72, 0x94, 0x91, 0xfe, 0xa2, + 0x42, 0xf7, 0xcc, 0x71, 0x8a, 0x18, 0x57, 0xe5, 0xa8, 0x46, 0x6c, 0xb2, 0xa4, 0x73, 0x34, 0x74, + 0x22, 0xe2, 0x1f, 0xf7, 0x1c, 0x5d, 0x53, 0x4c, 0xb0, 0xc1, 0x10, 0x6d, 0xa5, 0xa2, 0x0c, 0x2f, + 0x1d, 0x3d, 0xca, 0x90, 0xa5, 0xba, 0xf6, 0xaa, 0xb7, 0xf7, 0x1d, 0x0b, 0x26, 0xfc, 0xd4, 0xcc, + 0x15, 0x7e, 0x9c, 0x8d, 0xe3, 0x58, 0x15, 0xbc, 0x7c, 0x71, 0xba, 0x0d, 0x67, 0xf8, 0xf7, 0xda, + 0xd2, 0x4a, 0x07, 0xdc, 0xd2, 0x74, 0x5d, 0xdb, 0xe1, 0x7e, 0x75, 0x6d, 0x91, 0xaf, 0x2a, 0x71, + 0x8f, 0xe4, 0x5e, 0x89, 0x1b, 0x7a, 0x54, 0xe1, 0xbe, 0x09, 0x15, 0x37, 0x22, 0x4e, 0x72, 0xc8, + 0xa2, 0xcc, 0xcc, 0x89, 0x3d, 0x2f, 0x09, 0x60, 0x4d, 0xcb, 0xfe, 0x8f, 0x45, 0x38, 0x29, 0x47, + 0x44, 0x46, 0x60, 0xd1, 0xfd, 0x91, 0xf3, 0xd5, 0xca, 0xad, 0xda, 0x1f, 0x2f, 0x4b, 0x00, 0xd6, + 0x38, 0x54, 0x1f, 0x6b, 0xc7, 0x64, 0x35, 0x24, 0xfe, 0xb2, 0xb7, 0x19, 0x0b, 0xff, 0xa3, 0x5a, + 0x28, 0xd7, 0x35, 0x08, 0x9b, 0x78, 0x54, 0x19, 0xe7, 0x7a, 0x71, 0x9c, 0x0d, 0x68, 0x14, 0xfa, + 0x36, 0x96, 0x70, 0xf4, 0x6b, 0x3d, 0xcb, 0xf9, 0xe7, 0x13, 0xca, 0xdb, 0x15, 0x78, 0x76, 0xc0, + 0x3a, 0xfe, 0x6f, 0x5b, 0x70, 0x62, 0x3b, 0x95, 0x8b, 0x24, 0x45, 0xf2, 0x11, 0xb3, 0x66, 0xd3, + 0x09, 0x4e, 0x7a, 0x0a, 0xa7, 0xdb, 0x63, 0x9c, 0xe5, 0x6e, 0xff, 0x6f, 0x0b, 0x4c, 0xf1, 0x34, + 0x98, 0x66, 0x65, 0x5c, 0xd8, 0x53, 0xd8, 0xe7, 0xc2, 0x1e, 0xa9, 0x84, 0x15, 0x07, 0x53, 0xfa, + 0x87, 0x0e, 0xa0, 0xf4, 0x97, 0xfa, 0x6a, 0x6d, 0x4f, 0x41, 0xb1, 0xed, 0xd5, 0x84, 0xde, 0xae, + 0xbd, 0x8d, 0x4b, 0x0b, 0x98, 0xb6, 0xdb, 0xff, 0xa2, 0xa4, 0xed, 0x74, 0x11, 0x81, 0xfa, 0x63, + 0xf1, 0xda, 0x75, 0x95, 0x04, 0xcd, 0xdf, 0xfc, 0x5a, 0x57, 0x12, 0xf4, 0x4f, 0x1d, 0x3c, 0xc0, + 0x98, 0x0f, 0x50, 0xbf, 0x1c, 0xe8, 0x91, 0x7d, 0xa2, 0x8b, 0x6f, 0x41, 0x99, 0x9a, 0x36, 0xec, + 0xc0, 0xad, 0x9c, 0xea, 0x54, 0xf9, 0xb2, 0x68, 0xbf, 0xbb, 0x37, 0xfd, 0x93, 0x07, 0xef, 0x96, + 0x7c, 0x1a, 0x2b, 0xfa, 0x28, 0x86, 0x0a, 0xfd, 0xcd, 0x02, 0xa1, 0x85, 0xd1, 0x74, 0x5d, 0xc9, + 0x22, 0x09, 0xc8, 0x25, 0xca, 0x5a, 0xf3, 0x41, 0x3e, 0x54, 0xd8, 0x55, 0x22, 0x8c, 0x29, 0xb7, + 0xad, 0xd6, 0x54, 0x38, 0xb2, 0x04, 0xdc, 0xdd, 0x9b, 0x7e, 0xf9, 0xe0, 0x4c, 0xd5, 0xe3, 0x58, + 0xb3, 0xb0, 0xdf, 0x19, 0xd2, 0x73, 0x57, 0xe4, 0xbe, 0xff, 0x58, 0xcc, 0xdd, 0x97, 0x32, 0x73, + 0xf7, 0x7c, 0xd7, 0xdc, 0x9d, 0xd0, 0x57, 0x5e, 0xa4, 0x66, 0xe3, 0xfd, 0xde, 0x60, 0xf7, 0xb7, + 0xe3, 0x99, 0x66, 0xf1, 0x66, 0xdb, 0x8b, 0x48, 0xbc, 0x16, 0xb5, 0x7d, 0xcf, 0x6f, 0x88, 0x4b, + 0xf8, 0x0c, 0xcd, 0x22, 0x05, 0xc6, 0x59, 0x7c, 0x76, 0x81, 0x5f, 0xc7, 0x77, 0x6f, 0x3a, 0x3b, + 0x7c, 0x56, 0x19, 0xe9, 0xc0, 0xeb, 0xa2, 0x1d, 0x2b, 0x0c, 0xfb, 0x3d, 0xe6, 0xbb, 0x35, 0x32, + 0x30, 0xe8, 0x9c, 0x68, 0xb2, 0xbb, 0x5b, 0x78, 0x2e, 0xb1, 0x9a, 0x13, 0xfc, 0xc2, 0x16, 0x0e, + 0x43, 0xb7, 0x61, 0x64, 0x93, 0xd7, 0x42, 0xcf, 0xa7, 0xf8, 0x98, 0x28, 0xac, 0xce, 0xea, 0x83, + 0xca, 0x2a, 0xeb, 0x77, 0xf5, 0x4f, 0x2c, 0xb9, 0xd9, 0xef, 0x0f, 0xc1, 0x89, 0xcc, 0xed, 0x1e, + 0xa9, 0x52, 0x28, 0x85, 0x7d, 0x4b, 0xa1, 0x7c, 0x16, 0xa0, 0x46, 0xc2, 0x66, 0xd0, 0x61, 0x6a, + 0xce, 0xd0, 0x81, 0xd5, 0x1c, 0xa5, 0x19, 0x2f, 0x28, 0x2a, 0xd8, 0xa0, 0x28, 0x12, 0xa8, 0x79, + 0x65, 0x95, 0x4c, 0x02, 0xb5, 0x51, 0xff, 0x6f, 0xf8, 0xfe, 0xd6, 0xff, 0xf3, 0xe0, 0x04, 0xef, + 0xa2, 0xca, 0x73, 0x38, 0x44, 0x3a, 0x03, 0x8b, 0x90, 0x5d, 0x48, 0x93, 0xc1, 0x59, 0xba, 0x0f, + 0xf2, 0xf2, 0x1e, 0xf4, 0x31, 0xa8, 0xc8, 0xef, 0x1c, 0x4f, 0x55, 0x74, 0xae, 0x98, 0x9c, 0x06, + 0xec, 0x52, 0x1d, 0xf1, 0xd3, 0xfe, 0x76, 0x81, 0x6a, 0xa5, 0xfc, 0x9f, 0xca, 0xf9, 0x7d, 0x06, + 0x86, 0x9d, 0x76, 0xb2, 0x15, 0x74, 0x55, 0x9f, 0x9f, 0x63, 0xad, 0x58, 0x40, 0xd1, 0x32, 0x0c, + 0xd5, 0x74, 0x1e, 0xe7, 0x41, 0x46, 0x51, 0x1f, 0xf0, 0x39, 0x09, 0xc1, 0x8c, 0x0a, 0x7a, 0x12, + 0x86, 0x12, 0xa7, 0x91, 0xba, 0x48, 0x72, 0xc3, 0x69, 0xc4, 0x98, 0xb5, 0x9a, 0x9b, 0xe6, 0xd0, + 0x3e, 0x9b, 0xe6, 0xcb, 0x30, 0x1e, 0x7b, 0x0d, 0xdf, 0x49, 0xda, 0x11, 0x31, 0x9c, 0x49, 0x3a, + 0x3e, 0xc0, 0x04, 0xe2, 0x34, 0xae, 0xfd, 0x41, 0x05, 0x4e, 0xf7, 0xba, 0xf0, 0x3b, 0xef, 0x68, + 0xf8, 0x5e, 0x3c, 0xee, 0x5f, 0x34, 0x7c, 0x1f, 0xee, 0x4d, 0x23, 0x1a, 0xbe, 0x69, 0x44, 0xc3, + 0x7f, 0xdd, 0x82, 0x8a, 0x0a, 0x02, 0x17, 0x81, 0xac, 0xaf, 0x1f, 0xc3, 0xa5, 0xea, 0x92, 0x85, + 0x88, 0x05, 0x96, 0x7f, 0xb1, 0x66, 0x7e, 0x7c, 0xe1, 0xf1, 0xf7, 0xec, 0xd0, 0x81, 0xc2, 0xe3, + 0x55, 0xee, 0x40, 0x29, 0x8f, 0xdc, 0x81, 0x3e, 0x9f, 0xaa, 0x67, 0xee, 0xc0, 0x77, 0x2c, 0x18, + 0x75, 0xde, 0x6a, 0x47, 0x64, 0x81, 0xec, 0xac, 0x86, 0xb1, 0x10, 0xb0, 0x6f, 0xe4, 0xdf, 0x81, + 0x39, 0xcd, 0x44, 0x94, 0xc9, 0xd5, 0x0d, 0xd8, 0xec, 0x42, 0x2a, 0x57, 0x60, 0x24, 0x8f, 0x5c, + 0x81, 0x5e, 0xdd, 0xd9, 0x37, 0x57, 0xe0, 0x65, 0x18, 0x77, 0x9b, 0x81, 0x4f, 0xd6, 0xa2, 0x20, + 0x09, 0xdc, 0xa0, 0x29, 0x94, 0x69, 0x25, 0x12, 0xe6, 0x4d, 0x20, 0x4e, 0xe3, 0xf6, 0x4b, 0x34, + 0xa8, 0x1c, 0x35, 0xd1, 0x00, 0x1e, 0x50, 0xa2, 0xc1, 0x9f, 0x17, 0x60, 0x7a, 0x9f, 0x8f, 0x8a, + 0x5e, 0x82, 0xb1, 0x20, 0x6a, 0x38, 0xbe, 0xf7, 0x16, 0xcf, 0xf3, 0x2c, 0xa5, 0xcb, 0x70, 0xac, + 0x1a, 0x30, 0x9c, 