From 3e25bdab268c2aa06d5bafb891157d73a2ff08c4 Mon Sep 17 00:00:00 2001 From: cleverhu Date: Fri, 21 Oct 2022 23:55:23 +0800 Subject: [PATCH 001/304] chore: increase liveness timeout (#10730) Fix: https://github.com/argoproj/argo-cd/issues/10728 Signed-off-by: cleverhu Signed-off-by: cleverhu Signed-off-by: emirot --- manifests/base/repo-server/argocd-repo-server-deployment.yaml | 3 ++- manifests/base/server/argocd-server-deployment.yaml | 1 + manifests/core-install.yaml | 3 ++- manifests/ha/install.yaml | 4 +++- manifests/ha/namespace-install.yaml | 4 +++- manifests/install.yaml | 4 +++- manifests/namespace-install.yaml | 4 +++- 7 files changed, 17 insertions(+), 6 deletions(-) diff --git a/manifests/base/repo-server/argocd-repo-server-deployment.yaml b/manifests/base/repo-server/argocd-repo-server-deployment.yaml index e698fe6dd56e3..4966ff9e65ae8 100644 --- a/manifests/base/repo-server/argocd-repo-server-deployment.yaml +++ b/manifests/base/repo-server/argocd-repo-server-deployment.yaml @@ -157,8 +157,9 @@ spec: path: /healthz?full=true port: 8084 initialDelaySeconds: 30 - periodSeconds: 5 + periodSeconds: 30 failureThreshold: 3 + timeoutSeconds: 5 readinessProbe: httpGet: path: /healthz diff --git a/manifests/base/server/argocd-server-deployment.yaml b/manifests/base/server/argocd-server-deployment.yaml index 9036691528fac..3f5c6c5c2bd64 100644 --- a/manifests/base/server/argocd-server-deployment.yaml +++ b/manifests/base/server/argocd-server-deployment.yaml @@ -230,6 +230,7 @@ spec: port: 8080 initialDelaySeconds: 3 periodSeconds: 30 + timeoutSeconds: 5 readinessProbe: httpGet: path: /healthz diff --git a/manifests/core-install.yaml b/manifests/core-install.yaml index e9ca6e1f56604..bbd8f3cc3a932 100644 --- a/manifests/core-install.yaml +++ b/manifests/core-install.yaml @@ -9961,7 +9961,8 @@ spec: path: /healthz?full=true port: 8084 initialDelaySeconds: 30 - periodSeconds: 5 + periodSeconds: 30 + timeoutSeconds: 5 name: argocd-repo-server ports: - containerPort: 8081 diff --git a/manifests/ha/install.yaml b/manifests/ha/install.yaml index de7c1289ad28b..d22dd2eb073b8 100644 --- a/manifests/ha/install.yaml +++ b/manifests/ha/install.yaml @@ -11412,7 +11412,8 @@ spec: path: /healthz?full=true port: 8084 initialDelaySeconds: 30 - periodSeconds: 5 + periodSeconds: 30 + timeoutSeconds: 5 name: argocd-repo-server ports: - containerPort: 8081 @@ -11736,6 +11737,7 @@ spec: port: 8080 initialDelaySeconds: 3 periodSeconds: 30 + timeoutSeconds: 5 name: argocd-server ports: - containerPort: 8080 diff --git a/manifests/ha/namespace-install.yaml b/manifests/ha/namespace-install.yaml index 9a06ed3f0c245..ed1cf578989ab 100644 --- a/manifests/ha/namespace-install.yaml +++ b/manifests/ha/namespace-install.yaml @@ -2078,7 +2078,8 @@ spec: path: /healthz?full=true port: 8084 initialDelaySeconds: 30 - periodSeconds: 5 + periodSeconds: 30 + timeoutSeconds: 5 name: argocd-repo-server ports: - containerPort: 8081 @@ -2402,6 +2403,7 @@ spec: port: 8080 initialDelaySeconds: 3 periodSeconds: 30 + timeoutSeconds: 5 name: argocd-server ports: - containerPort: 8080 diff --git a/manifests/install.yaml b/manifests/install.yaml index a4644f020deff..a713fb387940a 100644 --- a/manifests/install.yaml +++ b/manifests/install.yaml @@ -10439,7 +10439,8 @@ spec: path: /healthz?full=true port: 8084 initialDelaySeconds: 30 - periodSeconds: 5 + periodSeconds: 30 + timeoutSeconds: 5 name: argocd-repo-server ports: - containerPort: 8081 @@ -10759,6 +10760,7 @@ spec: port: 8080 initialDelaySeconds: 3 periodSeconds: 30 + timeoutSeconds: 5 name: argocd-server ports: - containerPort: 8080 diff --git a/manifests/namespace-install.yaml b/manifests/namespace-install.yaml index daf547f34a7f3..7db9f5497cba6 100644 --- a/manifests/namespace-install.yaml +++ b/manifests/namespace-install.yaml @@ -1105,7 +1105,8 @@ spec: path: /healthz?full=true port: 8084 initialDelaySeconds: 30 - periodSeconds: 5 + periodSeconds: 30 + timeoutSeconds: 5 name: argocd-repo-server ports: - containerPort: 8081 @@ -1425,6 +1426,7 @@ spec: port: 8080 initialDelaySeconds: 3 periodSeconds: 30 + timeoutSeconds: 5 name: argocd-server ports: - containerPort: 8080 From 04ca6da40a863d10fde6e4f72fd75dc8bee65f5d Mon Sep 17 00:00:00 2001 From: Nolan Emirot Date: Fri, 21 Oct 2022 09:18:51 -0700 Subject: [PATCH 002/304] test: simplify bcrypt test (#11013) * chore: wrap errors with message (#10592) (#10986) * issue-10592 Wrap errors with message Signed-off-by: Apoorva Mahabaleshwara Signed-off-by: Apoorva Mahabaleshwara * issue-10592 remove unwanted error wrappers Signed-off-by: Apoorva Mahabaleshwara Signed-off-by: Apoorva Mahabaleshwara * chore: fix error wrapper messages Signed-off-by: Apoorva Mahabaleshwara Signed-off-by: Apoorva Mahabaleshwara Signed-off-by: Apoorva Mahabaleshwara Co-authored-by: Apoorva Mahabaleshwara Signed-off-by: emirot * test: simplify test Signed-off-by: emirot Signed-off-by: emirot * trigger ci Signed-off-by: emirot * feat: sort resource list by created_at, add message to AnalysisRun and replicas to ReplicaSet (#10613) * Misc UI Improvements: sort by created at in resource list view, add message to AnalysisRun and replicas to Replicaset Signed-off-by: Alex Eftimie * Address PR comments Signed-off-by: Alex Eftimie * No underscore needed in created_at. Add space between icon and message in health details for non-controlled resources Signed-off-by: Alex Eftimie * Guard section Signed-off-by: Alex Eftimie Signed-off-by: Alex Eftimie Co-authored-by: Remington Breeze Signed-off-by: emirot * chore: fix e2e (#11005) * chore: fix e2e Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * more config Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * global Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: emirot Signed-off-by: Apoorva Mahabaleshwara Signed-off-by: Apoorva Mahabaleshwara Signed-off-by: emirot Signed-off-by: emirot Signed-off-by: Alex Eftimie Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Co-authored-by: apoorvam1 Co-authored-by: Apoorva Mahabaleshwara Co-authored-by: emirot Co-authored-by: Alex Eftimie Co-authored-by: Remington Breeze Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: emirot --- cmd/argocd/commands/bcrypt.go | 5 +-- cmd/argocd/commands/bcrypt_test.go | 53 ++++-------------------------- 2 files changed, 9 insertions(+), 49 deletions(-) diff --git a/cmd/argocd/commands/bcrypt.go b/cmd/argocd/commands/bcrypt.go index 2b798e0fa9a1c..2aaf94fe9450d 100644 --- a/cmd/argocd/commands/bcrypt.go +++ b/cmd/argocd/commands/bcrypt.go @@ -2,9 +2,10 @@ package commands import ( "fmt" + "log" + "github.com/spf13/cobra" "golang.org/x/crypto/bcrypt" - "log" ) // bcryptCmd represents the bcrypt command @@ -22,7 +23,7 @@ func NewBcryptCmd() *cobra.Command { if err != nil { log.Fatalf("Failed to genarate bcrypt hash: %v", err) } - fmt.Println(string(hash)) + fmt.Fprint(cmd.OutOrStdout(), string(hash)) }, } diff --git a/cmd/argocd/commands/bcrypt_test.go b/cmd/argocd/commands/bcrypt_test.go index ea26270be0d1a..c5949977a1425 100644 --- a/cmd/argocd/commands/bcrypt_test.go +++ b/cmd/argocd/commands/bcrypt_test.go @@ -1,63 +1,22 @@ package commands import ( + "bytes" + "testing" + "github.com/stretchr/testify/assert" "golang.org/x/crypto/bcrypt" - "io" - "os" - "strings" - "testing" ) -// capture replaces os.Stdout with a writer that buffers any data written -// to os.Stdout. Call the returned function to clean up and get the data -// as a string. -func capture() func() (string, error) { - r, w, err := os.Pipe() - if err != nil { - panic(err) - } - - done := make(chan error, 1) - - save := os.Stdout - os.Stdout = w - - var buf strings.Builder - - go func() { - _, err = io.Copy(&buf, r) - err = r.Close() - if err != nil { - return - } - done <- err - }() - - return func() (string, error) { - os.Stdout = save - err := w.Close() - if err != nil { - return "", err - } - err = <-done - return buf.String(), err - } -} - func TestGeneratePassword(t *testing.T) { - - done := capture() bcryptCmd := NewBcryptCmd() - bcryptCmd.SetArgs([]string{"--password", "abc"}) + output := new(bytes.Buffer) + bcryptCmd.SetOutput(output) err := bcryptCmd.Execute() if err != nil { return } - capturedOutput, err := done() - assert.NoError(t, err) - - err = bcrypt.CompareHashAndPassword([]byte(capturedOutput), []byte("abc")) + err = bcrypt.CompareHashAndPassword(output.Bytes(), []byte("abc")) assert.NoError(t, err) } From c064fb9735c308852b7f492d2a7201e8c8638623 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcus=20S=C3=B6derberg?= Date: Fri, 21 Oct 2022 18:39:39 +0200 Subject: [PATCH 003/304] feat: add labels and annotations to cluster details page (#9707) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Marcus Söderberg Signed-off-by: Marcus Söderberg Signed-off-by: emirot --- .../cluster-details/cluster-details.tsx | 20 +++++++++++++++++-- ui/src/app/shared/models.ts | 2 ++ 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/ui/src/app/settings/components/cluster-details/cluster-details.tsx b/ui/src/app/settings/components/cluster-details/cluster-details.tsx index 2b4824adee790..9e1a7a7923e9f 100644 --- a/ui/src/app/settings/components/cluster-details/cluster-details.tsx +++ b/ui/src/app/settings/components/cluster-details/cluster-details.tsx @@ -7,7 +7,7 @@ import {from, timer} from 'rxjs'; import {mergeMap} from 'rxjs/operators'; import {FormField, Ticker} from 'argo-ui'; -import {ConnectionStateIcon, DataLoader, EditablePanel, Page, Timestamp} from '../../../shared/components'; +import {ConnectionStateIcon, DataLoader, EditablePanel, Page, Timestamp, MapInputField} from '../../../shared/components'; import {Cluster} from '../../../shared/models'; import {services} from '../../../shared/services'; @@ -59,7 +59,9 @@ export const ClusterDetails = (props: RouteComponentProps<{server: string}>) => const item = await services.clusters.get(updated.server, ''); item.name = updated.name; item.namespaces = updated.namespaces; - loaderRef.current.setData(await services.clusters.update(item, 'name', 'namespaces')); + item.labels = updated.labels; + item.annotations = updated.annotations; + loaderRef.current.setData(await services.clusters.update(item, 'name', 'namespaces', 'labels', 'annotations')); }} title='GENERAL' items={[ @@ -83,6 +85,20 @@ export const ClusterDetails = (props: RouteComponentProps<{server: string}>) => title: 'NAMESPACES', view: ((cluster.namespaces || []).length === 0 && 'All namespaces') || cluster.namespaces.join(', '), edit: formApi => + }, + { + title: 'LABELS', + view: Object.keys(cluster.labels || []) + .map(label => `${label}=${cluster.labels[label]}`) + .join(' '), + edit: formApi => + }, + { + title: 'ANNOTATIONS', + view: Object.keys(cluster.annotations || []) + .map(annotation => `${annotation}=${cluster.annotations[annotation]}`) + .join(' '), + edit: formApi => } ]} /> diff --git a/ui/src/app/shared/models.ts b/ui/src/app/shared/models.ts index 7c463173b79c9..956ec4c315085 100644 --- a/ui/src/app/shared/models.ts +++ b/ui/src/app/shared/models.ts @@ -533,6 +533,8 @@ export interface Cluster { connectionState: ConnectionState; cacheInfo: ClusterCacheInfo; }; + annotations?: {[name: string]: string}; + labels?: {[name: string]: string}; } export interface ClusterCacheInfo { From 60ed5d95598fa97cb536c9bb1e37583a634742ab Mon Sep 17 00:00:00 2001 From: emirot Date: Fri, 21 Oct 2022 20:39:13 -0700 Subject: [PATCH 004/304] tests(server): add test for list repositories Signed-off-by: emirot --- server/repository/repository_test.go | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/server/repository/repository_test.go b/server/repository/repository_test.go index a76d373976f7b..cc41a01507798 100644 --- a/server/repository/repository_test.go +++ b/server/repository/repository_test.go @@ -278,7 +278,23 @@ func TestRepositoryServer(t *testing.T) { assert.Nil(t, err) assert.Equal(t, repo.Repo, "test") }) + t.Run("Test_ListRepositories", func(t *testing.T) { + repoServerClient := mocks.RepoServerServiceClient{} + repoServerClient.On("TestRepository", mock.Anything, mock.Anything).Return(&apiclient.TestRepositoryResponse{}, nil) + repoServerClientset := mocks.Clientset{RepoServerServiceClient: &repoServerClient} + enforcer := newEnforcer(kubeclientset) + url := "https://test" + db := &dbmocks.ArgoDB{} + db.On("GetRepository", context.TODO(), url).Return(nil, nil) + db.On("ListHelmRepositories", context.TODO(), mock.Anything).Return(nil, nil) + db.On("ListRepositories", context.TODO()).Return([]*appsv1.Repository{&l, &l}, nil) + + s := NewServer(&repoServerClientset, db, enforcer, newFixtures().Cache, appLister, projLister, settingsMgr) + resp, err := s.ListRepositories(context.TODO(), &repository.RepoQuery{}) + assert.NoError(t, err) + assert.Equal(t, 2, len(resp.Items)) + }) } func TestRepositoryServerListApps(t *testing.T) { From 1183558f9973111b7d60541b38627628c5c70ac5 Mon Sep 17 00:00:00 2001 From: emirot Date: Fri, 21 Oct 2022 20:49:50 -0700 Subject: [PATCH 005/304] tests(server): add test for list repositories Signed-off-by: emirot --- server/repository/repository_test.go | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/server/repository/repository_test.go b/server/repository/repository_test.go index cc41a01507798..b62401fe9d77c 100644 --- a/server/repository/repository_test.go +++ b/server/repository/repository_test.go @@ -86,7 +86,17 @@ var ( Destinations: []appsv1.ApplicationDestination{{Server: "*", Namespace: "*"}}, }, } - + fakeRepo = appsv1.Repository{ + Repo: "https://test", + Type: "test", + Name: "test", + Username: "argo", + Insecure: false, + EnableLFS: false, + EnableOCI: false, + Proxy: "test", + Project: "argocd", + } guestbookApp = &appsv1.Application{ TypeMeta: metav1.TypeMeta{ Kind: "Application", @@ -278,6 +288,7 @@ func TestRepositoryServer(t *testing.T) { assert.Nil(t, err) assert.Equal(t, repo.Repo, "test") }) + t.Run("Test_ListRepositories", func(t *testing.T) { repoServerClient := mocks.RepoServerServiceClient{} repoServerClient.On("TestRepository", mock.Anything, mock.Anything).Return(&apiclient.TestRepositoryResponse{}, nil) @@ -288,7 +299,7 @@ func TestRepositoryServer(t *testing.T) { db := &dbmocks.ArgoDB{} db.On("GetRepository", context.TODO(), url).Return(nil, nil) db.On("ListHelmRepositories", context.TODO(), mock.Anything).Return(nil, nil) - db.On("ListRepositories", context.TODO()).Return([]*appsv1.Repository{&l, &l}, nil) + db.On("ListRepositories", context.TODO()).Return([]*appsv1.Repository{&fakeRepo, &fakeRepo}, nil) s := NewServer(&repoServerClientset, db, enforcer, newFixtures().Cache, appLister, projLister, settingsMgr) resp, err := s.ListRepositories(context.TODO(), &repository.RepoQuery{}) From 2ce948fe82fc95ec3b47e0643813a3aa19b0e578 Mon Sep 17 00:00:00 2001 From: Chromo-residuum-opec Date: Sun, 23 Oct 2022 00:10:34 +0000 Subject: [PATCH 006/304] docs: fix 'bellow' typos (#11038) Signed-off-by: backfire-monism-net Signed-off-by: backfire-monism-net Signed-off-by: emirot --- docs/operator-manual/metrics.md | 4 ++-- docs/proposals/proxy-extensions.md | 2 +- docs/user-guide/diffing.md | 4 ++-- docs/user-guide/sync-options.md | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/operator-manual/metrics.md b/docs/operator-manual/metrics.md index a4a7f5eb918c6..6f24ffba3d3a9 100644 --- a/docs/operator-manual/metrics.md +++ b/docs/operator-manual/metrics.md @@ -9,7 +9,7 @@ Metrics about applications. Scraped at the `argocd-metrics:8082/metrics` endpoin |--------|:----:|-------------| | `argocd_app_info` | gauge | Information about Applications. It contains labels such as `sync_status` and `health_status` that reflect the application state in ArgoCD. | | `argocd_app_k8s_request_total` | counter | Number of kubernetes requests executed during application reconciliation | -| `argocd_app_labels` | gauge | Argo Application labels converted to Prometheus labels. Disabled by default. See section bellow about how to enable it. | +| `argocd_app_labels` | gauge | Argo Application labels converted to Prometheus labels. Disabled by default. See section below about how to enable it. | | `argocd_app_reconcile` | histogram | Application reconciliation performance. | | `argocd_app_sync_total` | counter | Counter for application sync history | | `argocd_cluster_api_resource_objects` | gauge | Number of k8s resource objects in the cache. | @@ -41,7 +41,7 @@ Some examples are: As the Application labels are specific to each company, this feature is disabled by default. To enable it, add the `--metrics-application-labels` flag to the ArgoCD application controller. -The example bellow will expose the ArgoCD Application labels `team-name` and `business-unit` to Prometheus: +The example below will expose the ArgoCD Application labels `team-name` and `business-unit` to Prometheus: containers: - command: diff --git a/docs/proposals/proxy-extensions.md b/docs/proposals/proxy-extensions.md index cde27bc29a877..0ba5b48885b44 100644 --- a/docs/proposals/proxy-extensions.md +++ b/docs/proposals/proxy-extensions.md @@ -166,7 +166,7 @@ the following API base path: `/api/v1/extensions/` -With the configuration bellow, the expected behavior is explained in the +With the configuration below, the expected behavior is explained in the following examples: ```yaml diff --git a/docs/user-guide/diffing.md b/docs/user-guide/diffing.md index 458459a769a87..ed8bf4d054909 100644 --- a/docs/user-guide/diffing.md +++ b/docs/user-guide/diffing.md @@ -81,7 +81,7 @@ data: - '.webhooks[]?.clientConfig.caBundle' ``` -Resource customization can also be configured to ignore all differences made by a managedField.manager at the system level. The example bellow shows how to configure Argo CD to ignore changes made by `kube-controller-manager` in `Deployment` resources. +Resource customization can also be configured to ignore all differences made by a managedField.manager at the system level. The example below shows how to configure Argo CD to ignore changes made by `kube-controller-manager` in `Deployment` resources. ```yaml data: @@ -90,7 +90,7 @@ data: - kube-controller-manager ``` -It is possible to configure ignoreDifferences to be applied to all resources in every Application managed by an Argo CD instance. In order to do so, resource customizations can be configured like in the example bellow: +It is possible to configure ignoreDifferences to be applied to all resources in every Application managed by an Argo CD instance. In order to do so, resource customizations can be configured like in the example below: ```yaml data: diff --git a/docs/user-guide/sync-options.md b/docs/user-guide/sync-options.md index 41512bf464898..387ce85341ab3 100644 --- a/docs/user-guide/sync-options.md +++ b/docs/user-guide/sync-options.md @@ -236,7 +236,7 @@ spec: ## Respect ignore difference configs -This sync option is used to enable Argo CD to consider the configurations made in the `spec.ignoreDifferences` attribute also during the sync stage. By default, Argo CD uses the `ignoreDifferences` config just for computing the diff between the live and desired state which defines if the application is synced or not. However during the sync stage, the desired state is applied as-is. The patch is calculated using a 3-way-merge between the live state the desired state and the `last-applied-configuration` annotation. This sometimes leads to an undesired results. This behavior can be changed by setting the `RespectIgnoreDifferences=true` sync option like in the example bellow: +This sync option is used to enable Argo CD to consider the configurations made in the `spec.ignoreDifferences` attribute also during the sync stage. By default, Argo CD uses the `ignoreDifferences` config just for computing the diff between the live and desired state which defines if the application is synced or not. However during the sync stage, the desired state is applied as-is. The patch is calculated using a 3-way-merge between the live state the desired state and the `last-applied-configuration` annotation. This sometimes leads to an undesired results. This behavior can be changed by setting the `RespectIgnoreDifferences=true` sync option like in the example below: ```yaml apiVersion: argoproj.io/v1alpha1 From 06baf6d27a92876d0e4a97034aebd74d7b33b52a Mon Sep 17 00:00:00 2001 From: Trishna Kalita <54037204+trishnakalita660@users.noreply.github.com> Date: Thu, 27 Oct 2022 19:37:03 +0530 Subject: [PATCH 007/304] chore: migrate import statements from es5 to es6 (#11042) * Migrating import syntax from es5 to es6 Signed-off-by: trishnakalita660 * Migrating import syntax from es5 to es6 Signed-off-by: trishnakalita660 * Run build, test and lint UI code Signed-off-by: Trishna Kalita trishnakalita660@gmail.com Signed-off-by: trishnakalita660 * Removed package-lock.json Signed-off-by: trishnakalita660 Signed-off-by: trishnakalita660 Signed-off-by: emirot --- .../application-conditions/application-conditions.tsx | 2 +- .../application-create-panel/application-create-panel.tsx | 3 +-- .../application-deployment-history.tsx | 3 +-- .../components/application-details/application-details.tsx | 2 +- .../application-node-info/application-node-info.tsx | 2 +- .../application-operation-state.tsx | 2 +- .../application-resource-tree/application-resource-tree.tsx | 3 +-- .../application-resources-diff/application-resources-diff.tsx | 2 +- .../application-resources-diff/individual-diff-section.tsx | 2 +- .../application-retry-options/application-retry-options.tsx | 2 +- .../application-retry-view/application-retry-view.tsx | 2 +- .../application-status-panel/application-status-panel.tsx | 2 +- .../components/application-summary/application-summary.tsx | 2 +- .../application-summary/edit-notification-subscriptions.tsx | 2 +- .../application-sync-options/application-sync-options.tsx | 2 +- .../application-sync-panel/application-sync-panel.tsx | 2 +- .../components/applications-list/applications-labels.tsx | 2 +- .../components/applications-list/applications-list.tsx | 4 ++-- .../components/applications-list/applications-source.tsx | 2 +- .../components/applications-list/applications-status-bar.tsx | 2 +- .../components/applications-list/applications-table.tsx | 2 +- .../components/applications-list/applications-tiles.tsx | 2 +- .../components/user-info-overview/user-info-overview.tsx | 2 +- 23 files changed, 24 insertions(+), 27 deletions(-) diff --git a/ui/src/app/applications/components/application-conditions/application-conditions.tsx b/ui/src/app/applications/components/application-conditions/application-conditions.tsx index d131e90701d3e..5c174caaa1425 100644 --- a/ui/src/app/applications/components/application-conditions/application-conditions.tsx +++ b/ui/src/app/applications/components/application-conditions/application-conditions.tsx @@ -4,7 +4,7 @@ import {Timestamp} from '../../../shared/components'; import * as models from '../../../shared/models'; import {getConditionCategory} from '../utils'; -require('./application-conditions.scss'); +import './application-conditions.scss'; export const ApplicationConditions = ({conditions}: {conditions: models.ApplicationCondition[]}) => { return ( diff --git a/ui/src/app/applications/components/application-create-panel/application-create-panel.tsx b/ui/src/app/applications/components/application-create-panel/application-create-panel.tsx index 9f4a8e19eff31..f19761061aaa6 100644 --- a/ui/src/app/applications/components/application-create-panel/application-create-panel.tsx +++ b/ui/src/app/applications/components/application-create-panel/application-create-panel.tsx @@ -10,11 +10,10 @@ import {ApplicationRetryOptions} from '../application-retry-options/application- import {ApplicationSyncOptionsField} from '../application-sync-options/application-sync-options'; import {RevisionFormField} from '../revision-form-field/revision-form-field'; import {SetFinalizerOnApplication} from './set-finalizer-on-application'; +import './application-create-panel.scss'; const jsonMergePatch = require('json-merge-patch'); -require('./application-create-panel.scss'); - const