0xc2, 0x94, 0xa1, 0xc8, 0xc3, 0x7d, 0x42, 0x91, 0x3f, 0x01, 0xa3, 0x09, 0x71, + 0x5a, 0x22, 0xee, 0x42, 0x18, 0x40, 0xda, 0xa1, 0xa4, 0x41, 0xd8, 0xc4, 0xa3, 0xd3, 0x68, 0xc2, + 0x71, 0x5d, 0x12, 0xc7, 0x32, 0xd6, 0x58, 0x1c, 0xce, 0xe4, 0x16, 0xc8, 0xcc, 0xce, 0xbc, 0xe6, + 0x52, 0x2c, 0x70, 0x86, 0x25, 0xed, 0xbc, 0xd3, 0x6c, 0xf2, 0xb4, 0x02, 0x22, 0xaf, 0x86, 0xd6, + 0x55, 0x21, 0x34, 0x08, 0x9b, 0x78, 0xf6, 0x6f, 0x16, 0xe0, 0xa9, 0x7b, 0x8a, 0x97, 0x81, 0xc3, + 0xc0, 0xdb, 0x31, 0x89, 0xb2, 0x0e, 0x99, 0xeb, 0x31, 0x89, 0x30, 0x83, 0xf0, 0x51, 0x0a, 0x43, + 0xe3, 0x8a, 0x99, 0xbc, 0xb3, 0x0e, 0xf8, 0x28, 0xa5, 0x58, 0xe0, 0x0c, 0xcb, 0xec, 0x28, 0x0d, + 0x0d, 0x38, 0x4a, 0xff, 0xa8, 0x00, 0x4f, 0x0f, 0x20, 0x84, 0x73, 0xcc, 0xce, 0x48, 0x67, 0xb7, + 0x14, 0x1f, 0x4c, 0x76, 0xcb, 0x61, 0x87, 0xeb, 0xbd, 0x02, 0x9c, 0xed, 0x2f, 0x0b, 0xd1, 0x4f, + 0x53, 0x23, 0x4a, 0x06, 0x5b, 0x98, 0x99, 0x31, 0xa7, 0xb8, 0x01, 0x95, 0x02, 0xe1, 0x2c, 0x2e, + 0x9a, 0x01, 0x08, 0x9d, 0x64, 0x2b, 0xbe, 0xb8, 0xeb, 0xc5, 0x89, 0xc8, 0xe9, 0x9c, 0xe0, 0x47, + 0xe1, 0xb2, 0x15, 0x1b, 0x18, 0x94, 0x1d, 0xfb, 0xb7, 0x10, 0x5c, 0x0b, 0x12, 0xfe, 0x10, 0xd7, + 0xe3, 0x4e, 0xc9, 0x3a, 0x84, 0x06, 0x08, 0x67, 0x71, 0x29, 0x3b, 0xe6, 0x6c, 0xe1, 0x1d, 0x15, + 0xf7, 0xde, 0x53, 0x76, 0xcb, 0xaa, 0x15, 0x1b, 0x18, 0xd9, 0x9c, 0x9f, 0xd2, 0x00, 0x39, 0x3f, + 0xff, 0xac, 0x00, 0x8f, 0xf7, 0xdd, 0x4b, 0x07, 0x5b, 0x80, 0x0f, 0x5f, 0xb2, 0xcf, 0xe1, 0xe6, + 0xce, 0x01, 0x53, 0x58, 0xfe, 0xb4, 0xcf, 0x4c, 0x13, 0x29, 0x2c, 0xd9, 0xad, 0xc2, 0x3a, 0xe8, + 0x56, 0xf1, 0x10, 0x8d, 0x67, 0x57, 0xd6, 0xca, 0xd0, 0x01, 0xb2, 0x56, 0x32, 0x1f, 0xa3, 0x34, + 0xe0, 0x42, 0xfe, 0x7e, 0xff, 0xe1, 0xa5, 0xba, 0xf7, 0x40, 0xc7, 0x53, 0x0b, 0x70, 0xd2, 0xf3, + 0x59, 0x4d, 0xda, 0xf5, 0xf6, 0xa6, 0xc8, 0xf8, 0x2d, 0xa4, 0xaf, 0x5b, 0x5a, 0xca, 0xc0, 0x71, + 0xd7, 0x13, 0x0f, 0x61, 0x16, 0xd1, 0x21, 0x87, 0xf4, 0xb3, 0x50, 0x51, 0xb4, 0x79, 0x64, 0xa4, + 0xfa, 0xa0, 0x5d, 0x91, 0x91, 0xea, 0x6b, 0x1a, 0x58, 0x74, 0x24, 0xb6, 0x49, 0x27, 0x3b, 0x33, + 0xaf, 0x92, 0x0e, 0xf3, 0x92, 0xda, 0x1f, 0x87, 0x31, 0x65, 0x44, 0x0e, 0x5a, 0x33, 0xd5, 0x7e, + 0x67, 0x18, 0xc6, 0x53, 0x95, 0x1d, 0x52, 0x67, 0x36, 0xd6, 0xbe, 0x67, 0x36, 0x2c, 0xd2, 0xb5, + 0xed, 0xcb, 0xaa, 0xc4, 0x46, 0xa4, 0x6b, 0xdb, 0x27, 0x98, 0xc3, 0xa8, 0xe9, 0x5e, 0x8b, 0x3a, + 0xb8, 0xed, 0x8b, 0x88, 0x34, 0x65, 0xba, 0x2f, 0xb0, 0x56, 0x2c, 0xa0, 0xe8, 0x4b, 0x16, 0x8c, + 0xc5, 0xec, 0x40, 0x90, 0x9f, 0x78, 0x89, 0x0f, 0x7a, 0x25, 0x8f, 0x5b, 0x75, 0x45, 0x15, 0x13, + 0xe6, 0xcc, 0x36, 0x5b, 0x70, 0x8a, 0x23, 0xfa, 0xaa, 0x65, 0xde, 0x27, 0x3c, 0x9c, 0x47, 0x24, + 0x65, 0xb6, 0x70, 0x06, 0x3f, 0x2a, 0xb9, 0xf7, 0xb5, 0xc2, 0xfa, 0x9a, 0xf1, 0x91, 0xfb, 0x77, + 0xcd, 0xf8, 0xc7, 0xa0, 0xd2, 0x72, 0x7c, 0xaf, 0x4e, 0xe2, 0x84, 0x9f, 0x10, 0xc9, 0x7a, 0x3e, + 0xb2, 0x11, 0x6b, 0x38, 0xdd, 0xec, 0x62, 0xf6, 0x62, 0x89, 0x71, 0xa4, 0xc3, 0x36, 0xbb, 0x75, + 0xdd, 0x8c, 0x4d, 0x1c, 0xf3, 0xfc, 0x09, 0x1e, 0xe8, 0xf9, 0xd3, 0xe8, 0x3e, 0xe7, 0x4f, 0xff, + 0xc4, 0x82, 0x33, 0x3d, 0xbf, 0xda, 0xc3, 0x1b, 0xa3, 0x64, 0x7f, 0x50, 0x84, 0x53, 0x3d, 0x4a, + 0xb4, 0xa0, 0xce, 0xb1, 0xdd, 0x8f, 0x2d, 0x6a, 0xc0, 0x8c, 0xf7, 0x9d, 0xc4, 0x07, 0x3b, 0xfd, + 0xd5, 0x27, 0xb0, 0xc5, 0xfb, 0x7b, 0x02, 0x6b, 0x4c, 0xcb, 0xa1, 0x07, 0x3a, 0x2d, 0x4b, 0xfb, + 0x4c, 0xcb, 0x0f, 0x8a, 0x60, 0x5c, 0x77, 0x8f, 0xbe, 0x68, 0x96, 0x4d, 0xb2, 0xf2, 0x2a, 0xf1, + 0xc3, 0x89, 0xab, 0xb2, 0x4b, 0xbc, 0x3b, 0xbd, 0xaa, 0x30, 0x65, 0x25, 0x40, 0x61, 0x00, 0x09, + 0xd0, 0x94, 0xf5, 0xa9, 0x8a, 0xf9, 0xd7, 0xa7, 0xaa, 0x64, 0x6b, 0x53, 0xa1, 0xdf, 0xb5, 0x60, + 0xaa, 0xd5, 0xa7, 0x8e, 0x62, 0x3e, 0x65, 0x03, 0xfa, 0x55, 0x69, 0xac, 0x3e, 0x79, 0x67, 0x6f, + 0xba, 0x6f, 0xf9, 0x4a, 0xdc, 0xb7, 0x57, 0xf6, 0xdf, 0xb1, 0xf8, 0x2a, 0xce, 0x7c, 0x05, 0xbd, + 0xcd, 0x5a, 0xf7, 0xd8, 0x66, 0x9f, 0x63, 0x37, 0xb0, 0xd5, 0x2f, 0x13, 0xa7, 0x29, 0xb6, 0x63, + 0xf3, 0x32, 0x35, 0xd6, 0x8e, 0x15, 0x06, 0xbb, 0x33, 0xa1, 0xd9, 0x0c, 0x6e, 0x5f, 0x6c, 0x85, + 0x49, 0x47, 0x6c, 0xcc, 0xfa, 0xce, 0x04, 0x05, 0xc1, 0x06, 0x96, 0xfd, 0xf7, 0x0a, 0x7c, 0x06, + 0x0a, 0x27, 0xe5, 0x4b, 0x99, 0x02, 0xdd, 0x83, 0xfb, 0xf7, 0xbe, 0x00, 0xe0, 0xaa, 0xcb, 0x97, + 0xf2, 0xb9, 0x3c, 0x5f, 0x5f, 0xe6, 0x64, 0xde, 0xe8, 0x2e, 0xdb, 0xb0, 0xc1, 0x2f, 0x25, 0x98, + 0x8a, 0xfb, 0x0a, 0xa6, 0xd4, 0x1a, 0x1d, 0xda, 0x67, 0x8d, 0xfe, 0xb9, 0x05, 0x29, 0xf5, 0x02, + 0x85, 0x50, 0xa2, 0xdd, 0xed, 0xe4, 0x73, 0xaf, 0x94, 0x49, 0x9a, 0xca, 0x19, 0x31, 0xed, 0xd9, + 0x4f, 0xcc, 0x19, 0xa1, 0xa6, 0xf0, 0x65, 0x16, 0xf2, 0xb8, 0xfb, 0xcc, 0x64, 0x78, 0x39, 0x08, + 0xb6, 0xb9, 0x0b, 0x44, 0xfb, 0x45, 0xed, 0x97, 0x60, 0xb2, 0xab, 0x53, 0xac, 0x16, 0x6f, 0x20, + 0x2f, 0xd3, 0x32, 0xa6, 0x2b, 0x4b, 0x28, 0xc2, 0x1c, 0x66, 0xbf, 0x67, 0xc1, 0xc9, 0x2c, 0x79, + 0xf4, 0x5d, 0x0b, 0x26, 0xe3, 0x2c, 0xbd, 0xe3, 0x1a, 0x3b, 0x15, 0xe7, 0xd3, 0x05, 0xc2, 0xdd, + 0x9d, 0xb0, 0xff, 0x42, 0x4c, 0xfe, 0x9b, 0x9e, 0x5f, 0x0b, 0x6e, 0xab, 0x5d, 0xde, 0xea, 0xbb, + 0xcb, 0xd3, 0xf5, 0xe8, 0x6e, 0x91, 0x5a, 0xbb, 0xd9, 0x95, 0xc9, 0xb4, 