appTypes = new Array<{field: string; type: models.AppSourceType}>( {type: 'Helm', field: 'helm'}, {type: 'Kustomize', field: 'kustomize'}, diff --git a/ui/src/app/applications/components/application-deployment-history/application-deployment-history.tsx b/ui/src/app/applications/components/application-deployment-history/application-deployment-history.tsx index e4eca6c36700b..73542ca5bfa13 100644 --- a/ui/src/app/applications/components/application-deployment-history/application-deployment-history.tsx +++ b/ui/src/app/applications/components/application-deployment-history/application-deployment-history.tsx @@ -6,8 +6,7 @@ import * as models from '../../../shared/models'; import {services} from '../../../shared/services'; import {ApplicationParameters} from '../application-parameters/application-parameters'; import {RevisionMetadataRows} from './revision-metadata-rows'; - -require('./application-deployment-history.scss'); +import './application-deployment-history.scss'; export const ApplicationDeploymentHistory = ({ app, diff --git a/ui/src/app/applications/components/application-details/application-details.tsx b/ui/src/app/applications/components/application-details/application-details.tsx index 874b52d400540..930faff48e653 100644 --- a/ui/src/app/applications/components/application-details/application-details.tsx +++ b/ui/src/app/applications/components/application-details/application-details.tsx @@ -29,7 +29,7 @@ import {ResourceStatus} from '../../../shared/models'; import {ApplicationsDetailsAppDropdown} from './application-details-app-dropdown'; import {useSidebarTarget} from '../../../sidebar/sidebar'; -require('./application-details.scss'); +import './application-details.scss'; interface ApplicationDetailsState { page: number; diff --git a/ui/src/app/applications/components/application-node-info/application-node-info.tsx b/ui/src/app/applications/components/application-node-info/application-node-info.tsx index 5c9e8e28da775..2a3e3fe0ae25c 100644 --- a/ui/src/app/applications/components/application-node-info/application-node-info.tsx +++ b/ui/src/app/applications/components/application-node-info/application-node-info.tsx @@ -10,7 +10,7 @@ import {ResourceTreeNode} from '../application-resource-tree/application-resourc import {ApplicationResourcesDiff} from '../application-resources-diff/application-resources-diff'; import {ComparisonStatusIcon, formatCreationTimestamp, getPodStateReason, HealthStatusIcon} from '../utils'; -require('./application-node-info.scss'); +import './application-node-info.scss'; export const ApplicationNodeInfo = (props: { application: models.Application; diff --git a/ui/src/app/applications/components/application-operation-state/application-operation-state.tsx b/ui/src/app/applications/components/application-operation-state/application-operation-state.tsx index 9235945afa3d6..b30600368f404 100644 --- a/ui/src/app/applications/components/application-operation-state/application-operation-state.tsx +++ b/ui/src/app/applications/components/application-operation-state/application-operation-state.tsx @@ -9,7 +9,7 @@ import * as models from '../../../shared/models'; import {services} from '../../../shared/services'; import * as utils from '../utils'; -require('./application-operation-state.scss'); +import './application-operation-state.scss'; interface Props { application: models.Application; diff --git a/ui/src/app/applications/components/application-resource-tree/application-resource-tree.tsx b/ui/src/app/applications/components/application-resource-tree/application-resource-tree.tsx index c6b250356bb56..07af871a44455 100644 --- a/ui/src/app/applications/components/application-resource-tree/application-resource-tree.tsx +++ b/ui/src/app/applications/components/application-resource-tree/application-resource-tree.tsx @@ -27,6 +27,7 @@ import { import {NodeUpdateAnimation} from './node-update-animation'; import {PodGroup} from '../application-pod-view/pod-view'; import {ArrowConnector} from './arrow-connector'; +import './application-resource-tree.scss'; function treeNodeKey(node: NodeId & {uid?: string}) { return node.uid || nodeKey(node); @@ -34,8 +35,6 @@ function treeNodeKey(node: NodeId & {uid?: string}) { const color = require('color'); -require('./application-resource-tree.scss'); - export interface ResourceTreeNode extends models.ResourceNode { status?: models.SyncStatusCode; health?: models.HealthStatus; diff --git a/ui/src/app/applications/components/application-resources-diff/application-resources-diff.tsx b/ui/src/app/applications/components/application-resources-diff/application-resources-diff.tsx index 3eeb6975f4d66..18eb941981a37 100644 --- a/ui/src/app/applications/components/application-resources-diff/application-resources-diff.tsx +++ b/ui/src/app/applications/components/application-resources-diff/application-resources-diff.tsx @@ -8,7 +8,7 @@ import * as models from '../../../shared/models'; import {services} from '../../../shared/services'; import {IndividualDiffSection} from './individual-diff-section'; -require('./application-resources-diff.scss'); +import './application-resources-diff.scss'; export interface ApplicationResourcesDiffProps { states: models.ResourceDiff[]; diff --git a/ui/src/app/applications/components/application-resources-diff/individual-diff-section.tsx b/ui/src/app/applications/components/application-resources-diff/individual-diff-section.tsx index 1a3a876890045..7d82659cbfdc7 100644 --- a/ui/src/app/applications/components/application-resources-diff/individual-diff-section.tsx +++ b/ui/src/app/applications/components/application-resources-diff/individual-diff-section.tsx @@ -3,7 +3,7 @@ import {useState} from 'react'; import {Diff, Hunk} from 'react-diff-view'; import 'react-diff-view/style/index.css'; -require('./application-resources-diff.scss'); +import './application-resources-diff.scss'; export interface IndividualDiffSectionProps { file: any; diff --git a/ui/src/app/applications/components/application-retry-options/application-retry-options.tsx b/ui/src/app/applications/components/application-retry-options/application-retry-options.tsx index 165c57e0714a7..48b72de19551e 100644 --- a/ui/src/app/applications/components/application-retry-options/application-retry-options.tsx +++ b/ui/src/app/applications/components/application-retry-options/application-retry-options.tsx @@ -5,7 +5,7 @@ import {omit} from 'lodash-es'; import {NumberField} from '../../../shared/components'; import * as models from '../../../shared/models'; -require('./application-retry-options.scss'); +import './application-retry-options.scss'; const durationRegex = /^([\d\.]+[HMS])+$/i; const durationRegexError = 'Should be 1h10m10s/10h10m/10m/10s'; diff --git a/ui/src/app/applications/components/application-retry-view/application-retry-view.tsx b/ui/src/app/applications/components/application-retry-view/application-retry-view.tsx index 6fcd11e313522..a97d9d5b98609 100644 --- a/ui/src/app/applications/components/application-retry-view/application-retry-view.tsx +++ b/ui/src/app/applications/components/application-retry-view/application-retry-view.tsx @@ -1,7 +1,7 @@ import * as React from 'react'; import * as models from '../../../shared/models'; -require('./application-retry-view.scss'); +import './application-retry-view.scss'; function buildRetryOptionView(label: string, data: string | number) { const result = data || 'not installed'; diff --git a/ui/src/app/applications/components/application-status-panel/application-status-panel.tsx b/ui/src/app/applications/components/application-status-panel/application-status-panel.tsx index d2d5646b0c751..c9f1af6a7869b 100644 --- a/ui/src/app/applications/components/application-status-panel/application-status-panel.tsx +++ b/ui/src/app/applications/components/application-status-panel/application-status-panel.tsx @@ -8,7 +8,7 @@ import {services} from '../../../shared/services'; import {ApplicationSyncWindowStatusIcon, ComparisonStatusIcon, getAppOperationState, getConditionCategory, HealthStatusIcon, OperationState, syncStatusMessage} from '../utils'; import {RevisionMetadataPanel} from './revision-metadata-panel'; -require('./application-status-panel.scss'); +import './application-status-panel.scss'; interface Props { application: models.Application; diff --git a/ui/src/app/applications/components/application-summary/application-summary.tsx b/ui/src/app/applications/components/application-summary/application-summary.tsx index 1276ab1459344..24f0bd9c30779 100644 --- a/ui/src/app/applications/components/application-summary/application-summary.tsx +++ b/ui/src/app/applications/components/application-summary/application-summary.tsx @@ -28,7 +28,7 @@ import {Link} from 'react-router-dom'; import {EditNotificationSubscriptions, useEditNotificationSubscriptions} from './edit-notification-subscriptions'; import {EditAnnotations} from './edit-annotations'; -require('./application-summary.scss'); +import './application-summary.scss'; function swap(array: any[], a: number, b: number) { array = array.slice(); diff --git a/ui/src/app/applications/components/application-summary/edit-notification-subscriptions.tsx b/ui/src/app/applications/components/application-summary/edit-notification-subscriptions.tsx index 9de9c2aed2cd2..1d774cd9cd4df 100644 --- a/ui/src/app/applications/components/application-summary/edit-notification-subscriptions.tsx +++ b/ui/src/app/applications/components/application-summary/edit-notification-subscriptions.tsx @@ -6,7 +6,7 @@ import {services} from '../../../shared/services'; import {ApplicationSummaryProps} from './application-summary'; -require('./edit-notification-subscriptions.scss'); +import './edit-notification-subscriptions.scss'; export const NOTIFICATION_SUBSCRIPTION_ANNOTATION_PREFIX = 'notifications.argoproj.io/subscribe'; diff --git a/ui/src/app/applications/components/application-sync-options/application-sync-options.tsx b/ui/src/app/applications/components/application-sync-options/application-sync-options.tsx index fe4a0ae08c3ad..538d74455fea0 100644 --- a/ui/src/app/applications/components/application-sync-options/application-sync-options.tsx +++ b/ui/src/app/applications/components/application-sync-options/application-sync-options.tsx @@ -3,7 +3,7 @@ import * as classNames from 'classnames'; import * as React from 'react'; import * as ReactForm from 'react-form'; -require('./application-sync-options.scss'); +import './application-sync-options.scss'; export const REPLACE_WARNING = `The resources will be synced using 'kubectl replace/create' command that is a potentially destructive action and might cause resources recreation.`; export const FORCE_WARNING = `The resources will be synced using '--force' that is a potentially destructive action and will immediately remove resources from the API and bypasses graceful deletion. Immediate deletion of some resources may result in inconsistency or data loss.`; diff --git a/ui/src/app/applications/components/application-sync-panel/application-sync-panel.tsx b/ui/src/app/applications/components/application-sync-panel/application-sync-panel.tsx index 49b490b74d510..cdbf6d3030084 100644 --- a/ui/src/app/applications/components/application-sync-panel/application-sync-panel.tsx +++ b/ui/src/app/applications/components/application-sync-panel/application-sync-panel.tsx @@ -10,7 +10,7 @@ import {ApplicationRetryOptions} from '../application-retry-options/application- import {ApplicationManualSyncFlags, ApplicationSyncOptions, FORCE_WARNING, SyncFlags, REPLACE_WARNING} from '../application-sync-options/application-sync-options'; import {ComparisonStatusIcon, nodeKey} from '../utils'; -require('./application-sync-panel.scss'); +import './application-sync-panel.scss'; export const ApplicationSyncPanel = ({application, selectedResource, hide}: {application: models.Application; selectedResource: string; hide: () => any}) => { const [form, setForm] = React.useState(null); diff --git a/ui/src/app/applications/components/applications-list/applications-labels.tsx b/ui/src/app/applications/components/applications-list/applications-labels.tsx index 80b7a9989dd12..523994f08a097 100644 --- a/ui/src/app/applications/components/applications-list/applications-labels.tsx +++ b/ui/src/app/applications/components/applications-list/applications-labels.tsx @@ -2,7 +2,7 @@ import * as React from 'react'; import {Tooltip} from 'argo-ui'; import {Application} from '../../../shared/models'; -require('./applications-labels.scss'); +import './applications-labels.scss'; export const ApplicationsLabels = ({app}: {app: Application}) => { const labels = ( diff --git a/ui/src/app/applications/components/applications-list/applications-list.tsx b/ui/src/app/applications/components/applications-list/applications-list.tsx index b818efc571d24..bcb1436d4eb5e 100644 --- a/ui/src/app/applications/components/applications-list/applications-list.tsx +++ b/ui/src/app/applications/components/applications-list/applications-list.tsx @@ -22,8 +22,8 @@ import {ApplicationTiles} from './applications-tiles'; import {ApplicationsRefreshPanel} from '../applications-refresh-panel/applications-refresh-panel'; import {useSidebarTarget} from '../../../sidebar/sidebar'; -require('./applications-list.scss'); -require('./flex-top-bar.scss'); +import './applications-list.scss'; +import './flex-top-bar.scss'; const EVENTS_BUFFER_TIMEOUT = 500; const WATCH_RETRY_TIMEOUT = 500; diff --git a/ui/src/app/applications/components/applications-list/applications-source.tsx b/ui/src/app/applications/components/applications-list/applications-source.tsx index a7bba5a66f48a..0a5fbe51f37c0 100644 --- a/ui/src/app/applications/components/applications-list/applications-source.tsx +++ b/ui/src/app/applications/components/applications-list/applications-source.tsx @@ -2,7 +2,7 @@ import {Tooltip} from 'argo-ui'; import * as React from 'react'; import {ApplicationSource as ApplicationSourceType} from '../../../shared/models'; -require('./applications-source.scss'); +import './applications-source.scss'; export const ApplicationsSource = ({source}: {source: ApplicationSourceType}) => { const sourceString = `${source.repoURL}/${source.path || source.chart}`; diff --git a/ui/src/app/applications/components/applications-list/applications-status-bar.tsx b/ui/src/app/applications/components/applications-list/applications-status-bar.tsx index 9d61598752084..c20b5612d121f 100644 --- a/ui/src/app/applications/components/applications-list/applications-status-bar.tsx +++ b/ui/src/app/applications/components/applications-list/applications-status-bar.tsx @@ -4,7 +4,7 @@ import {COLORS} from '../../../shared/components'; import {Consumer} from '../../../shared/context'; import * as models from '../../../shared/models'; -require('./applications-status-bar.scss'); +import './applications-status-bar.scss'; export interface ApplicationsStatusBarProps { applications: models.Application[]; diff --git a/ui/src/app/applications/components/applications-list/applications-table.tsx b/ui/src/app/applications/components/applications-list/applications-table.tsx index 22ecdc6796647..77135d5f6af3a 100644 --- a/ui/src/app/applications/components/applications-list/applications-table.tsx +++ b/ui/src/app/applications/components/applications-list/applications-table.tsx @@ -10,7 +10,7 @@ import {OperationState} from '../utils'; import {ApplicationsLabels} from './applications-labels'; import {ApplicationsSource} from './applications-source'; import {services} from '../../../shared/services'; -require('./applications-table.scss'); +import './applications-table.scss'; export const ApplicationsTable = (props: { applications: models.Application[]; diff --git a/ui/src/app/applications/components/applications-list/applications-tiles.tsx b/ui/src/app/applications/components/applications-list/applications-tiles.tsx index 7ec5e8fbdf1cb..de212ebd20d3f 100644 --- a/ui/src/app/applications/components/applications-list/applications-tiles.tsx +++ b/ui/src/app/applications/components/applications-list/applications-tiles.tsx @@ -10,7 +10,7 @@ import * as AppUtils from '../utils'; import {OperationState} from '../utils'; import {services} from '../../../shared/services'; -require('./applications-tiles.scss'); +import './applications-tiles.scss'; export interface ApplicationTilesProps { applications: models.Application[]; diff --git a/ui/src/app/user-info/components/user-info-overview/user-info-overview.tsx b/ui/src/app/user-info/components/user-info-overview/user-info-overview.tsx index 708ffd12c91b2..148407f4f7b7b 100644 --- a/ui/src/app/user-info/components/user-info-overview/user-info-overview.tsx +++ b/ui/src/app/user-info/components/user-info-overview/user-info-overview.tsx @@ -8,7 +8,7 @@ import {DataLoader, ErrorNotification, Page, Spinner} from '../../../shared/comp import {AppContext} from '../../../shared/context'; import {services} from '../../../shared/services'; -require('./user-info-overview.scss'); +import './user-info-overview.scss'; export class UserInfoOverview extends React.Component, {connecting: boolean}> { public static contextTypes = { From b315ba1f1f59a6b52c5f0d74c16d45862b7ab8dc Mon Sep 17 00:00:00 2001 From: Abhishek Veeramalla Date: Sat, 29 Oct 2022 20:16:59 +0530 Subject: [PATCH 008/304] chore: fix misleading error message in the e2e tests (#11085) * chore: fix misleading error message in the e2e tests Signed-off-by: iam-veeramalla * re-run tests Signed-off-by: iam-veeramalla * re-run tests Signed-off-by: iam-veeramalla Signed-off-by: iam-veeramalla Signed-off-by: emirot --- test/e2e/cluster_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/e2e/cluster_test.go b/test/e2e/cluster_test.go index b29e069a648ab..96e3369e194f8 100644 --- a/test/e2e/cluster_test.go +++ b/test/e2e/cluster_test.go @@ -277,7 +277,7 @@ func TestClusterDelete(t *testing.T) { _, err = fixture.Run("", "kubectl", "get", "clusterrolebinding", "argocd-manager-role-binding") if err != nil { - t.Errorf("Expected no error from not finding clusterrole argocd-manager-role but got:\n%s", err.Error()) + t.Errorf("Expected no error from not finding clusterrolebinding argocd-manager-role-binding but got:\n%s", err.Error()) } clstAction.DeleteByName(). @@ -299,6 +299,6 @@ func TestClusterDelete(t *testing.T) { output, err = fixture.Run("", "kubectl", "get", "clusterrolebinding", "argocd-manager-role-binding") if err == nil { - t.Errorf("Expected error from not finding clusterrole argocd-manager-role but got:\n%s", output) + t.Errorf("Expected error from not finding clusterrolebinding argocd-manager-role-binding but got:\n%s", output) } } From aa7975e19561089de1ca684ac0ee68b7f57768de Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Sat, 29 Oct 2022 10:50:53 -0400 Subject: [PATCH 009/304] [Bot] Update Snyk reports (#11039) Signed-off-by: CI Signed-off-by: CI Co-authored-by: CI Signed-off-by: emirot --- docs/snyk/index.md | 8 +- docs/snyk/master/argocd-iac-install.html | 18 +- .../master/argocd-iac-namespace-install.html | 18 +- docs/snyk/master/argocd-test.html | 2 +- ...ghcr.io_dexidp_dex_v2.35.3-distroless.html | 2 +- docs/snyk/master/haproxy_2.6.2-alpine.html | 2 +- .../quay.io_argoproj_argocd_latest.html | 249 +----------------- docs/snyk/master/redis_7.0.5-alpine.html | 2 +- docs/snyk/v2.2.15/argocd-iac-install.html | 2 +- .../v2.2.15/argocd-iac-namespace-install.html | 2 +- docs/snyk/v2.2.15/argocd-test.html | 2 +- ...ghcr.io_dexidp_dex_v2.35.3-distroless.html | 2 +- docs/snyk/v2.2.15/haproxy_2.0.29-alpine.html | 2 +- .../quay.io_argoproj_argocd_v2.2.15.html | 11 +- docs/snyk/v2.2.15/redis_6.2.7-alpine.html | 2 +- docs/snyk/v2.3.10/argocd-iac-install.html | 2 +- .../v2.3.10/argocd-iac-namespace-install.html | 2 +- docs/snyk/v2.3.10/argocd-test.html | 2 +- ...ghcr.io_dexidp_dex_v2.35.3-distroless.html | 2 +- docs/snyk/v2.3.10/haproxy_2.0.29-alpine.html | 2 +- ...argoproj_argocd-applicationset_v0.4.1.html | 5 +- .../quay.io_argoproj_argocd_v2.3.10.html | 193 +++++++++++++- docs/snyk/v2.3.10/redis_6.2.7-alpine.html | 2 +- docs/snyk/v2.4.15/argocd-iac-install.html | 2 +- .../v2.4.15/argocd-iac-namespace-install.html | 2 +- docs/snyk/v2.4.15/argocd-test.html | 2 +- ...ghcr.io_dexidp_dex_v2.35.3-distroless.html | 2 +- docs/snyk/v2.4.15/haproxy_2.0.29-alpine.html | 2 +- .../quay.io_argoproj_argocd_v2.4.15.html | 193 +++++++++++++- docs/snyk/v2.4.15/redis_7.0.4-alpine.html | 2 +- docs/snyk/v2.5.0-rc3/argocd-iac-install.html | 2 +- .../argocd-iac-namespace-install.html | 2 +- docs/snyk/v2.5.0-rc3/argocd-test.html | 2 +- ...ghcr.io_dexidp_dex_v2.35.3-distroless.html | 2 +- .../snyk/v2.5.0-rc3/haproxy_2.6.2-alpine.html | 2 +- .../quay.io_argoproj_argocd_v2.5.0-rc3.html | 193 +++++++++++++- docs/snyk/v2.5.0-rc3/redis_7.0.5-alpine.html | 2 +- 37 files changed, 630 insertions(+), 314 deletions(-) diff --git a/docs/snyk/index.md b/docs/snyk/index.md index b711830985b78..0a58ffd4151d5 100644 --- a/docs/snyk/index.md +++ b/docs/snyk/index.md @@ -17,7 +17,7 @@ recent minor releases. | [ui/yarn.lock](master/argocd-test.html) | 0 | 0 | 3 | 0 | | [dex:v2.35.3-distroless](master/ghcr.io_dexidp_dex_v2.35.3-distroless.html) | 0 | 0 | 0 | 0 | | [haproxy:2.6.2-alpine](master/haproxy_2.6.2-alpine.html) | 0 | 0 | 0 | 0 | -| [argocd:latest](master/quay.io_argoproj_argocd_latest.html) | 0 | 1 | 1 | 13 | +| [argocd:latest](master/quay.io_argoproj_argocd_latest.html) | 0 | 0 | 0 | 13 | | [redis:7.0.5-alpine](master/redis_7.0.5-alpine.html) | 0 | 0 | 0 | 0 | | [install.yaml](master/argocd-iac-install.html) | - | - | - | - | | [namespace-install.yaml](master/argocd-iac-namespace-install.html) | - | - | - | - | @@ -30,7 +30,7 @@ recent minor releases. | [ui/yarn.lock](v2.5.0-rc3/argocd-test.html) | 0 | 0 | 3 | 0 | | [dex:v2.35.3-distroless](v2.5.0-rc3/ghcr.io_dexidp_dex_v2.35.3-distroless.html) | 0 | 0 | 0 | 0 | | [haproxy:2.6.2-alpine](v2.5.0-rc3/haproxy_2.6.2-alpine.html) | 0 | 0 | 0 | 0 | -| [argocd:v2.5.0-rc3](v2.5.0-rc3/quay.io_argoproj_argocd_v2.5.0-rc3.html) | 0 | 1 | 2 | 13 | +| [argocd:v2.5.0-rc3](v2.5.0-rc3/quay.io_argoproj_argocd_v2.5.0-rc3.html) | 0 | 1 | 4 | 13 | | [redis:7.0.5-alpine](v2.5.0-rc3/redis_7.0.5-alpine.html) | 0 | 0 | 0 | 0 | | [install.yaml](v2.5.0-rc3/argocd-iac-install.html) | - | - | - | - | | [namespace-install.yaml](v2.5.0-rc3/argocd-iac-namespace-install.html) | - | - | - | - | @@ -43,7 +43,7 @@ recent minor releases. | [ui/yarn.lock](v2.4.15/argocd-test.html) | 0 | 0 | 3 | 0 | | [dex:v2.35.3-distroless](v2.4.15/ghcr.io_dexidp_dex_v2.35.3-distroless.html) | 0 | 0 | 0 | 0 | | [haproxy:2.0.29-alpine](v2.4.15/haproxy_2.0.29-alpine.html) | 0 | 0 | 0 | 0 | -| [argocd:v2.4.15](v2.4.15/quay.io_argoproj_argocd_v2.4.15.html) | 0 | 1 | 1 | 13 | +| [argocd:v2.4.15](v2.4.15/quay.io_argoproj_argocd_v2.4.15.html) | 0 | 1 | 3 | 13 | | [redis:7.0.4-alpine](v2.4.15/redis_7.0.4-alpine.html) | 0 | 0 | 0 | 0 | | [install.yaml](v2.4.15/argocd-iac-install.html) | - | - | - | - | | [namespace-install.yaml](v2.4.15/argocd-iac-namespace-install.html) | - | - | - | - | @@ -57,7 +57,7 @@ recent minor releases. | [dex:v2.35.3-distroless](v2.3.10/ghcr.io_dexidp_dex_v2.35.3-distroless.html) | 0 | 0 | 0 | 0 | | [haproxy:2.0.29-alpine](v2.3.10/haproxy_2.0.29-alpine.html) | 0 | 0 | 0 | 0 | | [argocd-applicationset:v0.4.1](v2.3.10/quay.io_argoproj_argocd-applicationset_v0.4.1.html) | 0 | 4 | 38 | 29 | -| [argocd:v2.3.10](v2.3.10/quay.io_argoproj_argocd_v2.3.10.html) | 0 | 1 | 1 | 13 | +| [argocd:v2.3.10](v2.3.10/quay.io_argoproj_argocd_v2.3.10.html) | 0 | 1 | 3 | 13 | | [redis:6.2.7-alpine](v2.3.10/redis_6.2.7-alpine.html) | 0 | 0 | 0 | 0 | | [install.yaml](v2.3.10/argocd-iac-install.html) | - | - | - | - | | [namespace-install.yaml](v2.3.10/argocd-iac-namespace-install.html) | - | - | - | - | diff --git a/docs/snyk/master/argocd-iac-install.html b/docs/snyk/master/argocd-iac-install.html index 96b5782a55958..8993519bb997a 100644 --- a/docs/snyk/master/argocd-iac-install.html +++ b/docs/snyk/master/argocd-iac-install.html @@ -456,7 +456,7 @@