0x2e, 0xda, 0xb1, 0xc2, + 0x48, 0xdd, 0x5c, 0x5d, 0xdc, 0xf7, 0xe6, 0xea, 0x17, 0x61, 0xcc, 0xbc, 0x30, 0x4e, 0xcc, 0x4b, + 0xa6, 0xdd, 0x9a, 0x77, 0xcb, 0xe1, 0x14, 0x56, 0xe6, 0xca, 0xe0, 0xd2, 0xbe, 0x57, 0x06, 0x3f, + 0x0b, 0x65, 0x71, 0xfd, 0xad, 0x8c, 0x86, 0xe3, 0x69, 0x52, 0xa2, 0x0d, 0x2b, 0x28, 0x95, 0x26, + 0x2d, 0xc7, 0x6f, 0x3b, 0x4d, 0x3a, 0x42, 0x22, 0xb7, 0x53, 0x2d, 0xc3, 0x15, 0x05, 0xc1, 0x06, + 0x16, 0x7d, 0xe3, 0xc4, 0x6b, 0x91, 0xd7, 0x02, 0x5f, 0xc6, 0x91, 0xe8, 0x03, 0x62, 0xd1, 0x8e, + 0x15, 0x86, 0xfd, 0x3f, 0x2c, 0xc8, 0xde, 0xdd, 0x99, 0x3a, 0x32, 0xb0, 0xf6, 0xcd, 0x27, 0x4d, + 0x67, 0xa3, 0x15, 0x06, 0xca, 0x46, 0x33, 0x13, 0xc5, 0x8a, 0xf7, 0x4c, 0x14, 0xfb, 0x09, 0x7d, + 0xa3, 0x03, 0xcf, 0x28, 0x1b, 0xed, 0x75, 0x9b, 0x03, 0xb2, 0x61, 0xd8, 0x75, 0x54, 0xc5, 0x81, + 0x31, 0xae, 0x88, 0xcf, 0xcf, 0x31, 0x24, 0x01, 0xa9, 0x6e, 0xbe, 0xff, 0xc3, 0x73, 0x8f, 0x7c, + 0xff, 0x87, 0xe7, 0x1e, 0xf9, 0xe3, 0x1f, 0x9e, 0x7b, 0xe4, 0x4b, 0x77, 0xce, 0x59, 0xef, 0xdf, + 0x39, 0x67, 0x7d, 0xff, 0xce, 0x39, 0xeb, 0x8f, 0xef, 0x9c, 0xb3, 0x3e, 0xb8, 0x73, 0xce, 0xfa, + 0xce, 0x7f, 0x3d, 0xf7, 0xc8, 0x6b, 0x3d, 0xe3, 0x7e, 0xe8, 0x8f, 0xe7, 0xdd, 0xda, 0xec, 0xce, + 0x05, 0x16, 0x7a, 0x42, 0x57, 0xc3, 0xac, 0x31, 0x05, 0x66, 0xe5, 0x6a, 0xf8, 0xcb, 0x00, 0x00, + 0x00, 0xff, 0xff, 0x4c, 0x1e, 0x1a, 0xeb, 0xa9, 0xc3, 0x00, 0x00, } func (m *AWSAuthConfig) Marshal() (dAtA []byte, err error) { @@ -5125,6 +5157,38 @@ func (m *ApplicationMatchExpression) MarshalToSizedBuffer(dAtA []byte) (int, err return len(dAtA) - i, nil } +func (m *ApplicationPreservedFields) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *ApplicationPreservedFields) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *ApplicationPreservedFields) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if len(m.Annotations) > 0 { + for iNdEx := len(m.Annotations) - 1; iNdEx >= 0; iNdEx-- { + i -= len(m.Annotations[iNdEx]) + copy(dAtA[i:], m.Annotations[iNdEx]) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Annotations[iNdEx]))) + i-- + dAtA[i] = 0xa + } + } + return len(dAtA) - i, nil +} + func (m *ApplicationSet) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) @@ -5703,6 +5767,18 @@ func (m *ApplicationSetSpec) MarshalToSizedBuffer(dAtA []byte) (int, error) { _ = i var l int _ = l + if m.PreservedFields != nil { + { + size, err := m.PreservedFields.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x32 + } if m.Strategy != nil { { size, err := m.Strategy.MarshalToSizedBuffer(dAtA[:i]) @@ -6438,6 +6514,11 @@ func (m *ApplicationSourceKustomize) MarshalToSizedBuffer(dAtA []byte) (int, err _ = i var l int _ = l + i -= len(m.Namespace) + copy(dAtA[i:], m.Namespace) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Namespace))) + i-- + dAtA[i] = 0x4a i-- if m.ForceCommonAnnotations { dAtA[i] = 1 @@ -12761,6 +12842,21 @@ func (m *ApplicationMatchExpression) Size() (n int) { return n } +func (m *ApplicationPreservedFields) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if len(m.Annotations) > 0 { + for _, s := range m.Annotations { + l = len(s) + n += 1 + l + sovGenerated(uint64(l)) + } + } + return n +} + func (m *ApplicationSet) Size() (n int) { if m == nil { return 0 @@ -12982,6 +13078,10 @@ func (m *ApplicationSetSpec) Size() (n int) { l = m.Strategy.Size() n += 1 + l + sovGenerated(uint64(l)) } + if m.PreservedFields != nil { + l = m.PreservedFields.Size() + n += 1 + l + sovGenerated(uint64(l)) + } return n } @@ -13262,6 +13362,8 @@ func (m *ApplicationSourceKustomize) Size() (n int) { } n += 2 n += 2 + l = len(m.Namespace) + n += 1 + l + sovGenerated(uint64(l)) return n } @@ -15723,6 +15825,16 @@ func (this *ApplicationMatchExpression) String() string { }, "") return s } +func (this *ApplicationPreservedFields) String() string { + if this == nil { + return "nil" + } + s := strings.Join([]string{`&ApplicationPreservedFields{`, + `Annotations:` + fmt.Sprintf("%v", this.Annotations) + `,`, + `}`, + }, "") + return s +} func (this *ApplicationSet) String() string { if this == nil { return "nil" @@ -15861,6 +15973,7 @@ func (this *ApplicationSetSpec) String() string { `Template:` + strings.Replace(strings.Replace(this.Template.String(), "ApplicationSetTemplate", "ApplicationSetTemplate", 1), `&`, ``, 1) + `,`, `SyncPolicy:` + strings.Replace(this.SyncPolicy.String(), "ApplicationSetSyncPolicy", "ApplicationSetSyncPolicy", 1) + `,`, `Strategy:` + strings.Replace(this.Strategy.String(), "ApplicationSetStrategy", "ApplicationSetStrategy", 1) + `,`, + `PreservedFields:` + strings.Replace(this.PreservedFields.String(), "ApplicationPreservedFields", "ApplicationPreservedFields", 1) + `,`, `}`, }, "") return s @@ -16081,6 +16194,7 @@ func (this *ApplicationSourceKustomize) String() string { `CommonAnnotations:` + mapStringForCommonAnnotations + `,`, `ForceCommonLabels:` + fmt.Sprintf("%v", this.ForceCommonLabels) + `,`, `ForceCommonAnnotations:` + fmt.Sprintf("%v", this.ForceCommonAnnotations) + `,`, + `Namespace:` + fmt.Sprintf("%v", this.Namespace) + `,`, `}`, }, "") return