Snyk test report

-

October 18th 2022, 10:31:46 pm

+

October 23rd 2022, 12:44:06 am

Scanned the following path: @@ -783,7 +783,7 @@

Container could be running with outdated image

  • - Line number: 10480 + Line number: 10481
    • @@ -1131,7 +1131,7 @@

    Container has no CPU limit

  • - Line number: 10480 + Line number: 10481
    • @@ -1247,7 +1247,7 @@

    Container has no CPU limit

  • - Line number: 10565 + Line number: 10566
    • @@ -1305,7 +1305,7 @@

    Container has no CPU limit

  • - Line number: 10862 + Line number: 10864
    • @@ -1673,7 +1673,7 @@

    Container is running without liveness probe

  • - Line number: 10480 + Line number: 10481
    • @@ -2021,7 +2021,7 @@

    Container is running without memory limit

  • - Line number: 10480 + Line number: 10481
    • @@ -2137,7 +2137,7 @@

    Container is running without memory limit

  • - Line number: 10565 + Line number: 10566
    • @@ -2195,7 +2195,7 @@

    Container is running without memory limit

  • - Line number: 10862 + Line number: 10864
    • diff --git a/docs/snyk/master/argocd-iac-namespace-install.html b/docs/snyk/master/argocd-iac-namespace-install.html index 499a120e2e75d..b40cdd7a4d9b9 100644 --- a/docs/snyk/master/argocd-iac-namespace-install.html +++ b/docs/snyk/master/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 18th 2022, 10:31:56 pm

    +

    October 23rd 2022, 12:44:18 am

    Scanned the following path: @@ -783,7 +783,7 @@

    Container could be running with outdated image

  • - Line number: 1146 + Line number: 1147
    • @@ -1131,7 +1131,7 @@

    Container has no CPU limit

  • - Line number: 1146 + Line number: 1147
    • @@ -1247,7 +1247,7 @@

    Container has no CPU limit

  • - Line number: 1231 + Line number: 1232
    • @@ -1305,7 +1305,7 @@

    Container has no CPU limit

  • - Line number: 1528 + Line number: 1530
    • @@ -1673,7 +1673,7 @@

    Container is running without liveness probe

  • - Line number: 1146 + Line number: 1147
    • @@ -2021,7 +2021,7 @@

    Container is running without memory limit

  • - Line number: 1146 + Line number: 1147
    • @@ -2137,7 +2137,7 @@

    Container is running without memory limit

  • - Line number: 1231 + Line number: 1232
    • @@ -2195,7 +2195,7 @@

    Container is running without memory limit

  • - Line number: 1528 + Line number: 1530
    • diff --git a/docs/snyk/master/argocd-test.html b/docs/snyk/master/argocd-test.html index c179cb3101d84..4080861775ec2 100644 --- a/docs/snyk/master/argocd-test.html +++ b/docs/snyk/master/argocd-test.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 18th 2022, 10:29:50 pm

    +

    October 23rd 2022, 12:42:07 am

    Scanned the following paths: diff --git a/docs/snyk/master/ghcr.io_dexidp_dex_v2.35.3-distroless.html b/docs/snyk/master/ghcr.io_dexidp_dex_v2.35.3-distroless.html index 6bf352d40733e..19966331c6934 100644 --- a/docs/snyk/master/ghcr.io_dexidp_dex_v2.35.3-distroless.html +++ b/docs/snyk/master/ghcr.io_dexidp_dex_v2.35.3-distroless.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 18th 2022, 10:30:01 pm

    +

    October 23rd 2022, 12:42:18 am

    Scanned the following path: diff --git a/docs/snyk/master/haproxy_2.6.2-alpine.html b/docs/snyk/master/haproxy_2.6.2-alpine.html index 3bb9d2cd57f6e..8a7089252cd90 100644 --- a/docs/snyk/master/haproxy_2.6.2-alpine.html +++ b/docs/snyk/master/haproxy_2.6.2-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 18th 2022, 10:30:09 pm

    +

    October 23rd 2022, 12:42:23 am

    Scanned the following path: diff --git a/docs/snyk/master/quay.io_argoproj_argocd_latest.html b/docs/snyk/master/quay.io_argoproj_argocd_latest.html index 1554076209e09..3c89d8826d37d 100644 --- a/docs/snyk/master/quay.io_argoproj_argocd_latest.html +++ b/docs/snyk/master/quay.io_argoproj_argocd_latest.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 18th 2022, 10:30:39 pm

    +

    October 23rd 2022, 12:42:50 am

    Scanned the following path: @@ -466,8 +466,8 @@

    Snyk test report

    -
    15 known vulnerabilities
    -
    92 vulnerable dependency paths
    +
    13 known vulnerabilities
    +
    83 vulnerable dependency paths
    162 dependencies
    @@ -485,231 +485,6 @@

    Snyk test report

    -
    -

    CVE-2022-3515

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - libksba/libksba8 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@latest and libksba/libksba8@1.6.0-2build1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - libksba/libksba8@1.6.0-2build1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - - libksba/libksba8@1.6.0-2build1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 - - libksba/libksba8@1.6.0-2build1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpgsm@2.2.27-3ubuntu2.1 - - libksba/libksba8@1.6.0-2build1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    This vulnerability has not been analyzed by NVD yet.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 libksba.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Verification of Cryptographic Signature

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - perl/perl-modules-5.34 -
      • - -
    • Introduced through: - - - docker-image|quay.io/argoproj/argocd@latest, git@1:2.34.1-1ubuntu1.4 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - git@1:2.34.1-1ubuntu1.4 - - perl@5.34.0-3ubuntu1 - - perl/perl-modules-5.34@5.34.0-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - git@1:2.34.1-1ubuntu1.4 - - perl@5.34.0-3ubuntu1 - - perl/libperl5.34@5.34.0-3ubuntu1 - - perl/perl-modules-5.34@5.34.0-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - git@1:2.34.1-1ubuntu1.4 - - perl@5.34.0-3ubuntu1 - - perl/libperl5.34@5.34.0-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - git@1:2.34.1-1ubuntu1.4 - - perl@5.34.0-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - meta-common-packages@meta - - perl/perl-base@5.34.0-3ubuntu1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply to the upstream perl package.