s @@ -19557,6 +19671,88 @@ func (m *ApplicationMatchExpression) Unmarshal(dAtA []byte) error { } return nil } +func (m *ApplicationPreservedFields) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: ApplicationPreservedFields: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: ApplicationPreservedFields: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Annotations", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Annotations = append(m.Annotations, string(dAtA[iNdEx:postIndex])) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} func (m *ApplicationSet) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 @@ -21391,6 +21587,42 @@ func (m *ApplicationSetSpec) Unmarshal(dAtA []byte) error { return err } iNdEx = postIndex + case 6: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field PreservedFields", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.PreservedFields == nil { + m.PreservedFields = &ApplicationPreservedFields{} + } + if err := m.PreservedFields.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) @@ -23928,6 +24160,38 @@ func (m *ApplicationSourceKustomize) Unmarshal(dAtA []byte) error { } } m.ForceCommonAnnotations = bool(v != 0) + case 9: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Namespace", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Namespace = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) diff --git a/pkg/apis/application/v1alpha1/generated.proto b/pkg/apis/application/v1alpha1/generated.proto index 729f684b2d101..c5dadd0e5c444 100644 --- a/pkg/apis/application/v1alpha1/generated.proto +++ b/pkg/apis/application/v1alpha1/generated.proto @@ -157,6 +157,10 @@ message ApplicationMatchExpression { repeated string values = 3; } +message ApplicationPreservedFields { + repeated string annotations = 1; +} + // ApplicationSet is a set of Application resources // +genclient // +genclient:noStatus @@ -284,6 +288,8 @@ message ApplicationSetSpec { optional ApplicationSetSyncPolicy syncPolicy = 4; optional ApplicationSetStrategy strategy = 5; + + optional ApplicationPreservedFields preservedFields = 6; } // ApplicationSetStatus defines the observed state of ApplicationSet @@ -462,6 +468,9 @@ message ApplicationSourceKustomize { // ForceCommonAnnotations specifies whether to force applying common annotations to resources for Kustomize apps optional bool forceCommonAnnotations = 8; + + // Namespace sets the namespace that Kustomize adds to all resources + optional string namespace = 9; } // ApplicationSourcePlugin holds options specific to config management plugins diff --git a/pkg/apis/application/v1alpha1/openapi_generated.go b/pkg/apis/application/v1alpha1/openapi_generated.go index e9c422a9fdfee..a1089b73dfcf7 100644 --- a/pkg/apis/application/v1alpha1/openapi_generated.go +++ b/pkg/apis/application/v1alpha1/openapi_generated.go @@ -24,6 +24,7 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationDestination": schema_pkg_apis_application_v1alpha1_ApplicationDestination(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationList": schema_pkg_apis_application_v1alpha1_ApplicationList(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationMatchExpression": schema_pkg_apis_application_v1alpha1_ApplicationMatchExpression(ref), + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationPreservedFields": schema_pkg_apis_application_v1alpha1_ApplicationPreservedFields(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSet": schema_pkg_apis_application_v1alpha1_ApplicationSet(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSetApplicationStatus": schema_pkg_apis_application_v1alpha1_ApplicationSetApplicationStatus(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSetCondition": schema_pkg_apis_application_v1alpha1_ApplicationSetCondition(ref), @@ -694,6 +695,32 @@ func schema_pkg_apis_application_v1alpha1_ApplicationMatchExpression(ref common. } } +func schema_pkg_apis_application_v1alpha1_ApplicationPreservedFields(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "annotations": { + SchemaProps: spec.SchemaProps{ + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + }, + }, + }, + } +} + func schema_pkg_apis_application_v1alpha1_ApplicationSet(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -1124,12 +1151,17 @@ func schema_pkg_apis_application_v1alpha1_ApplicationSetSpec(ref common.Referenc Ref: ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSetStrategy"), }, }, + "preservedFields": { + SchemaProps: spec.SchemaProps{ + Ref: ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationPreservedFields"), + }, + }, }, Required: []string{"generators", "template"}, }, }, Dependencies: []string{ - "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSetGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSetStrategy", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSetSyncPolicy", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSetTemplate"}, + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationPreservedFields", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSetGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSetStrategy", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSetSyncPolicy", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSetTemplate"}, } } @@ -1729,6 +1761,13 @@ func schema_pkg_apis_application_v1alpha1_ApplicationSourceKustomize(ref common. Format: "", }, }, + "namespace": { + SchemaProps: spec.SchemaProps{ + Description: "Namespace sets the namespace that Kustomize adds to all resources", + Type: []string{"string"}, + Format: "", + }, + }, }, }, }, diff --git a/pkg/apis/application/v1alpha1/types.go b/pkg/apis/application/v1alpha1/types.go index 442f786dbe103..88b0e92c70e8b 100644 --- a/pkg/apis/application/v1alpha1/types.go +++ b/pkg/apis/application/v1alpha1/types.go @@ -445,6 +445,8 @@ type ApplicationSourceKustomize struct { ForceCommonLabels bool `json:"forceCommonLabels,omitempty" protobuf:"bytes,7,opt,name=forceCommonLabels"` // ForceCommonAnnotations specifies whether to force applying common annotations to resources for Kustomize apps ForceCommonAnnotations bool `json:"forceCommonAnnotations,omitempty" protobuf:"bytes,8,opt,name=forceCommonAnnotations"` + // Namespace sets the namespace that Kustomize adds to all resources + Namespace string `json:"namespace,omitempty" protobuf:"bytes,9,opt,name=namespace"` } // AllowsConcurrentProcessing returns true if multiple processes can run Kustomize builds on the same source at the same time @@ -452,6 +454,7 @@ func (k *ApplicationSourceKustomize) AllowsConcurrentProcessing() bool { return len(k.Images) == 0 && len(k.CommonLabels) == 0 && k.NamePrefix == "" && + k.Namespace == "" && k.NameSuffix == "" } @@ -461,6 +464,7 @@ func (k *ApplicationSourceKustomize) IsZero() bool { k.NamePrefix == "" && k.NameSuffix == "" && k.Version == "" && + k.Namespace == "" && len(k.Images) == 0 && len(k.CommonLabels) == 0 && len(k.CommonAnnotations) == 0 diff --git a/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go index 15cc07f3c19f3..d681700a095d2 100644 --- a/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go @@ -315,6 +315,27 @@ func (in *ApplicationMatchExpression) DeepCopy() *ApplicationMatchExpression { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ApplicationPreservedFields) DeepCopyInto(out *ApplicationPreservedFields) { + *out = *in + if in.Annotations != nil { + in, out := &in.Annotations, &out.Annotations + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ApplicationPreservedFields. +func (in *ApplicationPreservedFields) DeepCopy() *ApplicationPreservedFields { + if in == nil { + return nil + } + out := new(ApplicationPreservedFields) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ApplicationSet) DeepCopyInto(out *ApplicationSet) { *out = *in @@ -632,6 +653,11 @@ func (in *ApplicationSetSpec) DeepCopyInto(out *ApplicationSetSpec) { *out = new(ApplicationSetStrategy) (*in).DeepCopyInto(*out) } + if in.PreservedFields != nil { + in, out := &in.PreservedFields, &out.PreservedFields + *out = new(ApplicationPreservedFields) + (*in).DeepCopyInto(*out) + } return } diff --git a/test/container/Dockerfile b/test/container/Dockerfile index 4bf2f52c2cb25..888b6ff7f1442 100644 --- a/test/container/Dockerfile +++ b/test/container/Dockerfile @@ -1,4 +1,4 @@ -FROM docker.io/library/redis:7.0.8@sha256:6a59f1cbb8d28ac484176d52c473494859a512ddba3ea62a547258cf16c9b3ae as redis +FROM docker.io/library/redis:7.0.9@sha256:e50c7e23f79ae81351beacb20e004720d4bed657415e68c2b1a2b5557c075ce0 as redis # There are libraries we will want to copy from here in the final stage of the # build, but the COPY directive does not have a way to determine system @@ -11,9 +11,9 @@ FROM docker.io/library/golang:1.19.6@sha256:7ce31d15a3a4dbf20446cccffa4020d3a297 FROM docker.io/library/registry:2.8@sha256:3f71055ad7c41728e381190fee5c4cf9b8f7725839dcf5c0fe3e5e20dc5db1fa as registry -FROM docker.io/bitnami/kubectl:1.26@sha256:625467eb8c3a3d60232923404941c32e787eb9003e644d0fa8258b0efa7f6a7f as kubectl +FROM docker.io/bitnami/kubectl:1.26@sha256:90d54ce960bf00b6d06cf1c69075a120d88e9f3237096b237c0a5efcacd5ed0b as kubectl -FROM ubuntu:22.04@sha256:9a0bdde4188b896a372804be2384015e90e3f84906b750c1a53539b585fbbe7f +FROM docker.io/library/ubuntu:22.04@sha256:9a0bdde4188b896a372804be2384015e90e3f84906b750c1a53539b585fbbe7f ENV DEBIAN_FRONTEND=noninteractive RUN apt-get update && apt-get install --fix-missing -y \ diff --git a/test/e2e/app_management_ns_test.go b/test/e2e/app_management_ns_test.go index f9f3a71282644..8ec69a47bc8ab 100644 --- a/test/e2e/app_management_ns_test.go +++ b/test/e2e/app_management_ns_test.go @@ -89,7 +89,7 @@ func TestNamespacedGetLogsDenySwitchOn(t *testing.T) { Then(). Expect(HealthIs(health.HealthStatusHealthy)). And(func(app *Application) { - _, err := RunCli("app", "logs", ctx.AppQualifiedName(), "--kind", "Deployment", "--group", "", "--name", "guestbook-ui") + _, err := RunCliWithRetry(5, "app", "logs", ctx.AppQualifiedName(), "--kind", "Deployment", "--group", "", "--name", "guestbook-ui") assert.Error(t, err) assert.Contains(t, err.Error(), "permission