    -

    CPAN 2.28 allows Signature Verification Bypass.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 perl.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -

    Time-of-check Time-of-use (TOCTOU)

    @@ -1120,7 +895,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - git@1:2.34.1-1ubuntu1.4 + git@1:2.34.1-1ubuntu1.5 curl/libcurl3-gnutls@7.81.0-1ubuntu1.4 @@ -1746,7 +1521,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - git@1:2.34.1-1ubuntu1.4 + git@1:2.34.1-1ubuntu1.5 curl/libcurl3-gnutls@7.81.0-1ubuntu1.4 @@ -1759,7 +1534,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - git@1:2.34.1-1ubuntu1.4 + git@1:2.34.1-1ubuntu1.5 curl/libcurl3-gnutls@7.81.0-1ubuntu1.4 @@ -2297,7 +2072,7 @@

    Improper Input Validation

  • Introduced through: - docker-image|quay.io/argoproj/argocd@latest, git@1:2.34.1-1ubuntu1.4 and others + docker-image|quay.io/argoproj/argocd@latest, git@1:2.34.1-1ubuntu1.5 and others
    • @@ -2311,9 +2086,9 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - git@1:2.34.1-1ubuntu1.4 + git@1:2.34.1-1ubuntu1.5 - git/git-man@1:2.34.1-1ubuntu1.4 + git/git-man@1:2.34.1-1ubuntu1.5 @@ -2322,7 +2097,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - git@1:2.34.1-1ubuntu1.4 + git@1:2.34.1-1ubuntu1.5 @@ -2333,7 +2108,7 @@

    Detailed paths

    git-lfs@3.0.2-1 - git@1:2.34.1-1ubuntu1.4 + git@1:2.34.1-1ubuntu1.5     diff --git a/docs/snyk/master/redis_7.0.5-alpine.html b/docs/snyk/master/redis_7.0.5-alpine.html index 648b71c0f8e57..f8b7ca6a7719a 100644 --- a/docs/snyk/master/redis_7.0.5-alpine.html +++ b/docs/snyk/master/redis_7.0.5-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 18th 2022, 10:30:45 pm

    +

    October 23rd 2022, 12:42:58 am

    Scanned the following path: diff --git a/docs/snyk/v2.2.15/argocd-iac-install.html b/docs/snyk/v2.2.15/argocd-iac-install.html index 1787162a03a36..954c26f6eda36 100644 --- a/docs/snyk/v2.2.15/argocd-iac-install.html +++ b/docs/snyk/v2.2.15/argocd-iac-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 18th 2022, 10:40:29 pm

    +

    October 23rd 2022, 12:53:16 am

    Scanned the following path: diff --git a/docs/snyk/v2.2.15/argocd-iac-namespace-install.html b/docs/snyk/v2.2.15/argocd-iac-namespace-install.html index b36ea456d7cc7..52e40e4fa86ee 100644 --- a/docs/snyk/v2.2.15/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.2.15/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 18th 2022, 10:40:36 pm

    +

    October 23rd 2022, 12:53:23 am

    Scanned the following path: diff --git a/docs/snyk/v2.2.15/argocd-test.html b/docs/snyk/v2.2.15/argocd-test.html index 1a01f7887f936..0a5c1bbe24414 100644 --- a/docs/snyk/v2.2.15/argocd-test.html +++ b/docs/snyk/v2.2.15/argocd-test.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 18th 2022, 10:39:16 pm

    +

    October 23rd 2022, 12:51:59 am

    Scanned the following paths: diff --git a/docs/snyk/v2.2.15/ghcr.io_dexidp_dex_v2.35.3-distroless.html b/docs/snyk/v2.2.15/ghcr.io_dexidp_dex_v2.35.3-distroless.html index 702734344d7ae..d06bf41337b64 100644 --- a/docs/snyk/v2.2.15/ghcr.io_dexidp_dex_v2.35.3-distroless.html +++ b/docs/snyk/v2.2.15/ghcr.io_dexidp_dex_v2.35.3-distroless.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 18th 2022, 10:39:20 pm

    +

    October 23rd 2022, 12:52:05 am

    Scanned the following path: diff --git a/docs/snyk/v2.2.15/haproxy_2.0.29-alpine.html b/docs/snyk/v2.2.15/haproxy_2.0.29-alpine.html index 52484293e2abf..ae54932d2e96d 100644 --- a/docs/snyk/v2.2.15/haproxy_2.0.29-alpine.html +++ b/docs/snyk/v2.2.15/haproxy_2.0.29-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 18th 2022, 10:39:22 pm

    +

    October 23rd 2022, 12:52:07 am

    Scanned the following path: diff --git a/docs/snyk/v2.2.15/quay.io_argoproj_argocd_v2.2.15.html b/docs/snyk/v2.2.15/quay.io_argoproj_argocd_v2.2.15.html index 7f73c0414f10a..e3629feb4aaae 100644 --- a/docs/snyk/v2.2.15/quay.io_argoproj_argocd_v2.2.15.html +++ b/docs/snyk/v2.2.15/quay.io_argoproj_argocd_v2.2.15.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 18th 2022, 10:40:08 pm

    +

    October 23rd 2022, 12:52:53 am

    Scanned the following path: @@ -573,7 +573,7 @@

    Detailed paths

    NVD Description

    This vulnerability has not been analyzed by NVD yet.

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 libksba.

    +

    Upgrade Ubuntu:22.04 libksba to version 1.6.0-2ubuntu0.1 or higher.

    References

    • ADVISORY
      • @@ -722,10 +722,11 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply to the upstream perl package.

      +

      Note: Versions mentioned in the description apply to the upstream perl package. + See How to fix? for Ubuntu:22.04 relevant versions.

      CPAN 2.28 allows Signature Verification Bypass.

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 perl.

      +

      Upgrade Ubuntu:22.04 perl to version 5.34.0-3ubuntu1.1 or higher.

      References

      diff --git a/docs/snyk/v2.2.15/redis_6.2.7-alpine.html b/docs/snyk/v2.2.15/redis_6.2.7-alpine.html index e8da585a80b88..bcca6e602cbb2 100644 --- a/docs/snyk/v2.2.15/redis_6.2.7-alpine.html +++ b/docs/snyk/v2.2.15/redis_6.2.7-alpine.html @@ -456,7 +456,7 @@

      Snyk test report

      -

      October 18th 2022, 10:40:11 pm

      +

      October 23rd 2022, 12:52:56 am

      Scanned the following path: diff --git a/docs/snyk/v2.3.10/argocd-iac-install.html b/docs/snyk/v2.3.10/argocd-iac-install.html index 1f180b57f7a5a..10d16ff6d8fea 100644 --- a/docs/snyk/v2.3.10/argocd-iac-install.html +++ b/docs/snyk/v2.3.10/argocd-iac-install.html @@ -456,7 +456,7 @@

      Snyk test report

      -

      October 18th 2022, 10:38:18 pm

      +

      October 23rd 2022, 12:50:54 am

      Scanned the following path: diff --git a/docs/snyk/v2.3.10/argocd-iac-namespace-install.html b/docs/snyk/v2.3.10/argocd-iac-namespace-install.html index fba88b49ebc95..20b5ac35220b5 100644 --- a/docs/snyk/v2.3.10/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.3.10/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

      Snyk test report

      -

      October 18th 2022, 10:38:56 pm

      +

      October 23rd 2022, 12:51:36 am

      Scanned the following path: diff --git a/docs/snyk/v2.3.10/argocd-test.html b/docs/snyk/v2.3.10/argocd-test.html index a27c244a3c056..fae1b6663d873 100644 --- a/docs/snyk/v2.3.10/argocd-test.html +++ b/docs/snyk/v2.3.10/argocd-test.html @@ -456,7 +456,7 @@

      Snyk test report

      -

      October 18th 2022, 10:36:22 pm

      +

      October 23rd 2022, 12:48:51 am

      Scanned the following paths: diff --git a/docs/snyk/v2.3.10/ghcr.io_dexidp_dex_v2.35.3-distroless.html b/docs/snyk/v2.3.10/ghcr.io_dexidp_dex_v2.35.3-distroless.html index 11f0ee2e64a70..ca048f4429c47 100644 --- a/docs/snyk/v2.3.10/ghcr.io_dexidp_dex_v2.35.3-distroless.html +++ b/docs/snyk/v2.3.10/ghcr.io_dexidp_dex_v2.35.3-distroless.html @@ -456,7 +456,7 @@

      Snyk test report

      -

      October 18th 2022, 10:36:27 pm

      +

      October 23rd 2022, 12:48:57 am

      Scanned the following path: diff --git a/docs/snyk/v2.3.10/haproxy_2.0.29-alpine.html b/docs/snyk/v2.3.10/haproxy_2.0.29-alpine.html index 9f142672b1f11..696960a669055 100644 --- a/docs/snyk/v2.3.10/haproxy_2.0.29-alpine.html +++ b/docs/snyk/v2.3.10/haproxy_2.0.29-alpine.html @@ -456,7 +456,7 @@

      Snyk test report

      -

      October 18th 2022, 10:36:30 pm

      +

      October 23rd 2022, 12:49:00 am

      Scanned the following path: diff --git a/docs/snyk/v2.3.10/quay.io_argoproj_argocd-applicationset_v0.4.1.html b/docs/snyk/v2.3.10/quay.io_argoproj_argocd-applicationset_v0.4.1.html index a0a24fd4de48d..8e1cc2f8130e6 100644 --- a/docs/snyk/v2.3.10/quay.io_argoproj_argocd-applicationset_v0.4.1.html +++ b/docs/snyk/v2.3.10/quay.io_argoproj_argocd-applicationset_v0.4.1.html @@ -456,7 +456,7 @@

      Snyk test report

      -

      October 18th 2022, 10:36:45 pm

      +

      October 23rd 2022, 12:49:16 am

      Scanned the following path: @@ -3207,7 +3207,7 @@

      References

      -

      Unchecked Return Value

      +

      Out-of-bounds Read

      @@ -3281,6 +3281,7 @@

      References

    • MISC
    • MISC
    • MISC
      • +
    • CONFIRM
    diff --git a/docs/snyk/v2.3.10/quay.io_argoproj_argocd_v2.3.10.html b/docs/snyk/v2.3.10/quay.io_argoproj_argocd_v2.3.10.html index e194d19a7659d..e148b8af8fa69 100644 --- a/docs/snyk/v2.3.10/quay.io_argoproj_argocd_v2.3.10.html +++ b/docs/snyk/v2.3.10/quay.io_argoproj_argocd_v2.3.10.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 18th 2022, 10:37:14 pm

    +

    October 23rd 2022, 12:49:47 am

    Scanned the following path: @@ -466,8 +466,8 @@

    Snyk test report

    -
    15 known vulnerabilities
    -
    92 vulnerable dependency paths
    +
    17 known vulnerabilities
    +
    98 vulnerable dependency paths
    162 dependencies
    @@ -573,7 +573,7 @@

    Detailed paths

    NVD Description

    This vulnerability has not been analyzed by NVD yet.

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 libksba.

    +

    Upgrade Ubuntu:22.04 libksba to version 1.6.0-2ubuntu0.1 or higher.

    References

    • ADVISORY
      • @@ -689,10 +689,11 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply to the upstream perl package.

      +

      Note: Versions mentioned in the description apply to the upstream perl package. + See How to fix? for Ubuntu:22.04 relevant versions.

      CPAN 2.28 allows Signature Verification Bypass.

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 perl.

      +

      Upgrade Ubuntu:22.04 perl to version 5.34.0-3ubuntu1.1 or higher.

      References

    +
    +
    +

    Out-of-bounds Write

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + git/git-man +
      • + +
    • Introduced through: + + + docker-image|quay.io/argoproj/argocd@v2.3.10, git@1:2.34.1-1ubuntu1.4 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.3.10 + + git@1:2.34.1-1ubuntu1.4 + + git/git-man@1:2.34.1-1ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.3.10 + + git@1:2.34.1-1ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.3.10 + + git-lfs@3.0.2-1 + + git@1:2.34.1-1ubuntu1.4 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply to the upstream git package. + See How to fix? for Ubuntu:22.04 relevant versions.

    +

    Git is an open source, scalable, distributed revision control system. git shell is a restricted login shell that can be used to implement Git's push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the command arguments into an array improperly uses an int to represent the number of entries in the array, allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes. Because the resulting array is then passed to execv(), it is possible to leverage this attack to gain remote code execution on a victim machine. Note that a victim must first allow access to git shell as a login shell in order to be vulnerable to this attack. This problem is patched in versions 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 and users are advised to upgrade to the latest version. Disabling git shell access via remote logins is a viable short-term workaround.

    +

    Remediation

    +

    Upgrade Ubuntu:22.04 git to version 1:2.34.1-1ubuntu1.5 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Link Following

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + git/git-man +
      • + +
    • Introduced through: + + + docker-image|quay.io/argoproj/argocd@v2.3.10, git@1:2.34.1-1ubuntu1.4 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.3.10 + + git@1:2.34.1-1ubuntu1.4 + + git/git-man@1:2.34.1-1ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.3.10 + + git@1:2.34.1-1ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.3.10 + + git-lfs@3.0.2-1 + + git@1:2.34.1-1ubuntu1.4 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply to the upstream git package. + See How to fix? for Ubuntu:22.04 relevant versions.

    +

    Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and target of the clone are on the same volume), Git copies the contents of the source's $GIT_DIR/objects directory into the destination by either creating hardlinks to the source contents, or copying them (if hardlinks are disabled via --no-hardlinks). A malicious actor could convince a victim to clone a repository with a symbolic link pointing at sensitive information on the victim's machine. This can be done either by having the victim clone a malicious repository on the same machine, or having them clone a malicious repository embedded as a bare repository via a submodule from any source, provided they clone with the --recurse-submodules option. Git does not create symbolic links in the $GIT_DIR/objects directory. The problem has been patched in the versions published on 2022-10-18, and backported to v2.30.x. Potential workarounds: Avoid cloning untrusted repositories using the --local optimization when on a shared machine, either by passing the --no-local option to git clone or cloning from a URL that uses the file:// scheme. Alternatively, avoid cloning repositories from untrusted sources with --recurse-submodules or run git config --global protocol.file.allow user.

    +

    Remediation

    +

    Upgrade Ubuntu:22.04 git to version 1:2.34.1-1ubuntu1.5 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    Time-of-check Time-of-use (TOCTOU)

    diff --git a/docs/snyk/v2.3.10/redis_6.2.7-alpine.html b/docs/snyk/v2.3.10/redis_6.2.7-alpine.html index 45d067691a15c..eaa0258acad7c 100644 --- a/docs/snyk/v2.3.10/redis_6.2.7-alpine.html +++ b/docs/snyk/v2.3.10/redis_6.2.7-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 18th 2022, 10:37:20 pm

    +

    October 23rd 2022, 12:49:52 am

    Scanned the following path: diff --git a/docs/snyk/v2.4.15/argocd-iac-install.html b/docs/snyk/v2.4.15/argocd-iac-install.html index dea9216886381..467b1699195d6 100644 --- a/docs/snyk/v2.4.15/argocd-iac-install.html +++ b/docs/snyk/v2.4.15/argocd-iac-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 18th 2022, 10:35:56 pm

    +

    October 23rd 2022, 12:48:26 am

    Scanned the following path: diff --git a/docs/snyk/v2.4.15/argocd-iac-namespace-install.html b/docs/snyk/v2.4.15/argocd-iac-namespace-install.html index 092242045221d..113e7f0fb92d9 100644 --- a/docs/snyk/v2.4.15/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.4.15/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 18th 2022, 10:36:05 pm

    +

    October 23rd 2022, 12:48:36 am

    Scanned the following path: diff --git a/docs/snyk/v2.4.15/argocd-test.html b/docs/snyk/v2.4.15/argocd-test.html index 272103261fe5c..9c41f56d040ca 100644 --- a/docs/snyk/v2.4.15/argocd-test.html +++ b/docs/snyk/v2.4.15/argocd-test.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 18th 2022, 10:34:10 pm

    +

    October 23rd 2022, 12:46:44 am

    Scanned the following paths: diff --git a/docs/snyk/v2.4.15/ghcr.io_dexidp_dex_v2.35.3-distroless.html b/docs/snyk/v2.4.15/ghcr.io_dexidp_dex_v2.35.3-distroless.html index 4cee9879dcdaa..fbc6fac58df5b 100644 --- a/docs/snyk/v2.4.15/ghcr.io_dexidp_dex_v2.35.3-distroless.html +++ b/docs/snyk/v2.4.15/ghcr.io_dexidp_dex_v2.35.3-distroless.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 18th 2022, 10:34:17 pm

    +

    October 23rd 2022, 12:46:50 am

    Scanned the following path: diff --git a/docs/snyk/v2.4.15/haproxy_2.0.29-alpine.html b/docs/snyk/v2.4.15/haproxy_2.0.29-alpine.html index 427cc888101ce..a7707a5bf6b40 100644 --- a/docs/snyk/v2.4.15/haproxy_2.0.29-alpine.html +++ b/docs/snyk/v2.4.15/haproxy_2.0.29-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 18th 2022, 10:34:24 pm

    +

    October 23rd 2022, 12:46:55 am

    Scanned the following path: diff --git a/docs/snyk/v2.4.15/quay.io_argoproj_argocd_v2.4.15.html b/docs/snyk/v2.4.15/quay.io_argoproj_argocd_v2.4.15.html index 44b219b37fbfc..91ab541670b28 100644 --- a/docs/snyk/v2.4.15/quay.io_argoproj_argocd_v2.4.15.html +++ b/docs/snyk/v2.4.15/quay.io_argoproj_argocd_v2.4.15.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 18th 2022, 10:34:48 pm

    +

    October 23rd 2022, 12:47:15 am

    Scanned the following path: @@ -466,8 +466,8 @@

    Snyk test report

    -
    15 known vulnerabilities
    -
    92 vulnerable dependency paths
    +
    17 known vulnerabilities
    +
    98 vulnerable dependency paths
    162 dependencies
    @@ -573,7 +573,7 @@

    Detailed paths

    NVD Description

    This vulnerability has not been analyzed by NVD yet.

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 libksba.

    +

    Upgrade Ubuntu:22.04 libksba to version 1.6.0-2ubuntu0.1 or higher.

    References

    • ADVISORY
      • @@ -689,10 +689,11 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply to the upstream perl package.

      +

      Note: Versions mentioned in the description apply to the upstream perl package. + See How to fix? for Ubuntu:22.04 relevant versions.

      CPAN 2.28 allows Signature Verification Bypass.

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 perl.

      +

      Upgrade Ubuntu:22.04 perl to version 5.34.0-3ubuntu1.1 or higher.

      References

    +
    +
    +

    Out-of-bounds Write

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + git/git-man +
      • + +
    • Introduced through: + + + docker-image|quay.io/argoproj/argocd@v2.4.15, git@1:2.34.1-1ubuntu1.4 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.4.15 + + git@1:2.34.1-1ubuntu1.4 + + git/git-man@1:2.34.1-1ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.4.15 + + git@1:2.34.1-1ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.4.15 + + git-lfs@3.0.2-1 + + git@1:2.34.1-1ubuntu1.4 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply to the upstream git package. + See How to fix? for Ubuntu:22.04 relevant versions.

    +

    Git is an open source, scalable, distributed revision control system. git shell is a restricted login shell that can be used to implement Git's push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the command arguments into an array improperly uses an int to represent the number of entries in the array, allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes. Because the resulting array is then passed to execv(), it is possible to leverage this attack to gain remote code execution on a victim machine. Note that a victim must first allow access to git shell as a login shell in order to be vulnerable to this attack. This problem is patched in versions 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 and users are advised to upgrade to the latest version. Disabling git shell access via remote logins is a viable short-term workaround.

    +

    Remediation

    +

    Upgrade Ubuntu:22.04 git to version 1:2.34.1-1ubuntu1.5 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Link Following

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + git/git-man +
      • + +
    • Introduced through: + + + docker-image|quay.io/argoproj/argocd@v2.4.15, git@1:2.34.1-1ubuntu1.4 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.4.15 + + git@1:2.34.1-1ubuntu1.4 + + git/git-man@1:2.34.1-1ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.4.15 + + git@1:2.34.1-1ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.4.15 + + git-lfs@3.0.2-1 + + git@1:2.34.1-1ubuntu1.4 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply to the upstream git package. + See How to fix? for Ubuntu:22.04 relevant versions.

    +

    Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and target of the clone are on the same volume), Git copies the contents of the source's $GIT_DIR/objects directory into the destination by either creating hardlinks to the source contents, or copying them (if hardlinks are disabled via --no-hardlinks). A malicious actor could convince a victim to clone a repository with a symbolic link pointing at sensitive information on the victim's machine. This can be done either by having the victim clone a malicious repository on the same machine, or having them clone a malicious repository embedded as a bare repository via a submodule from any source, provided they clone with the --recurse-submodules option. Git does not create symbolic links in the $GIT_DIR/objects directory. The problem has been patched in the versions published on 2022-10-18, and backported to v2.30.x. Potential workarounds: Avoid cloning untrusted repositories using the --local optimization when on a shared machine, either by passing the --no-local option to git clone or cloning from a URL that uses the file:// scheme. Alternatively, avoid cloning repositories from untrusted sources with --recurse-submodules or run git config --global protocol.file.allow user.

    +

    Remediation

    +

    Upgrade Ubuntu:22.04 git to version 1:2.34.1-1ubuntu1.5 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    Time-of-check Time-of-use (TOCTOU)

    diff --git a/docs/snyk/v2.4.15/redis_7.0.4-alpine.html b/docs/snyk/v2.4.15/redis_7.0.4-alpine.html index b519943b19a90..4a3e240aaa0ef 100644 --- a/docs/snyk/v2.4.15/redis_7.0.4-alpine.html +++ b/docs/snyk/v2.4.15/redis_7.0.4-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 18th 2022, 10:34:57 pm

    +

    October 23rd 2022, 12:47:20 am

    Scanned the following path: diff --git a/docs/snyk/v2.5.0-rc3/argocd-iac-install.html b/docs/snyk/v2.5.0-rc3/argocd-iac-install.html index c42a686636f9d..1383f0cc895f9 100644 --- a/docs/snyk/v2.5.0-rc3/argocd-iac-install.html +++ b/docs/snyk/v2.5.0-rc3/argocd-iac-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 18th 2022, 10:33:39 pm

    +

    October 23rd 2022, 12:46:14 am

    Scanned the following path: diff --git a/docs/snyk/v2.5.0-rc3/argocd-iac-namespace-install.html b/docs/snyk/v2.5.0-rc3/argocd-iac-namespace-install.html index 342b30974367c..6e44b747ffec6 100644 --- a/docs/snyk/v2.5.0-rc3/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.5.0-rc3/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 18th 2022, 10:33:49 pm

    +

    October 23rd 2022, 12:46:25 am

    Scanned the following path: diff --git a/docs/snyk/v2.5.0-rc3/argocd-test.html b/docs/snyk/v2.5.0-rc3/argocd-test.html index 429263c154cd5..c6f8dc4e1bcd7 100644 --- a/docs/snyk/v2.5.0-rc3/argocd-test.html +++ b/docs/snyk/v2.5.0-rc3/argocd-test.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 18th 2022, 10:32:10 pm

    +

    October 23rd 2022, 12:44:33 am

    Scanned the following paths: diff --git a/docs/snyk/v2.5.0-rc3/ghcr.io_dexidp_dex_v2.35.3-distroless.html b/docs/snyk/v2.5.0-rc3/ghcr.io_dexidp_dex_v2.35.3-distroless.html index 26c9b057a5c29..e1d00ab3365f3 100644 --- a/docs/snyk/v2.5.0-rc3/ghcr.io_dexidp_dex_v2.35.3-distroless.html +++ b/docs/snyk/v2.5.0-rc3/ghcr.io_dexidp_dex_v2.35.3-distroless.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 18th 2022, 10:32:14 pm

    +

    October 23rd 2022, 12:44:37 am

    Scanned the following path: diff --git a/docs/snyk/v2.5.0-rc3/haproxy_2.6.2-alpine.html b/docs/snyk/v2.5.0-rc3/haproxy_2.6.2-alpine.html index 3c62434c0dcdf..2b68e15bb8ac5 100644 --- a/docs/snyk/v2.5.0-rc3/haproxy_2.6.2-alpine.html +++ b/docs/snyk/v2.5.0-rc3/haproxy_2.6.2-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 18th 2022, 10:32:17 pm

    +

    October 23rd 2022, 12:44:42 am

    Scanned the following path: diff --git a/docs/snyk/v2.5.0-rc3/quay.io_argoproj_argocd_v2.5.0-rc3.html b/docs/snyk/v2.5.0-rc3/quay.io_argoproj_argocd_v2.5.0-rc3.html index fe636eea8982e..c996a529b2b6f 100644 --- a/docs/snyk/v2.5.0-rc3/quay.io_argoproj_argocd_v2.5.0-rc3.html +++ b/docs/snyk/v2.5.0-rc3/quay.io_argoproj_argocd_v2.5.0-rc3.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 18th 2022, 10:32:36 pm

    +

    October 23rd 2022, 12:45:02 am

    Scanned the following path: @@ -466,8 +466,8 @@

    Snyk test report

    -
    16 known vulnerabilities
    -
    93 vulnerable dependency paths
    +
    18 known vulnerabilities
    +
    99 vulnerable dependency paths
    162 dependencies
    @@ -573,7 +573,7 @@

    Detailed paths

    NVD Description

    This vulnerability has not been analyzed by NVD yet.

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 libksba.

    +

    Upgrade Ubuntu:22.04 libksba to version 1.6.0-2ubuntu0.1 or higher.

    References

    • ADVISORY
      • @@ -772,10 +772,11 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply to the upstream perl package.

      +

      Note: Versions mentioned in the description apply to the upstream perl package. + See How to fix? for Ubuntu:22.04 relevant versions.

      CPAN 2.28 allows Signature Verification Bypass.

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 perl.

      +

      Upgrade Ubuntu:22.04 perl to version 5.34.0-3ubuntu1.1 or higher.

      References

    +
    +
    +

    Out-of-bounds Write

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + git/git-man +
      • + +
    • Introduced through: + + + docker-image|quay.io/argoproj/argocd@v2.5.0-rc3, git@1:2.34.1-1ubuntu1.4 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + + git@1:2.34.1-1ubuntu1.4 + + git/git-man@1:2.34.1-1ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + + git@1:2.34.1-1ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + + git-lfs@3.0.2-1 + + git@1:2.34.1-1ubuntu1.4 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply to the upstream git package. + See How to fix? for Ubuntu:22.04 relevant versions.

    +

    Git is an open source, scalable, distributed revision control system. git shell is a restricted login shell that can be used to implement Git's push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the command arguments into an array improperly uses an int to represent the number of entries in the array, allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes. Because the resulting array is then passed to execv(), it is possible to leverage this attack to gain remote code execution on a victim machine. Note that a victim must first allow access to git shell as a login shell in order to be vulnerable to this attack. This problem is patched in versions 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 and users are advised to upgrade to the latest version. Disabling git shell access via remote logins is a viable short-term workaround.

    +

    Remediation

    +

    Upgrade Ubuntu:22.04 git to version 1:2.34.1-1ubuntu1.5 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Link Following

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + git/git-man +
      • + +
    • Introduced through: + + + docker-image|quay.io/argoproj/argocd@v2.5.0-rc3, git@1:2.34.1-1ubuntu1.4 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + + git@1:2.34.1-1ubuntu1.4 + + git/git-man@1:2.34.1-1ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + + git@1:2.34.1-1ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + + git-lfs@3.0.2-1 + + git@1:2.34.1-1ubuntu1.4 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply to the upstream git package. + See How to fix? for Ubuntu:22.04 relevant versions.

    +

    Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and target of the clone are on the same volume), Git copies the contents of the source's $GIT_DIR/objects directory into the destination by either creating hardlinks to the source contents, or copying them (if hardlinks are disabled via --no-hardlinks). A malicious actor could convince a victim to clone a repository with a symbolic link pointing at sensitive information on the victim's machine. This can be done either by having the victim clone a malicious repository on the same machine, or having them clone a malicious repository embedded as a bare repository via a submodule from any source, provided they clone with the --recurse-submodules option. Git does not create symbolic links in the $GIT_DIR/objects directory. The problem has been patched in the versions published on 2022-10-18, and backported to v2.30.x. Potential workarounds: Avoid cloning untrusted repositories using the --local optimization when on a shared machine, either by passing the --no-local option to git clone or cloning from a URL that uses the file:// scheme. Alternatively, avoid cloning repositories from untrusted sources with --recurse-submodules or run git config --global protocol.file.allow user.

    +

    Remediation

    +

    Upgrade Ubuntu:22.04 git to version 1:2.34.1-1ubuntu1.5 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    Time-of-check Time-of-use (TOCTOU)

    diff --git a/docs/snyk/v2.5.0-rc3/redis_7.0.5-alpine.html b/docs/snyk/v2.5.0-rc3/redis_7.0.5-alpine.html index c42835df2052a..22634f68745f8 100644 --- a/docs/snyk/v2.5.0-rc3/redis_7.0.5-alpine.html +++ b/docs/snyk/v2.5.0-rc3/redis_7.0.5-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 18th 2022, 10:32:39 pm

    +

    October 23rd 2022, 12:45:06 am

    Scanned the following path: From 790ccdf7618852d28b8b405b337beb21753bd909 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 31 Oct 2022 10:21:03 -0400 Subject: [PATCH 010/304] [Bot] Update Snyk reports (#11114) Signed-off-by: CI Signed-off-by: CI Co-authored-by: CI Signed-off-by: emirot --- docs/snyk/index.md | 10 +- docs/snyk/master/argocd-iac-install.html | 2 +- .../master/argocd-iac-namespace-install.html | 2 +- docs/snyk/master/argocd-test.html | 2 +- ...ghcr.io_dexidp_dex_v2.35.3-distroless.html | 2 +- docs/snyk/master/haproxy_2.6.2-alpine.html | 2 +- .../quay.io_argoproj_argocd_latest.html | 98 +++++- docs/snyk/master/redis_7.0.5-alpine.html | 2 +- docs/snyk/v2.2.15/argocd-iac-install.html | 2 +- .../v2.2.15/argocd-iac-namespace-install.html | 2 +- docs/snyk/v2.2.15/argocd-test.html | 2 +- ...ghcr.io_dexidp_dex_v2.35.3-distroless.html | 2 +- docs/snyk/v2.2.15/haproxy_2.0.29-alpine.html | 2 +- .../quay.io_argoproj_argocd_v2.2.15.html | 320 +++++++++++++++++- docs/snyk/v2.2.15/redis_6.2.7-alpine.html | 2 +- docs/snyk/v2.3.10/argocd-iac-install.html | 2 +- .../v2.3.10/argocd-iac-namespace-install.html | 2 +- docs/snyk/v2.3.10/argocd-test.html | 2 +- ...ghcr.io_dexidp_dex_v2.35.3-distroless.html | 2 +- docs/snyk/v2.3.10/haproxy_2.0.29-alpine.html | 2 +- ...argoproj_argocd-applicationset_v0.4.1.html | 23 +- .../quay.io_argoproj_argocd_v2.3.10.html | 296 +++++++++++++++- docs/snyk/v2.3.10/redis_6.2.7-alpine.html | 2 +- docs/snyk/v2.4.15/argocd-iac-install.html | 2 +- .../v2.4.15/argocd-iac-namespace-install.html | 2 +- docs/snyk/v2.4.15/argocd-test.html | 2 +- ...ghcr.io_dexidp_dex_v2.35.3-distroless.html | 2 +- docs/snyk/v2.4.15/haproxy_2.0.29-alpine.html | 2 +- .../quay.io_argoproj_argocd_v2.4.15.html | 296 +++++++++++++++- docs/snyk/v2.4.15/redis_7.0.4-alpine.html | 2 +- docs/snyk/v2.5.0-rc3/argocd-iac-install.html | 2 +- .../argocd-iac-namespace-install.html | 2 +- docs/snyk/v2.5.0-rc3/argocd-test.html | 2 +- ...ghcr.io_dexidp_dex_v2.35.3-distroless.html | 2 +- .../snyk/v2.5.0-rc3/haproxy_2.6.2-alpine.html | 2 +- .../quay.io_argoproj_argocd_v2.5.0-rc3.html | 302 ++++++++++++++++- docs/snyk/v2.5.0-rc3/redis_7.0.5-alpine.html | 2 +- 37 files changed, 1312 insertions(+), 93 deletions(-) diff --git a/docs/snyk/index.md b/docs/snyk/index.md index 0a58ffd4151d5..b8af331a9868b 100644 --- a/docs/snyk/index.md +++ b/docs/snyk/index.md @@ -17,7 +17,7 @@ recent minor releases. | [ui/yarn.lock](master/argocd-test.html) | 0 | 0 | 3 | 0 | | [dex:v2.35.3-distroless](master/ghcr.io_dexidp_dex_v2.35.3-distroless.html) | 0 | 0 | 0 | 0 | | [haproxy:2.6.2-alpine](master/haproxy_2.6.2-alpine.html) | 0 | 0 | 0 | 0 | -| [argocd:latest](master/quay.io_argoproj_argocd_latest.html) | 0 | 0 | 0 | 13 | +| [argocd:latest](master/quay.io_argoproj_argocd_latest.html) | 0 | 0 | 1 | 13 | | [redis:7.0.5-alpine](master/redis_7.0.5-alpine.html) | 0 | 0 | 0 | 0 | | [install.yaml](master/argocd-iac-install.html) | - | - | - | - | | [namespace-install.yaml](master/argocd-iac-namespace-install.html) | - | - | - | - | @@ -30,7 +30,7 @@ recent minor releases. | [ui/yarn.lock](v2.5.0-rc3/argocd-test.html) | 0 | 0 | 3 | 0 | | [dex:v2.35.3-distroless](v2.5.0-rc3/ghcr.io_dexidp_dex_v2.35.3-distroless.html) | 0 | 0 | 0 | 0 | | [haproxy:2.6.2-alpine](v2.5.0-rc3/haproxy_2.6.2-alpine.html) | 0 | 0 | 0 | 0 | -| [argocd:v2.5.0-rc3](v2.5.0-rc3/quay.io_argoproj_argocd_v2.5.0-rc3.html) | 0 | 1 | 4 | 13 | +| [argocd:v2.5.0-rc3](v2.5.0-rc3/quay.io_argoproj_argocd_v2.5.0-rc3.html) | 0 | 1 | 8 | 13 | | [redis:7.0.5-alpine](v2.5.0-rc3/redis_7.0.5-alpine.html) | 0 | 0 | 0 | 0 | | [install.yaml](v2.5.0-rc3/argocd-iac-install.html) | - | - | - | - | | [namespace-install.yaml](v2.5.0-rc3/argocd-iac-namespace-install.html) | - | - | - | - | @@ -43,7 +43,7 @@ recent minor releases. | [ui/yarn.lock](v2.4.15/argocd-test.html) | 0 | 0 | 3 | 0 | | [dex:v2.35.3-distroless](v2.4.15/ghcr.io_dexidp_dex_v2.35.3-distroless.html) | 0 | 0 | 0 | 0 | | [haproxy:2.0.29-alpine](v2.4.15/haproxy_2.0.29-alpine.html) | 0 | 0 | 0 | 0 | -| [argocd:v2.4.15](v2.4.15/quay.io_argoproj_argocd_v2.4.15.html) | 0 | 1 | 3 | 13 | +| [argocd:v2.4.15](v2.4.15/quay.io_argoproj_argocd_v2.4.15.html) | 0 | 1 | 7 | 13 | | [redis:7.0.4-alpine](v2.4.15/redis_7.0.4-alpine.html) | 0 | 0 | 0 | 0 | | [install.yaml](v2.4.15/argocd-iac-install.html) | - | - | - | - | | [namespace-install.yaml](v2.4.15/argocd-iac-namespace-install.html) | - | - | - | - | @@ -57,7 +57,7 @@ recent minor releases. | [dex:v2.35.3-distroless](v2.3.10/ghcr.io_dexidp_dex_v2.35.3-distroless.html) | 0 | 0 | 0 | 0 | | [haproxy:2.0.29-alpine](v2.3.10/haproxy_2.0.29-alpine.html) | 0 | 0 | 0 | 0 | | [argocd-applicationset:v0.4.1](v2.3.10/quay.io_argoproj_argocd-applicationset_v0.4.1.html) | 0 | 4 | 38 | 29 | -| [argocd:v2.3.10](v2.3.10/quay.io_argoproj_argocd_v2.3.10.html) | 0 | 1 | 3 | 13 | +| [argocd:v2.3.10](v2.3.10/quay.io_argoproj_argocd_v2.3.10.html) | 0 | 1 | 7 | 13 | | [redis:6.2.7-alpine](v2.3.10/redis_6.2.7-alpine.html) | 0 | 0 | 0 | 0 | | [install.yaml](v2.3.10/argocd-iac-install.html) | - | - | - | - | | [namespace-install.yaml](v2.3.10/argocd-iac-namespace-install.html) | - | - | - | - | @@ -70,7 +70,7 @@ recent minor releases. | [ui/yarn.lock](v2.2.15/argocd-test.html) | 0 | 1 | 5 | 0 | | [dex:v2.35.3-distroless](v2.2.15/ghcr.io_dexidp_dex_v2.35.3-distroless.html) | 0 | 0 | 0 | 0 | | [haproxy:2.0.29-alpine](v2.2.15/haproxy_2.0.29-alpine.html) | 0 | 0 | 0 | 0 | -| [argocd:v2.2.15](v2.2.15/quay.io_argoproj_argocd_v2.2.15.html) | 0 | 1 | 3 | 23 | +| [argocd:v2.2.15](v2.2.15/quay.io_argoproj_argocd_v2.2.15.html) | 0 | 1 | 7 | 23 | | [redis:6.2.7-alpine](v2.2.15/redis_6.2.7-alpine.html) | 0 | 0 | 0 | 0 | | [install.yaml](v2.2.15/argocd-iac-install.html) | - | - | - | - | | [namespace-install.yaml](v2.2.15/argocd-iac-namespace-install.html) | - | - | - | - | diff --git a/docs/snyk/master/argocd-iac-install.html b/docs/snyk/master/argocd-iac-install.html index 8993519bb997a..386e75e842964 100644 --- a/docs/snyk/master/argocd-iac-install.html +++ b/docs/snyk/master/argocd-iac-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 23rd 2022, 12:44:06 am