denied") }) @@ -143,17 +143,17 @@ func TestNamespacedGetLogsAllowSwitchOnNS(t *testing.T) { Then(). Expect(HealthIs(health.HealthStatusHealthy)). And(func(app *Application) { - out, err := RunCli("app", "logs", ctx.AppQualifiedName(), "--kind", "Deployment", "--group", "", "--name", "guestbook-ui") + out, err := RunCliWithRetry(5, "app", "logs", ctx.AppQualifiedName(), "--kind", "Deployment", "--group", "", "--name", "guestbook-ui") assert.NoError(t, err) assert.Contains(t, out, "Hi") }). And(func(app *Application) { - out, err := RunCli("app", "logs", ctx.AppQualifiedName(), "--kind", "Pod") + out, err := RunCliWithRetry(5, "app", "logs", ctx.AppQualifiedName(), "--kind", "Pod") assert.NoError(t, err) assert.Contains(t, out, "Hi") }). And(func(app *Application) { - out, err := RunCli("app", "logs", ctx.AppQualifiedName(), "--kind", "Service") + out, err := RunCliWithRetry(5, "app", "logs", ctx.AppQualifiedName(), "--kind", "Service") assert.NoError(t, err) assert.NotContains(t, out, "Hi") }) @@ -202,17 +202,17 @@ func TestNamespacedGetLogsAllowSwitchOff(t *testing.T) { Then(). Expect(HealthIs(health.HealthStatusHealthy)). And(func(app *Application) { - out, err := RunCli("app", "logs", ctx.AppQualifiedName(), "--kind", "Deployment", "--group", "", "--name", "guestbook-ui") + out, err := RunCliWithRetry(5, "app", "logs", ctx.AppQualifiedName(), "--kind", "Deployment", "--group", "", "--name", "guestbook-ui") assert.NoError(t, err) assert.Contains(t, out, "Hi") }). And(func(app *Application) { - out, err := RunCli("app", "logs", ctx.AppQualifiedName(), "--kind", "Pod") + out, err := RunCliWithRetry(5, "app", "logs", ctx.AppQualifiedName(), "--kind", "Pod") assert.NoError(t, err) assert.Contains(t, out, "Hi") }). And(func(app *Application) { - out, err := RunCli("app", "logs", ctx.AppQualifiedName(), "--kind", "Service") + out, err := RunCliWithRetry(5, "app", "logs", ctx.AppQualifiedName(), "--kind", "Service") assert.NoError(t, err) assert.NotContains(t, out, "Hi") }) @@ -2306,17 +2306,17 @@ func TestNamespacedAppLogs(t *testing.T) { Then(). Expect(HealthIs(health.HealthStatusHealthy)). And(func(app *Application) { - out, err := RunCli("app", "logs", app.QualifiedName(), "--kind", "Deployment", "--group", "", "--name", "guestbook-ui") + out, err := RunCliWithRetry(5, "app", "logs", app.QualifiedName(), "--kind", "Deployment", "--group", "", "--name", "guestbook-ui") assert.NoError(t, err) assert.Contains(t, out, "Hi") }). And(func(app *Application) { - out, err := RunCli("app", "logs", app.QualifiedName(), "--kind", "Pod") + out, err := RunCliWithRetry(5, "app", "logs", app.QualifiedName(), "--kind", "Pod") assert.NoError(t, err) assert.Contains(t, out, "Hi") }). And(func(app *Application) { - out, err := RunCli("app", "logs", app.QualifiedName(), "--kind", "Service") + out, err := RunCliWithRetry(5, "app", "logs", app.QualifiedName(), "--kind", "Service") assert.NoError(t, err) assert.NotContains(t, out, "Hi") }) diff --git a/test/e2e/app_management_test.go b/test/e2e/app_management_test.go index a1152d0f6495b..873b174d0af31 100644 --- a/test/e2e/app_management_test.go +++ b/test/e2e/app_management_test.go @@ -48,6 +48,7 @@ const ( guestbookPathLocal = "./testdata/guestbook_local" globalWithNoNameSpace = "global-with-no-namespace" guestbookWithNamespace = "guestbook-with-namespace" + appLogsRetryCount = 5 ) // This empty test is here only for clarity, to conform to logs rbac tests structure in account. This exact usecase is covered in the TestAppLogs test @@ -94,7 +95,7 @@ func TestGetLogsDenySwitchOn(t *testing.T) { Then(). Expect(HealthIs(health.HealthStatusHealthy)). And(func(app *Application) { - _, err := RunCli("app", "logs", app.Name, "--kind", "Deployment", "--group", "", "--name", "guestbook-ui") + _, err := RunCliWithRetry(appLogsRetryCount, "app", "logs", app.Name, "--kind", "Deployment", "--group", "", "--name", "guestbook-ui") assert.Error(t, err) assert.Contains(t, err.Error(), "permission denied") }) @@ -145,17 +146,17 @@ func TestGetLogsAllowSwitchOn(t *testing.T) { Then(). Expect(HealthIs(health.HealthStatusHealthy)). And(func(app *Application) { - out, err := RunCli("app", "logs", app.Name, "--kind", "Deployment", "--group", "", "--name", "guestbook-ui") + out, err := RunCliWithRetry(appLogsRetryCount, "app", "logs", app.Name, "--kind", "Deployment", "--group", "", "--name", "guestbook-ui") assert.NoError(t, err) assert.Contains(t, out, "Hi") }). And(func(app *Application) { - out, err := RunCli("app", "logs", app.Name, "--kind", "Pod") + out, err := RunCliWithRetry(appLogsRetryCount, "app", "logs", app.Name, "--kind", "Pod") assert.NoError(t, err) assert.Contains(t, out, "Hi") }). And(func(app *Application) { - out, err := RunCli("app", "logs", app.Name, "--kind", "Service") + out, err := RunCliWithRetry(appLogsRetryCount, "app", "logs", app.Name, "--kind", "Service") assert.NoError(t, err) assert.NotContains(t, out, "Hi") }) @@ -202,17 +203,17 @@ func TestGetLogsAllowSwitchOff(t *testing.T) { Then(). Expect(HealthIs(health.HealthStatusHealthy)). And(func(app *Application) { - out, err := RunCli("app", "logs", app.Name, "--kind", "Deployment", "--group", "", "--name", "guestbook-ui") + out, err := RunCliWithRetry(appLogsRetryCount, "app", "logs", app.Name, "--kind", "Deployment", "--group", "", "--name", "guestbook-ui") assert.NoError(t, err) assert.Contains(t, out, "Hi") }). And(func(app *Application) { - out, err := RunCli("app", "logs", app.Name, "--kind", "Pod") + out, err := RunCliWithRetry(appLogsRetryCount, "app", "logs", app.Name, "--kind", "Pod") assert.NoError(t, err) assert.Contains(t, out, "Hi") }). And(func(app *Application) { - out, err := RunCli("app", "logs", app.Name, "--kind", "Service") + out, err := RunCliWithRetry(appLogsRetryCount, "app", "logs", app.Name, "--kind", "Service") assert.NoError(t, err) assert.NotContains(t, out, "Hi") }) @@ -2007,17 +2008,17 @@ func TestAppLogs(t *testing.T) { Then(). Expect(HealthIs(health.HealthStatusHealthy)). And(func(app *Application) { - out, err := RunCli("app", "logs", app.Name, "--kind", "Deployment", "--group", "", "--name", "guestbook-ui") + out, err := RunCliWithRetry(appLogsRetryCount, "app", "logs", app.Name, "--kind", "Deployment", "--group", "", "--name", "guestbook-ui") assert.NoError(t, err) assert.Contains(t, out, "Hi") }). And(func(app *Application) { - out, err := RunCli("app", "logs", app.Name, "--kind", "Pod") + out, err := RunCliWithRetry(appLogsRetryCount, "app", "logs", app.Name, "--kind", "Pod") assert.NoError(t, err) assert.Contains(t, out, "Hi") }). And(func(app *Application) { - out, err := RunCli("app", "logs", app.Name, "--kind", "Service") + out, err := RunCliWithRetry(appLogsRetryCount, "app", "logs", app.Name, "--kind", "Service") assert.NoError(t, err) assert.NotContains(t, out, "Hi") }) diff --git a/test/e2e/fixture/fixture.go b/test/e2e/fixture/fixture.go index 0d758c8abbe74..be1c75221cce1 100644 --- a/test/e2e/fixture/fixture.go +++ b/test/e2e/fixture/fixture.go @@ -650,6 +650,19 @@ func EnsureCleanState(t *testing.T) { log.WithFields(log.Fields{"duration": time.Since(start), "name": t.Name(), "id": id, "username": "admin", "password": "password"}).Info("clean state") } +func RunCliWithRetry(maxRetries int, args ...string) (string, error) { + var out string + var err error + for i := 0; i < maxRetries; i++ { + out, err = RunCli(args...) + if err == nil { + break + } + time.Sleep(time.Second) + } + return out, err +} + func RunCli(args ...string) (string, error) { return RunCliWithStdin("", args...) } diff --git a/test/e2e/multiarch-container/Dockerfile b/test/e2e/multiarch-container/Dockerfile index 41667d28f8176..31aa01f2d3b46 100644 --- a/test/e2e/multiarch-container/Dockerfile +++ b/test/e2e/multiarch-container/Dockerfile @@ -1,2 +1,2 @@ -FROM docker.io/library/busybox +FROM docker.io/library/busybox@sha256:7b3ccabffc97de872a30dfd234fd972a66d247c8cfc69b0550f276481852627c CMD exec sh -c "trap : TERM INT; echo 'Hi' && tail -f /dev/null" diff --git a/test/remote/Dockerfile b/test/remote/Dockerfile index 9786584bb4e1b..b58a1463a224e 100644 --- a/test/remote/Dockerfile +++ b/test/remote/Dockerfile @@ -1,6 +1,6 @@ ARG BASE_IMAGE=docker.io/library/ubuntu:22.04 -FROM golang:1.19 AS go +FROM docker.io/library/golang:1.19.6@sha256:7ce31d15a3a4dbf20446cccffa4020d3a2974ad2287d96123f55caf22c7adb71 AS go RUN go install github.com/mattn/goreman@latest && \ go install github.com/kisielk/godepgraph@latest diff --git a/ui-test/Dockerfile b/ui-test/Dockerfile index a58d05f23fda4..f5708b7044e65 100644 --- a/ui-test/Dockerfile +++ b/ui-test/Dockerfile @@ -1,4 +1,4 @@ -FROM node:12.18.4 AS node +FROM docker.io/library/node:12.18.4@sha256:8cfe7e8dc60095a4f9d25a3f0f208503559fa033a15e2ddd87dee85bec101a2e AS node RUN apt-get update && apt-get install --no-install-recommends -y \ software-properties-common diff --git a/ui/src/app/applications/components/application-details/application-details.tsx b/ui/src/app/applications/components/application-details/application-details.tsx index f5b4682150de9..dc90a8b3b31a4 100644 --- a/ui/src/app/applications/components/application-details/application-details.tsx +++ b/ui/src/app/applications/components/application-details/application-details.tsx @@ -571,7 +571,7 @@ export class ApplicationDetails extends React.Component AppUtils.showDeploy(null, this.appContext.apis)} + hide={() => AppUtils.showDeploy(null, null, this.appContext.apis)} selectedResource={syncResourceKey} /> -1} onClose={() => this.setRollbackPanelVisible(-1)}> @@ -671,7 +671,7 @@ export class ApplicationDetails extends React.Component, - action: () => AppUtils.showDeploy('all', this.appContext.apis) + action: () => AppUtils.showDeploy('all', null, this.appContext.apis) }, { iconClassName: 'fa fa-info-circle', diff --git a/ui/src/app/applications/components/application-parameters/application-parameters.tsx b/ui/src/app/applications/components/application-parameters/application-parameters.tsx index c2425a6e3ee83..301f31e183ca2 100644 --- a/ui/src/app/applications/components/application-parameters/application-parameters.tsx +++ b/ui/src/app/applications/components/application-parameters/application-parameters.tsx @@ -145,6 +145,12 @@ export const ApplicationParameters = (props: { edit: (formApi: FormApi) => }); + attributes.push({ + title: 'NAMESPACE', + view: app.spec.source.kustomize && app.spec.source.kustomize.namespace, + edit: (formApi: FormApi) => + }); + const srcImages = ((props.details && props.details.kustomize && props.details.kustomize.images) || []).map(val => kustomize.parse(val)); const images = ((source.kustomize && source.kustomize.images) || []).map(val => kustomize.parse(val)); diff --git a/ui/src/app/applications/components/application-sync-panel/application-sync-panel.tsx b/ui/src/app/applications/components/application-sync-panel/application-sync-panel.tsx index 89142887d9a86..884cdd4eb85ff 100644 --- a/ui/src/app/applications/components/application-sync-panel/application-sync-panel.tsx +++ b/ui/src/app/applications/components/application-sync-panel/application-sync-panel.tsx @@ -48,7 +48,7 @@ export const ApplicationSyncPanel = ({application, selectedResource, hide}: {app {isVisible && (
      i === syncResIndex || syncResIndex === -1), syncOptions: application.spec.syncPolicy ? application.spec.syncPolicy.syncOptions : [] }} diff --git a/ui/src/app/applications/components/utils.tsx b/ui/src/app/applications/components/utils.tsx index ce0a2583ad6c4..7e4fed73cbd17 100644 --- a/ui/src/app/applications/components/utils.tsx +++ b/ui/src/app/applications/components/utils.tsx @@ -261,8 +261,8 @@ export const ComparisonStatusIcon = ({ ); }; -export function showDeploy(resource: string, apis: ContextApis) { - apis.navigation.goto('.', {deploy: resource}, {replace: true}); +export function showDeploy(resource: string, revision: string, apis: ContextApis) { + apis.navigation.goto('.', {deploy: resource, revision}, {replace: true}); } export function findChildPod(node: appModels.ResourceNode, tree: appModels.ApplicationTree): appModels.ResourceNode { @@ -437,7 +437,7 @@ function getActionItems( { title: 'Sync', iconClassName: 'fa fa-sync', - action: () => showDeploy(nodeKey(resource), apis) + action: () => showDeploy(nodeKey(resource), null, apis) } ]) || []), diff --git a/ui/src/app/shared/models.ts b/ui/src/app/shared/models.ts index 0c5f820d496ae..027d3aaf55e62 100644 --- a/ui/src/app/shared/models.ts +++ b/ui/src/app/shared/models.ts @@ -205,6 +205,7 @@ export interface ApplicationSourceKustomize { nameSuffix: string; images: string[]; version: string; + namespace: string; } export interface EnvEntry { name: string; @@ -612,6 +613,7 @@ export interface HelmAppSpec { export interface KustomizeAppSpec { path: string; images?: string[]; + namespace?: string; } export interface PluginAppSpec { diff --git a/util/io/bytereadseeker_test.go b/util/io/bytereadseeker_test.go index 5784d563e9f5c..d8f9a9a99ffd3 100644 --- a/util/io/bytereadseeker_test.go +++ b/util/io/bytereadseeker_test.go @@ -68,4 +68,4 @@ func TestByteReadSeeker_Seek_OutOfBounds(t *testing.T) { assert.Error(t, err) _, err = reader.Seek(-1, io.SeekStart) assert.Error(t, err) -} \ No newline at end of file +} diff --git a/util/kustomize/kustomize.go b/util/kustomize/kustomize.go index ff2cf3b8e8867..f5f5d8f4303a1 100644 --- a/util/kustomize/kustomize.go +++ b/util/kustomize/kustomize.go @@ -145,6 +145,15 @@ func (k *kustomize) Build(opts *v1alpha1.ApplicationSourceKustomize, kustomizeOp return nil, nil, err } } + + if opts.Namespace != "" { + cmd := exec.Command(k.getBinaryPath(), "edit", "set", "namespace", "--", opts.Namespace) + cmd.Dir = k.path + _, err := executil.Run(cmd) + if err != nil { + return nil, nil, err + } + } } var cmd *exec.Cmd diff --git a/util/kustomize/kustomize_test.go b/util/kustomize/kustomize_test.go index ec465c14abe73..9a0be698424a9 100644 --- a/util/kustomize/kustomize_test.go +++ b/util/kustomize/kustomize_test.go @@ -34,6 +34,7 @@ func TestKustomizeBuild(t *testing.T) { assert.Nil(t, err) namePrefix := "namePrefix-" nameSuffix := "-nameSuffix" + namespace := "custom-namespace" kustomize := NewKustomizeApp(appPath, git.NopCreds{}, "", "") kustomizeSource := v1alpha1.ApplicationSourceKustomize{ NamePrefix: namePrefix, @@ -47,6 +48,7 @@ func TestKustomizeBuild(t *testing.T) { "app.kubernetes.io/managed-by": "argo-cd", "app.kubernetes.io/part-of": "argo-cd-tests", }, + Namespace: namespace, } objs, images, err := kustomize.Build(&kustomizeSource, nil, nil) assert.Nil(t, err) @@ -67,6 +69,7 @@ func TestKustomizeBuild(t *testing.T) { "app.kubernetes.io/managed-by": "argo-cd", "app.kubernetes.io/part-of": "argo-cd-tests", }, obj.GetAnnotations()) + assert.Equal(t, namespace, obj.GetNamespace()) case "Deployment": assert.Equal(t, namePrefix+"nginx-deployment"+nameSuffix, obj.GetName()) assert.Equal(t, map[string]string{ @@ -78,6 +81,7 @@ func TestKustomizeBuild(t *testing.T) { "app.kubernetes.io/managed-by": "argo-cd", "app.kubernetes.io/part-of": "argo-cd-tests", }, obj.GetAnnotations()) + assert.Equal(t, namespace, obj.GetNamespace()) } }