    +

    October 30th 2022, 12:21:01 am

    Scanned the following path: diff --git a/docs/snyk/master/argocd-iac-namespace-install.html b/docs/snyk/master/argocd-iac-namespace-install.html index b40cdd7a4d9b9..8f20d3c65098d 100644 --- a/docs/snyk/master/argocd-iac-namespace-install.html +++ b/docs/snyk/master/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 23rd 2022, 12:44:18 am

    +

    October 30th 2022, 12:21:12 am

    Scanned the following path: diff --git a/docs/snyk/master/argocd-test.html b/docs/snyk/master/argocd-test.html index 4080861775ec2..bc885d3696896 100644 --- a/docs/snyk/master/argocd-test.html +++ b/docs/snyk/master/argocd-test.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 23rd 2022, 12:42:07 am

    +

    October 30th 2022, 12:19:12 am

    Scanned the following paths: diff --git a/docs/snyk/master/ghcr.io_dexidp_dex_v2.35.3-distroless.html b/docs/snyk/master/ghcr.io_dexidp_dex_v2.35.3-distroless.html index 19966331c6934..0e542ba18702f 100644 --- a/docs/snyk/master/ghcr.io_dexidp_dex_v2.35.3-distroless.html +++ b/docs/snyk/master/ghcr.io_dexidp_dex_v2.35.3-distroless.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 23rd 2022, 12:42:18 am

    +

    October 30th 2022, 12:19:27 am

    Scanned the following path: diff --git a/docs/snyk/master/haproxy_2.6.2-alpine.html b/docs/snyk/master/haproxy_2.6.2-alpine.html index 8a7089252cd90..ac34b0a807ee4 100644 --- a/docs/snyk/master/haproxy_2.6.2-alpine.html +++ b/docs/snyk/master/haproxy_2.6.2-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 23rd 2022, 12:42:23 am

    +

    October 30th 2022, 12:19:33 am

    Scanned the following path: diff --git a/docs/snyk/master/quay.io_argoproj_argocd_latest.html b/docs/snyk/master/quay.io_argoproj_argocd_latest.html index 3c89d8826d37d..0b388b871837f 100644 --- a/docs/snyk/master/quay.io_argoproj_argocd_latest.html +++ b/docs/snyk/master/quay.io_argoproj_argocd_latest.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 23rd 2022, 12:42:50 am

    +

    October 30th 2022, 12:19:54 am

    Scanned the following path: @@ -466,8 +466,8 @@

    Snyk test report

    -
    13 known vulnerabilities
    -
    83 vulnerable dependency paths
    +
    14 known vulnerabilities
    +
    84 vulnerable dependency paths
    162 dependencies
    @@ -485,6 +485,78 @@

    Snyk test report

    +
    +

    Improper Validation of Array Index

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + sqlite3/libsqlite3-0 +
      • + +
    • Introduced through: + + + docker-image|quay.io/argoproj/argocd@latest, gnupg2/gpg@2.2.27-3ubuntu2.1 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + gnupg2/gpg@2.2.27-3ubuntu2.1 + + sqlite3/libsqlite3-0@3.37.2-2 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply to the upstream sqlite3 package.

    +

    SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 sqlite3.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +

    Time-of-check Time-of-use (TOCTOU)

    @@ -571,11 +643,11 @@

    Remediation

    There is no fixed version for Ubuntu:22.04 shadow.

    References

    @@ -651,12 +723,12 @@

    Remediation

    There is no fixed version for Ubuntu:22.04 pcre3.

    References

    @@ -787,13 +859,13 @@

    Remediation

    There is no fixed version for Ubuntu:22.04 patch.

    References

    @@ -897,7 +969,7 @@

    Detailed paths

    git@1:2.34.1-1ubuntu1.5 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.4 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.6 libssh/libssh-4@0.9.6-2build1 @@ -965,6 +1037,7 @@

    References

  • ADVISORY
  • CONFIRM
  • CONFIRM
    • +
  • CONFIRM
    • @@ -1372,6 +1445,7 @@

    References

  • ADVISORY
  • MISC
  • MISC
    • +
  • CONFIRM
    • @@ -1523,7 +1597,7 @@

    Detailed paths

    git@1:2.34.1-1ubuntu1.5 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.4 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.6 krb5/libgssapi-krb5-2@1.19.2-2 @@ -1536,7 +1610,7 @@

    Detailed paths

    git@1:2.34.1-1ubuntu1.5 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.4 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.6 libssh/libssh-4@0.9.6-2build1 @@ -2126,9 +2200,9 @@

    Remediation

    There is no fixed version for Ubuntu:22.04 git.

    References

    @@ -2193,11 +2267,11 @@

    Remediation

    There is no fixed version for Ubuntu:22.04 coreutils.

    References

    diff --git a/docs/snyk/master/redis_7.0.5-alpine.html b/docs/snyk/master/redis_7.0.5-alpine.html index f8b7ca6a7719a..b841339c1dc2d 100644 --- a/docs/snyk/master/redis_7.0.5-alpine.html +++ b/docs/snyk/master/redis_7.0.5-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 23rd 2022, 12:42:58 am

    +

    October 30th 2022, 12:19:59 am

    Scanned the following path: diff --git a/docs/snyk/v2.2.15/argocd-iac-install.html b/docs/snyk/v2.2.15/argocd-iac-install.html index 954c26f6eda36..a0edf272b5831 100644 --- a/docs/snyk/v2.2.15/argocd-iac-install.html +++ b/docs/snyk/v2.2.15/argocd-iac-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 23rd 2022, 12:53:16 am

    +

    October 30th 2022, 12:29:41 am

    Scanned the following path: diff --git a/docs/snyk/v2.2.15/argocd-iac-namespace-install.html b/docs/snyk/v2.2.15/argocd-iac-namespace-install.html index 52e40e4fa86ee..5b87513e90510 100644 --- a/docs/snyk/v2.2.15/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.2.15/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 23rd 2022, 12:53:23 am

    +

    October 30th 2022, 12:29:48 am

    Scanned the following path: diff --git a/docs/snyk/v2.2.15/argocd-test.html b/docs/snyk/v2.2.15/argocd-test.html index 0a5c1bbe24414..d84197a2ddc0b 100644 --- a/docs/snyk/v2.2.15/argocd-test.html +++ b/docs/snyk/v2.2.15/argocd-test.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 23rd 2022, 12:51:59 am

    +

    October 30th 2022, 12:28:26 am

    Scanned the following paths: diff --git a/docs/snyk/v2.2.15/ghcr.io_dexidp_dex_v2.35.3-distroless.html b/docs/snyk/v2.2.15/ghcr.io_dexidp_dex_v2.35.3-distroless.html index d06bf41337b64..6abcdafd65e97 100644 --- a/docs/snyk/v2.2.15/ghcr.io_dexidp_dex_v2.35.3-distroless.html +++ b/docs/snyk/v2.2.15/ghcr.io_dexidp_dex_v2.35.3-distroless.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 23rd 2022, 12:52:05 am

    +

    October 30th 2022, 12:28:32 am

    Scanned the following path: diff --git a/docs/snyk/v2.2.15/haproxy_2.0.29-alpine.html b/docs/snyk/v2.2.15/haproxy_2.0.29-alpine.html index ae54932d2e96d..2108264cc7bfb 100644 --- a/docs/snyk/v2.2.15/haproxy_2.0.29-alpine.html +++ b/docs/snyk/v2.2.15/haproxy_2.0.29-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 23rd 2022, 12:52:07 am

    +

    October 30th 2022, 12:28:35 am

    Scanned the following path: diff --git a/docs/snyk/v2.2.15/quay.io_argoproj_argocd_v2.2.15.html b/docs/snyk/v2.2.15/quay.io_argoproj_argocd_v2.2.15.html index e3629feb4aaae..5031a890611f9 100644 --- a/docs/snyk/v2.2.15/quay.io_argoproj_argocd_v2.2.15.html +++ b/docs/snyk/v2.2.15/quay.io_argoproj_argocd_v2.2.15.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 23rd 2022, 12:52:53 am

    +

    October 30th 2022, 12:29:20 am

    Scanned the following path: @@ -466,8 +466,8 @@

    Snyk test report

    -
    27 known vulnerabilities
    -
    208 vulnerable dependency paths
    +
    31 known vulnerabilities
    +
    213 vulnerable dependency paths
    253 dependencies
    @@ -585,6 +585,93 @@

    References

    More about this vulnerability

    +
    +
    +

    Improper Validation of Array Index

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + sqlite3/libsqlite3-0 +
      • + +
    • Introduced through: + + + docker-image|quay.io/argoproj/argocd@v2.2.15, gnupg2/gpg@2.2.27-3ubuntu2.1 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.2.15 + + gnupg2/gpg@2.2.27-3ubuntu2.1 + + sqlite3/libsqlite3-0@3.37.2-2 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.2.15 + + python3-defaults/libpython3-dev@3.10.6-1~22.04 + + python3.10/libpython3.10-dev@3.10.6-1~22.04 + + python3.10/libpython3.10-stdlib@3.10.6-1~22.04 + + sqlite3/libsqlite3-0@3.37.2-2 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply to the upstream sqlite3 package.

    +

    SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 sqlite3.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    Improper Verification of Cryptographic Signature

    @@ -894,6 +981,207 @@

    References

    More about this vulnerability

    +
    +
    +

    CVE-2022-42916

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + curl/libcurl3-gnutls +
      • + +
    • Introduced through: + + + docker-image|quay.io/argoproj/argocd@v2.2.15, git@1:2.34.1-1ubuntu1.5 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.2.15 + + git@1:2.34.1-1ubuntu1.5 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.4 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply to the upstream curl package. + See How to fix? for Ubuntu:22.04 relevant versions.

    +

    In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step) even when HTTP is provided in the URL. This mechanism could be bypassed if the host name in the given URL uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion, e.g., using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop of U+002E (.). The earliest affected version is 7.77.0 2021-05-26.

    +

    Remediation

    +

    Upgrade Ubuntu:22.04 curl to version 7.81.0-1ubuntu1.6 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    CVE-2022-42915

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + curl/libcurl3-gnutls +
      • + +
    • Introduced through: + + + docker-image|quay.io/argoproj/argocd@v2.2.15, git@1:2.34.1-1ubuntu1.5 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.2.15 + + git@1:2.34.1-1ubuntu1.5 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.4 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    This vulnerability has not been analyzed by NVD yet.

    +

    Remediation

    +

    Upgrade Ubuntu:22.04 curl to version 7.81.0-1ubuntu1.6 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    CVE-2022-32221

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + curl/libcurl3-gnutls +
      • + +
    • Introduced through: + + + docker-image|quay.io/argoproj/argocd@v2.2.15, git@1:2.34.1-1ubuntu1.5 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.2.15 + + git@1:2.34.1-1ubuntu1.5 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.4 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    This vulnerability has not been analyzed by NVD yet.

    +

    Remediation

    +

    Upgrade Ubuntu:22.04 curl to version 7.81.0-1ubuntu1.6 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    Out-of-bounds Write

    @@ -1298,10 +1586,10 @@

    Remediation

    There is no fixed version for Ubuntu:22.04 tiff.

    References

    @@ -1397,11 +1685,11 @@

    Remediation

    There is no fixed version for Ubuntu:22.04 shadow.

    References

    @@ -1723,6 +2011,10 @@

    References

  • FEDORA
  • FEDORA
  • FEDORA
    • +
  • FEDORA
    • +
  • FEDORA
    • +
  • FEDORA
    • +
  • FEDORA
    • @@ -1798,12 +2090,12 @@

    Remediation

    There is no fixed version for Ubuntu:22.04 pcre3.

    References

    @@ -1960,13 +2252,13 @@

    Remediation

    There is no fixed version for Ubuntu:22.04 patch.

    References

    @@ -2049,6 +2341,7 @@

    References

  • ADVISORY
  • CONFIRM
  • CONFIRM
    • +
  • CONFIRM
    • @@ -2355,6 +2648,7 @@

    References

  • ADVISORY
  • MISC
  • MISC
    • +
  • CONFIRM
    • @@ -2697,11 +2991,11 @@

    Remediation

    There is no fixed version for Ubuntu:22.04 jbigkit.

    References

    @@ -3329,9 +3623,9 @@

    Remediation

    There is no fixed version for Ubuntu:22.04 git.

    References

    @@ -3409,11 +3703,11 @@

    Remediation

    There is no fixed version for Ubuntu:22.04 coreutils.

    References

    @@ -3919,11 +4213,11 @@

    Remediation

    There is no fixed version for Ubuntu:22.04 binutils.

    References

    @@ -4429,9 +4723,9 @@

    Remediation

    There is no fixed version for Ubuntu:22.04 binutils.

    References

    diff --git a/docs/snyk/v2.2.15/redis_6.2.7-alpine.html b/docs/snyk/v2.2.15/redis_6.2.7-alpine.html index bcca6e602cbb2..e2c4c7b47e9bd 100644 --- a/docs/snyk/v2.2.15/redis_6.2.7-alpine.html +++ b/docs/snyk/v2.2.15/redis_6.2.7-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 23rd 2022, 12:52:56 am

    +

    October 30th 2022, 12:29:23 am

    Scanned the following path: diff --git a/docs/snyk/v2.3.10/argocd-iac-install.html b/docs/snyk/v2.3.10/argocd-iac-install.html index 10d16ff6d8fea..65c9b917ebdd4 100644 --- a/docs/snyk/v2.3.10/argocd-iac-install.html +++ b/docs/snyk/v2.3.10/argocd-iac-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 23rd 2022, 12:50:54 am

    +

    October 30th 2022, 12:27:23 am

    Scanned the following path: diff --git a/docs/snyk/v2.3.10/argocd-iac-namespace-install.html b/docs/snyk/v2.3.10/argocd-iac-namespace-install.html index 20b5ac35220b5..3156dbd1385e1 100644 --- a/docs/snyk/v2.3.10/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.3.10/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 23rd 2022, 12:51:36 am

    +

    October 30th 2022, 12:28:00 am

    Scanned the following path: diff --git a/docs/snyk/v2.3.10/argocd-test.html b/docs/snyk/v2.3.10/argocd-test.html index fae1b6663d873..51460380dcd5b 100644 --- a/docs/snyk/v2.3.10/argocd-test.html +++ b/docs/snyk/v2.3.10/argocd-test.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 23rd 2022, 12:48:51 am

    +

    October 30th 2022, 12:25:27 am

    Scanned the following paths: diff --git a/docs/snyk/v2.3.10/ghcr.io_dexidp_dex_v2.35.3-distroless.html b/docs/snyk/v2.3.10/ghcr.io_dexidp_dex_v2.35.3-distroless.html index ca048f4429c47..a8415413a91a1 100644 --- a/docs/snyk/v2.3.10/ghcr.io_dexidp_dex_v2.35.3-distroless.html +++ b/docs/snyk/v2.3.10/ghcr.io_dexidp_dex_v2.35.3-distroless.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 23rd 2022, 12:48:57 am

    +

    October 30th 2022, 12:25:32 am

    Scanned the following path: diff --git a/docs/snyk/v2.3.10/haproxy_2.0.29-alpine.html b/docs/snyk/v2.3.10/haproxy_2.0.29-alpine.html index 696960a669055..edf2b4dbe8019 100644 --- a/docs/snyk/v2.3.10/haproxy_2.0.29-alpine.html +++ b/docs/snyk/v2.3.10/haproxy_2.0.29-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 23rd 2022, 12:49:00 am

    +

    October 30th 2022, 12:25:35 am

    Scanned the following path: diff --git a/docs/snyk/v2.3.10/quay.io_argoproj_argocd-applicationset_v0.4.1.html b/docs/snyk/v2.3.10/quay.io_argoproj_argocd-applicationset_v0.4.1.html index 8e1cc2f8130e6..24bca8a37301f 100644 --- a/docs/snyk/v2.3.10/quay.io_argoproj_argocd-applicationset_v0.4.1.html +++ b/docs/snyk/v2.3.10/quay.io_argoproj_argocd-applicationset_v0.4.1.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 23rd 2022, 12:49:16 am

    +

    October 30th 2022, 12:25:50 am

    Scanned the following path: @@ -4947,6 +4947,7 @@

    References

  • DEBIAN
  • MLIST
  • CONFIRM
    • +
  • CONFIRM
    • @@ -5019,6 +5020,7 @@

    References

  • FEDORA
  • DEBIAN
  • CONFIRM
    • +
  • CONFIRM
    • @@ -5092,6 +5094,7 @@

    References

  • DEBIAN
  • MLIST
  • CONFIRM
    • +
  • CONFIRM
    • @@ -5164,6 +5167,7 @@

    References

  • FEDORA
  • DEBIAN
  • CONFIRM
    • +
  • CONFIRM
    • @@ -5308,6 +5312,10 @@

    References

  • ADVISORY
  • MISC
  • N/A
    • +
  • CONFIRM
    • +
  • CONFIRM
    • +
  • CONFIRM
    • +
  • CONFIRM
    • @@ -5566,11 +5574,11 @@

    Remediation

    There is no fixed version for Ubuntu:21.10 shadow.

    References

    @@ -5731,12 +5739,12 @@

    Remediation

    There is no fixed version for Ubuntu:21.10 pcre3.

    References

    @@ -5810,6 +5818,7 @@

    References

  • FEDORA
  • FEDORA
  • FEDORA
    • +
  • CONFIRM
    • @@ -5884,6 +5893,7 @@

    References

  • FEDORA
  • FEDORA
  • FEDORA
    • +
  • CONFIRM
    • @@ -5948,13 +5958,13 @@

    Remediation

    There is no fixed version for Ubuntu:21.10 patch.

    References

    @@ -6430,6 +6440,7 @@

    References

  • ADVISORY
  • MISC
  • MISC
    • +
  • CONFIRM
    • @@ -7445,9 +7456,9 @@

    Remediation

    There is no fixed version for Ubuntu:21.10 git.

    References

    @@ -7806,11 +7817,11 @@

    Remediation

    There is no fixed version for Ubuntu:21.10 coreutils.

    References

    diff --git a/docs/snyk/v2.3.10/quay.io_argoproj_argocd_v2.3.10.html b/docs/snyk/v2.3.10/quay.io_argoproj_argocd_v2.3.10.html index e148b8af8fa69..c5967593735df 100644 --- a/docs/snyk/v2.3.10/quay.io_argoproj_argocd_v2.3.10.html +++ b/docs/snyk/v2.3.10/quay.io_argoproj_argocd_v2.3.10.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 23rd 2022, 12:49:47 am

    +

    October 30th 2022, 12:26:21 am

    Scanned the following path: @@ -466,8 +466,8 @@

    Snyk test report

    -
    17 known vulnerabilities
    -
    98 vulnerable dependency paths
    +
    21 known vulnerabilities
    +
    102 vulnerable dependency paths
    162 dependencies
    @@ -585,6 +585,78 @@

    References

    More about this vulnerability

    +
    +
    +

    Improper Validation of Array Index

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + sqlite3/libsqlite3-0 +
      • + +
    • Introduced through: + + + docker-image|quay.io/argoproj/argocd@v2.3.10, gnupg2/gpg@2.2.27-3ubuntu2.1 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.3.10 + + gnupg2/gpg@2.2.27-3ubuntu2.1 + + sqlite3/libsqlite3-0@3.37.2-2 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply to the upstream sqlite3 package.

    +

    SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 sqlite3.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    Improper Verification of Cryptographic Signature

    @@ -791,6 +863,7 @@

    References

    @@ -880,6 +953,8 @@

    References

    @@ -888,6 +963,207 @@

    References

    More about this vulnerability

    +
    +
    +

    CVE-2022-42916

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + curl/libcurl3-gnutls +
      • + +
    • Introduced through: + + + docker-image|quay.io/argoproj/argocd@v2.3.10, git@1:2.34.1-1ubuntu1.4 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.3.10 + + git@1:2.34.1-1ubuntu1.4 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.4 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply to the upstream curl package. + See How to fix? for Ubuntu:22.04 relevant versions.

    +

    In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step) even when HTTP is provided in the URL. This mechanism could be bypassed if the host name in the given URL uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion, e.g., using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop of U+002E (.). The earliest affected version is 7.77.0 2021-05-26.

    +

    Remediation

    +

    Upgrade Ubuntu:22.04 curl to version 7.81.0-1ubuntu1.6 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    CVE-2022-42915

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + curl/libcurl3-gnutls +
      • + +
    • Introduced through: + + + docker-image|quay.io/argoproj/argocd@v2.3.10, git@1:2.34.1-1ubuntu1.4 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.3.10 + + git@1:2.34.1-1ubuntu1.4 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.4 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    This vulnerability has not been analyzed by NVD yet.

    +

    Remediation

    +

    Upgrade Ubuntu:22.04 curl to version 7.81.0-1ubuntu1.6 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    CVE-2022-32221

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + curl/libcurl3-gnutls +
      • + +
    • Introduced through: + + + docker-image|quay.io/argoproj/argocd@v2.3.10, git@1:2.34.1-1ubuntu1.4 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.3.10 + + git@1:2.34.1-1ubuntu1.4 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.4 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    This vulnerability has not been analyzed by NVD yet.

    +

    Remediation

    +

    Upgrade Ubuntu:22.04 curl to version 7.81.0-1ubuntu1.6 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    Time-of-check Time-of-use (TOCTOU)

    @@ -975,11 +1251,11 @@

    Remediation

    There is no fixed version for Ubuntu:22.04 shadow.

    References

    @@ -1055,12 +1331,12 @@

    Remediation

    There is no fixed version for Ubuntu:22.04 pcre3.

    References

    @@ -1191,13 +1467,13 @@

    Remediation

    There is no fixed version for Ubuntu:22.04 patch.

    References

    @@ -1369,6 +1645,7 @@

    References

  • ADVISORY
  • CONFIRM
  • CONFIRM
    • +
  • CONFIRM
    • @@ -1776,6 +2053,7 @@

    References

  • ADVISORY
  • MISC
  • MISC
    • +
  • CONFIRM
    • @@ -2530,9 +2808,9 @@

    Remediation

    There is no fixed version for Ubuntu:22.04 git.

    References

    @@ -2597,11 +2875,11 @@

    Remediation

    There is no fixed version for Ubuntu:22.04 coreutils.

    References

    diff --git a/docs/snyk/v2.3.10/redis_6.2.7-alpine.html b/docs/snyk/v2.3.10/redis_6.2.7-alpine.html index eaa0258acad7c..da39c18052fa9 100644 --- a/docs/snyk/v2.3.10/redis_6.2.7-alpine.html +++ b/docs/snyk/v2.3.10/redis_6.2.7-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 23rd 2022, 12:49:52 am

    +

    October 30th 2022, 12:26:25 am

    Scanned the following path: diff --git a/docs/snyk/v2.4.15/argocd-iac-install.html b/docs/snyk/v2.4.15/argocd-iac-install.html index 467b1699195d6..2e8f85e06abbb 100644 --- a/docs/snyk/v2.4.15/argocd-iac-install.html +++ b/docs/snyk/v2.4.15/argocd-iac-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 23rd 2022, 12:48:26 am

    +

    October 30th 2022, 12:25:04 am

    Scanned the following path: diff --git a/docs/snyk/v2.4.15/argocd-iac-namespace-install.html b/docs/snyk/v2.4.15/argocd-iac-namespace-install.html index 113e7f0fb92d9..d1be6fe914228 100644 --- a/docs/snyk/v2.4.15/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.4.15/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 23rd 2022, 12:48:36 am

    +

    October 30th 2022, 12:25:13 am

    Scanned the following path: diff --git a/docs/snyk/v2.4.15/argocd-test.html b/docs/snyk/v2.4.15/argocd-test.html index 9c41f56d040ca..a57aed508e911 100644 --- a/docs/snyk/v2.4.15/argocd-test.html +++ b/docs/snyk/v2.4.15/argocd-test.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 23rd 2022, 12:46:44 am

    +

    October 30th 2022, 12:23:29 am

    Scanned the following paths: diff --git a/docs/snyk/v2.4.15/ghcr.io_dexidp_dex_v2.35.3-distroless.html b/docs/snyk/v2.4.15/ghcr.io_dexidp_dex_v2.35.3-distroless.html index fbc6fac58df5b..b437521d1696b 100644 --- a/docs/snyk/v2.4.15/ghcr.io_dexidp_dex_v2.35.3-distroless.html +++ b/docs/snyk/v2.4.15/ghcr.io_dexidp_dex_v2.35.3-distroless.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 23rd 2022, 12:46:50 am

    +

    October 30th 2022, 12:23:36 am

    Scanned the following path: diff --git a/docs/snyk/v2.4.15/haproxy_2.0.29-alpine.html b/docs/snyk/v2.4.15/haproxy_2.0.29-alpine.html index a7707a5bf6b40..b3252400d89d1 100644 --- a/docs/snyk/v2.4.15/haproxy_2.0.29-alpine.html +++ b/docs/snyk/v2.4.15/haproxy_2.0.29-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 23rd 2022, 12:46:55 am

    +

    October 30th 2022, 12:23:42 am

    Scanned the following path: diff --git a/docs/snyk/v2.4.15/quay.io_argoproj_argocd_v2.4.15.html b/docs/snyk/v2.4.15/quay.io_argoproj_argocd_v2.4.15.html index 91ab541670b28..8381f2c87b862 100644 --- a/docs/snyk/v2.4.15/quay.io_argoproj_argocd_v2.4.15.html +++ b/docs/snyk/v2.4.15/quay.io_argoproj_argocd_v2.4.15.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 23rd 2022, 12:47:15 am

    +

    October 30th 2022, 12:24:01 am

    Scanned the following path: @@ -466,8 +466,8 @@

    Snyk test report

    -
    17 known vulnerabilities
    -
    98 vulnerable dependency paths
    +
    21 known vulnerabilities
    +
    102 vulnerable dependency paths
    162 dependencies
    @@ -585,6 +585,78 @@

    References

    More about this vulnerability

    +
    +
    +

    Improper Validation of Array Index

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + sqlite3/libsqlite3-0 +
      • + +
    • Introduced through: + + + docker-image|quay.io/argoproj/argocd@v2.4.15, gnupg2/gpg@2.2.27-3ubuntu2.1 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.4.15 + + gnupg2/gpg@2.2.27-3ubuntu2.1 + + sqlite3/libsqlite3-0@3.37.2-2 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply to the upstream sqlite3 package.

    +

    SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 sqlite3.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    Improper Verification of Cryptographic Signature

    @@ -791,6 +863,7 @@

    References

    @@ -880,6 +953,8 @@

    References

    @@ -888,6 +963,207 @@

    References

    More about this vulnerability

    +
    +
    +

    CVE-2022-42916

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + curl/libcurl3-gnutls +
      • + +
    • Introduced through: + + + docker-image|quay.io/argoproj/argocd@v2.4.15, git@1:2.34.1-1ubuntu1.4 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.4.15 + + git@1:2.34.1-1ubuntu1.4 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.4 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply to the upstream curl package. + See How to fix? for Ubuntu:22.04 relevant versions.

    +

    In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step) even when HTTP is provided in the URL. This mechanism could be bypassed if the host name in the given URL uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion, e.g., using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop of U+002E (.). The earliest affected version is 7.77.0 2021-05-26.

    +

    Remediation

    +

    Upgrade Ubuntu:22.04 curl to version 7.81.0-1ubuntu1.6 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    CVE-2022-42915

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + curl/libcurl3-gnutls +
      • + +
    • Introduced through: + + + docker-image|quay.io/argoproj/argocd@v2.4.15, git@1:2.34.1-1ubuntu1.4 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.4.15 + + git@1:2.34.1-1ubuntu1.4 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.4 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    This vulnerability has not been analyzed by NVD yet.

    +

    Remediation

    +

    Upgrade Ubuntu:22.04 curl to version 7.81.0-1ubuntu1.6 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    CVE-2022-32221

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + curl/libcurl3-gnutls +
      • + +
    • Introduced through: + + + docker-image|quay.io/argoproj/argocd@v2.4.15, git@1:2.34.1-1ubuntu1.4 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.4.15 + + git@1:2.34.1-1ubuntu1.4 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.4 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    This vulnerability has not been analyzed by NVD yet.

    +

    Remediation

    +

    Upgrade Ubuntu:22.04 curl to version 7.81.0-1ubuntu1.6 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    Time-of-check Time-of-use (TOCTOU)

    @@ -975,11 +1251,11 @@

    Remediation

    There is no fixed version for Ubuntu:22.04 shadow.

    References

    @@ -1055,12 +1331,12 @@

    Remediation

    There is no fixed version for Ubuntu:22.04 pcre3.

    References

    @@ -1191,13 +1467,13 @@

    Remediation

    There is no fixed version for Ubuntu:22.04 patch.

    References

    @@ -1369,6 +1645,7 @@

    References

  • ADVISORY
  • CONFIRM
  • CONFIRM
    • +
  • CONFIRM
    • @@ -1776,6 +2053,7 @@

    References

  • ADVISORY
  • MISC
  • MISC
    • +
  • CONFIRM
    • @@ -2530,9 +2808,9 @@

    Remediation

    There is no fixed version for Ubuntu:22.04 git.

    References

    @@ -2597,11 +2875,11 @@

    Remediation

    There is no fixed version for Ubuntu:22.04 coreutils.

    References

    diff --git a/docs/snyk/v2.4.15/redis_7.0.4-alpine.html b/docs/snyk/v2.4.15/redis_7.0.4-alpine.html index 4a3e240aaa0ef..ad1c5cd591c69 100644 --- a/docs/snyk/v2.4.15/redis_7.0.4-alpine.html +++ b/docs/snyk/v2.4.15/redis_7.0.4-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 23rd 2022, 12:47:20 am

    +

    October 30th 2022, 12:24:06 am

    Scanned the following path: diff --git a/docs/snyk/v2.5.0-rc3/argocd-iac-install.html b/docs/snyk/v2.5.0-rc3/argocd-iac-install.html index 1383f0cc895f9..d29cae2a9240c 100644 --- a/docs/snyk/v2.5.0-rc3/argocd-iac-install.html +++ b/docs/snyk/v2.5.0-rc3/argocd-iac-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 23rd 2022, 12:46:14 am

    +

    October 30th 2022, 12:22:59 am

    Scanned the following path: diff --git a/docs/snyk/v2.5.0-rc3/argocd-iac-namespace-install.html b/docs/snyk/v2.5.0-rc3/argocd-iac-namespace-install.html index 6e44b747ffec6..78a3f0349a1ec 100644 --- a/docs/snyk/v2.5.0-rc3/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.5.0-rc3/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 23rd 2022, 12:46:25 am

    +

    October 30th 2022, 12:23:10 am

    Scanned the following path: diff --git a/docs/snyk/v2.5.0-rc3/argocd-test.html b/docs/snyk/v2.5.0-rc3/argocd-test.html index c6f8dc4e1bcd7..1a400217f9556 100644 --- a/docs/snyk/v2.5.0-rc3/argocd-test.html +++ b/docs/snyk/v2.5.0-rc3/argocd-test.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 23rd 2022, 12:44:33 am

    +

    October 30th 2022, 12:21:25 am

    Scanned the following paths: diff --git a/docs/snyk/v2.5.0-rc3/ghcr.io_dexidp_dex_v2.35.3-distroless.html b/docs/snyk/v2.5.0-rc3/ghcr.io_dexidp_dex_v2.35.3-distroless.html index e1d00ab3365f3..668882f2fbd72 100644 --- a/docs/snyk/v2.5.0-rc3/ghcr.io_dexidp_dex_v2.35.3-distroless.html +++ b/docs/snyk/v2.5.0-rc3/ghcr.io_dexidp_dex_v2.35.3-distroless.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 23rd 2022, 12:44:37 am

    +

    October 30th 2022, 12:21:29 am

    Scanned the following path: diff --git a/docs/snyk/v2.5.0-rc3/haproxy_2.6.2-alpine.html b/docs/snyk/v2.5.0-rc3/haproxy_2.6.2-alpine.html index 2b68e15bb8ac5..c190ae25c2367 100644 --- a/docs/snyk/v2.5.0-rc3/haproxy_2.6.2-alpine.html +++ b/docs/snyk/v2.5.0-rc3/haproxy_2.6.2-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 23rd 2022, 12:44:42 am

    +

    October 30th 2022, 12:21:31 am

    Scanned the following path: diff --git a/docs/snyk/v2.5.0-rc3/quay.io_argoproj_argocd_v2.5.0-rc3.html b/docs/snyk/v2.5.0-rc3/quay.io_argoproj_argocd_v2.5.0-rc3.html index c996a529b2b6f..4133c1c06558c 100644 --- a/docs/snyk/v2.5.0-rc3/quay.io_argoproj_argocd_v2.5.0-rc3.html +++ b/docs/snyk/v2.5.0-rc3/quay.io_argoproj_argocd_v2.5.0-rc3.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 23rd 2022, 12:45:02 am

    +

    October 30th 2022, 12:21:55 am

    Scanned the following path: @@ -466,8 +466,8 @@

    Snyk test report

    -
    18 known vulnerabilities
    -
    99 vulnerable dependency paths
    +
    22 known vulnerabilities
    +
    103 vulnerable dependency paths
    162 dependencies
    @@ -660,6 +660,12 @@

    References

  • MLIST
  • FEDORA
  • FEDORA
    • +
  • CONFIRM
    • +
  • CONFIRM
    • +
  • CONFIRM
    • +
  • CONFIRM
    • +
  • CONFIRM
    • +
  • CONFIRM
    • @@ -668,6 +674,78 @@

    References

    More about this vulnerability

    +
    +
    +

    Improper Validation of Array Index

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + sqlite3/libsqlite3-0 +
      • + +
    • Introduced through: + + + docker-image|quay.io/argoproj/argocd@v2.5.0-rc3, gnupg2/gpg@2.2.27-3ubuntu2.1 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + + gnupg2/gpg@2.2.27-3ubuntu2.1 + + sqlite3/libsqlite3-0@3.37.2-2 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply to the upstream sqlite3 package.

    +

    SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 sqlite3.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    Improper Verification of Cryptographic Signature

    @@ -874,6 +952,7 @@

    References

    @@ -963,6 +1042,8 @@

    References

    @@ -971,6 +1052,207 @@

    References

    More about this vulnerability

    +
    +
    +

    CVE-2022-42916

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + curl/libcurl3-gnutls +
      • + +
    • Introduced through: + + + docker-image|quay.io/argoproj/argocd@v2.5.0-rc3, git@1:2.34.1-1ubuntu1.4 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + + git@1:2.34.1-1ubuntu1.4 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.4 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply to the upstream curl package. + See How to fix? for Ubuntu:22.04 relevant versions.

    +

    In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step) even when HTTP is provided in the URL. This mechanism could be bypassed if the host name in the given URL uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion, e.g., using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop of U+002E (.). The earliest affected version is 7.77.0 2021-05-26.

    +

    Remediation

    +

    Upgrade Ubuntu:22.04 curl to version 7.81.0-1ubuntu1.6 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    CVE-2022-42915

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + curl/libcurl3-gnutls +
      • + +
    • Introduced through: + + + docker-image|quay.io/argoproj/argocd@v2.5.0-rc3, git@1:2.34.1-1ubuntu1.4 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + + git@1:2.34.1-1ubuntu1.4 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.4 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    This vulnerability has not been analyzed by NVD yet.

    +

    Remediation

    +

    Upgrade Ubuntu:22.04 curl to version 7.81.0-1ubuntu1.6 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    CVE-2022-32221

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + curl/libcurl3-gnutls +
      • + +
    • Introduced through: + + + docker-image|quay.io/argoproj/argocd@v2.5.0-rc3, git@1:2.34.1-1ubuntu1.4 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + + git@1:2.34.1-1ubuntu1.4 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.4 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    This vulnerability has not been analyzed by NVD yet.

    +

    Remediation

    +

    Upgrade Ubuntu:22.04 curl to version 7.81.0-1ubuntu1.6 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    Time-of-check Time-of-use (TOCTOU)

    @@ -1058,11 +1340,11 @@

    Remediation

    There is no fixed version for Ubuntu:22.04 shadow.

    References

    @@ -1138,12 +1420,12 @@

    Remediation

    There is no fixed version for Ubuntu:22.04 pcre3.

    References

    @@ -1274,13 +1556,13 @@

    Remediation

    There is no fixed version for Ubuntu:22.04 patch.

    References

    @@ -1452,6 +1734,7 @@

    References

  • ADVISORY
  • CONFIRM
  • CONFIRM
    • +
  • CONFIRM
    • @@ -1859,6 +2142,7 @@

    References

  • ADVISORY
  • MISC
  • MISC
    • +
  • CONFIRM
    • @@ -2613,9 +2897,9 @@

    Remediation

    There is no fixed version for Ubuntu:22.04 git.

    References

    @@ -2680,11 +2964,11 @@

    Remediation

    There is no fixed version for Ubuntu:22.04 coreutils.

    References

    diff --git a/docs/snyk/v2.5.0-rc3/redis_7.0.5-alpine.html b/docs/snyk/v2.5.0-rc3/redis_7.0.5-alpine.html index 22634f68745f8..c5a3ff76bea79 100644 --- a/docs/snyk/v2.5.0-rc3/redis_7.0.5-alpine.html +++ b/docs/snyk/v2.5.0-rc3/redis_7.0.5-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 23rd 2022, 12:45:06 am

    +

    October 30th 2022, 12:21:58 am

    Scanned the following path: From 65306154529e7b45b543f14aa60a16fbabac6459 Mon Sep 17 00:00:00 2001 From: Dan Garfield Date: Mon, 31 Oct 2022 15:31:39 -0600 Subject: [PATCH 011/304] chore: Add retry to cluster generation for testing in hack folder (#11067) * Add retry for cluster generation Signed-off-by: Dan Garfield * Switch to human readable count Signed-off-by: Dan Garfield * fix logic Signed-off-by: Dan Garfield * Add retry for cluster generation Signed-off-by: Dan Garfield * remove superfluous if from previous iteration. Signed-off-by: Dan Garfield * clean up code for final PR Signed-off-by: Dan Garfield Signed-off-by: Dan Garfield Co-authored-by: pasha-codefresh Signed-off-by: emirot --- .../generators/cluster_generator.go | 20 +++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/hack/gen-resources/generators/cluster_generator.go b/hack/gen-resources/generators/cluster_generator.go index 4c2c593bffb7b..520e25c1e7656 100644 --- a/hack/gen-resources/generators/cluster_generator.go +++ b/hack/gen-resources/generators/cluster_generator.go @@ -144,7 +144,7 @@ func (cg *ClusterGenerator) installVCluster(opts *util.GenerateOpts, namespace s return err } log.Print("Execute helm install command") - _, err = cmd.Freestyle("install", releaseName, "vcluster", "--values", opts.ClusterOpts.ValuesFilePath, "--repo", "https://charts.loft.sh", "--namespace", namespace, "--repository-config", "", "--create-namespace", "--wait") + _, err = cmd.Freestyle("upgrade", "--install", releaseName, "vcluster", "--values", opts.ClusterOpts.ValuesFilePath, "--repo", "https://charts.loft.sh", "--namespace", namespace, "--repository-config", "", "--create-namespace", "--wait") if err != nil { return err } @@ -157,11 +157,13 @@ func (cg *ClusterGenerator) getClusterServerUri(namespace string, releaseSuffix return "", err } // TODO: should be moved to service instead pod + log.Printf("Get service for https://" + pod.Status.PodIP + ":8443") return "https://" + pod.Status.PodIP + ":8443", nil } func (cg *ClusterGenerator) retrieveClusterUri(namespace, releaseSuffix string) (string, error) { - for i := 0; i < 3; i++ { + for i := 0; i < 10; i++ { + log.Printf("Attempting to get cluster uri") uri, err := cg.getClusterServerUri(namespace, releaseSuffix) if err != nil { log.Printf("Failed to get cluster uri due to %s", err.Error()) @@ -174,8 +176,8 @@ func (cg *ClusterGenerator) retrieveClusterUri(namespace, releaseSuffix string) } func (cg *ClusterGenerator) Generate(opts *util.GenerateOpts) error { - for i := 0; i < opts.ClusterOpts.Samples; i++ { - log.Printf("Generate cluster #%v", i) + for i := 1; i <= opts.ClusterOpts.Samples; i++ { + log.Printf("Generate cluster #%v of #%v", i, opts.ClusterOpts.Samples) namespace := opts.ClusterOpts.NamespacePrefix + "-" + util.GetRandomString() @@ -193,9 +195,19 @@ func (cg *ClusterGenerator) Generate(opts *util.GenerateOpts) error { log.Print("Get cluster credentials") caData, cert, key, err := cg.getClusterCredentials(namespace, releaseSuffix) + + for o := 0; o < 5; o++ { + if err == nil { + break + } + log.Printf("Failed to get cluster credentials %s, retrying...", releaseSuffix) + time.Sleep(10 * time.Second) + caData, cert, key, err = cg.getClusterCredentials(namespace, releaseSuffix) + } if err != nil { return err } + log.Print("Get cluster server uri") From 1209ec75c0356126a479ece8fa8abf6be4a32a18 Mon Sep 17 00:00:00 2001 From: Jooho Lee Date: Wed, 2 Nov 2022 02:06:35 +0900 Subject: [PATCH 012/304] docs: Add SI Analytics to ArgoCD Users list (#11110) Signed-off-by: emirot --- USERS.md | 1 + 1 file changed, 1 insertion(+) diff --git a/USERS.md b/USERS.md index 6647e2cb730c4..1824d7c06ab44 100644 --- a/USERS.md +++ b/USERS.md @@ -182,6 +182,7 @@ Currently, the following organizations are **officially** using Argo CD: 1. [Saloodo! GmbH](https://www.saloodo.com) 1. [Sap Labs](http://sap.com) 1. [Schwarz IT](https://jobs.schwarz/it-mission) +1. [SI Analytics](https://si-analytics.ai) 1. [Skit](https://skit.ai/) 1. [Skyscanner](https://www.skyscanner.net/) 1. [Smilee.io](https://smilee.io) From 1b0a4aa8e57a9e58513750581df7d7397f7e1a03 Mon Sep 17 00:00:00 2001 From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Date: Tue, 1 Nov 2022 16:15:16 -0400 Subject: [PATCH 013/304] chore: don't generate release notes (#11141) Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: emirot --- .github/workflows/release.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 8699ba424891e..18bf2c3475adb 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -303,7 +303,6 @@ jobs: tag_name: ${{ env.RELEASE_TAG }} draft: ${{ env.DRAFT_RELEASE }} prerelease: ${{ env.PRE_RELEASE }} - generate_release_notes: true body: ${{ steps.release-notes.outputs.content }} # Pre-pended to the generated notes files: | dist/argocd-* From 5ca09e3dbc08eefbc375a2ee861768d57bc13dfd Mon Sep 17 00:00:00 2001 From: Mike Mwanje Date: Wed, 2 Nov 2022 16:43:14 +0300 Subject: [PATCH 014/304] docs: Add AirQo to users list (#11160) Signed-off-by: Mike Mwanje Signed-off-by: Mike Mwanje Signed-off-by: emirot --- USERS.md | 1 + 1 file changed, 1 insertion(+) diff --git a/USERS.md b/USERS.md index 1824d7c06ab44..7aa76abf45ba0 100644 --- a/USERS.md +++ b/USERS.md @@ -11,6 +11,7 @@ Currently, the following organizations are **officially** using Argo CD: 1. [Adevinta](https://www.adevinta.com/) 1. [Adfinis](https://adfinis.com) 1. [Adventure](https://jp.adventurekk.com/) +1. [AirQo](https://airqo.net/) 1. [Akuity](https://akuity.io/) 1. [Alibaba Group](https://www.alibabagroup.com/) 1. [Allianz Direct](https://www.allianzdirect.de/) From e4c522fa7d836bdf6f18ac97412cdea897e0b32f Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Wed, 2 Nov 2022 14:05:49 +0000 Subject: [PATCH 015/304] [Bot] Update Snyk reports (#11162) Signed-off-by: CI Signed-off-by: CI Co-authored-by: CI Signed-off-by: emirot --- docs/snyk/index.md | 71 +- docs/snyk/master/argocd-iac-install.html | 2 +- .../master/argocd-iac-namespace-install.html | 2 +- docs/snyk/master/argocd-test.html | 2 +- ...ghcr.io_dexidp_dex_v2.35.3-distroless.html | 2 +- docs/snyk/master/haproxy_2.6.2-alpine.html | 2 +- .../quay.io_argoproj_argocd_latest.html | 184 +- docs/snyk/master/redis_7.0.5-alpine.html | 2 +- docs/snyk/v2.2.15/argocd-iac-install.html | 2430 --------- .../v2.2.15/argocd-iac-namespace-install.html | 2430 --------- docs/snyk/v2.2.15/argocd-test.html | 1495 ------ ...ghcr.io_dexidp_dex_v2.35.3-distroless.html | 492 -- .../quay.io_argoproj_argocd_v2.2.15.html | 4743 ----------------- docs/snyk/v2.3.10/haproxy_2.0.29-alpine.html | 492 -- docs/snyk/v2.3.10/redis_6.2.7-alpine.html | 492 -- .../argocd-iac-install.html | 2 +- .../argocd-iac-namespace-install.html | 2 +- .../{v2.3.10 => v2.3.11}/argocd-test.html | 2 +- ...ghcr.io_dexidp_dex_v2.35.3-distroless.html | 2 +- .../haproxy_2.0.29-alpine.html | 2 +- ...argoproj_argocd-applicationset_v0.4.1.html | 16 +- .../quay.io_argoproj_argocd_v2.3.11.html} | 1016 +--- .../redis_6.2.7-alpine.html | 2 +- .../argocd-iac-install.html | 2 +- .../argocd-iac-namespace-install.html | 2 +- .../{v2.4.15 => v2.4.16}/argocd-test.html | 2 +- ...ghcr.io_dexidp_dex_v2.35.3-distroless.html | 2 +- .../haproxy_2.0.29-alpine.html | 2 +- .../quay.io_argoproj_argocd_v2.4.16.html} | 1016 +--- .../redis_7.0.4-alpine.html | 2 +- .../argocd-iac-install.html | 2 +- .../argocd-iac-namespace-install.html | 2 +- .../{v2.5.0-rc3 => v2.5.1}/argocd-test.html | 2 +- ...ghcr.io_dexidp_dex_v2.35.3-distroless.html | 2 +- .../haproxy_2.6.2-alpine.html | 2 +- .../quay.io_argoproj_argocd_v2.5.1.html} | 1105 +--- .../redis_7.0.5-alpine.html | 2 +- 37 files changed, 436 insertions(+), 15594 deletions(-) delete mode 100644 docs/snyk/v2.2.15/argocd-iac-install.html delete mode 100644 docs/snyk/v2.2.15/argocd-iac-namespace-install.html delete mode 100644 docs/snyk/v2.2.15/argocd-test.html delete mode 100644 docs/snyk/v2.2.15/ghcr.io_dexidp_dex_v2.35.3-distroless.html delete mode 100644 docs/snyk/v2.2.15/quay.io_argoproj_argocd_v2.2.15.html delete mode 100644 docs/snyk/v2.3.10/haproxy_2.0.29-alpine.html delete mode 100644 docs/snyk/v2.3.10/redis_6.2.7-alpine.html rename docs/snyk/{v2.3.10 => v2.3.11}/argocd-iac-install.html (99%) rename docs/snyk/{v2.3.10 => v2.3.11}/argocd-iac-namespace-install.html (99%) rename docs/snyk/{v2.3.10 => v2.3.11}/argocd-test.html (99%) rename docs/snyk/{v2.4.15 => v2.3.11}/ghcr.io_dexidp_dex_v2.35.3-distroless.html (99%) rename docs/snyk/{v2.2.15 => v2.3.11}/haproxy_2.0.29-alpine.html (99%) rename docs/snyk/{v2.3.10 => v2.3.11}/quay.io_argoproj_argocd-applicationset_v0.4.1.html (99%) rename docs/snyk/{v2.3.10/quay.io_argoproj_argocd_v2.3.10.html => v2.3.11/quay.io_argoproj_argocd_v2.3.11.html} (68%) rename docs/snyk/{v2.2.15 => v2.3.11}/redis_6.2.7-alpine.html (99%) rename docs/snyk/{v2.4.15 => v2.4.16}/argocd-iac-install.html (99%) rename docs/snyk/{v2.4.15 => v2.4.16}/argocd-iac-namespace-install.html (99%) rename docs/snyk/{v2.4.15 => v2.4.16}/argocd-test.html (99%) rename docs/snyk/{v2.5.0-rc3 => v2.4.16}/ghcr.io_dexidp_dex_v2.35.3-distroless.html (99%) rename docs/snyk/{v2.4.15 => v2.4.16}/haproxy_2.0.29-alpine.html (99%) rename docs/snyk/{v2.4.15/quay.io_argoproj_argocd_v2.4.15.html => v2.4.16/quay.io_argoproj_argocd_v2.4.16.html} (68%) rename docs/snyk/{v2.4.15 => v2.4.16}/redis_7.0.4-alpine.html (99%) rename docs/snyk/{v2.5.0-rc3 => v2.5.1}/argocd-iac-install.html (99%) rename docs/snyk/{v2.5.0-rc3 => v2.5.1}/argocd-iac-namespace-install.html (99%) rename docs/snyk/{v2.5.0-rc3 => v2.5.1}/argocd-test.html (99%) rename docs/snyk/{v2.3.10 => v2.5.1}/ghcr.io_dexidp_dex_v2.35.3-distroless.html (99%) rename docs/snyk/{v2.5.0-rc3 => v2.5.1}/haproxy_2.6.2-alpine.html (99%) rename docs/snyk/{v2.5.0-rc3/quay.io_argoproj_argocd_v2.5.0-rc3.html => v2.5.1/quay.io_argoproj_argocd_v2.5.1.html} (65%) rename docs/snyk/{v2.5.0-rc3 => v2.5.1}/redis_7.0.5-alpine.html (99%) diff --git a/docs/snyk/index.md b/docs/snyk/index.md index b8af331a9868b..ca1840a1f8e28 100644 --- a/docs/snyk/index.md +++ b/docs/snyk/index.md @@ -17,60 +17,47 @@ recent minor releases. | [ui/yarn.lock](master/argocd-test.html) | 0 | 0 | 3 | 0 | | [dex:v2.35.3-distroless](master/ghcr.io_dexidp_dex_v2.35.3-distroless.html) | 0 | 0 | 0 | 0 | | [haproxy:2.6.2-alpine](master/haproxy_2.6.2-alpine.html) | 0 | 0 | 0 | 0 | -| [argocd:latest](master/quay.io_argoproj_argocd_latest.html) | 0 | 0 | 1 | 13 | +| [argocd:latest](master/quay.io_argoproj_argocd_latest.html) | 0 | 0 | 1 | 12 | | [redis:7.0.5-alpine](master/redis_7.0.5-alpine.html) | 0 | 0 | 0 | 0 | | [install.yaml](master/argocd-iac-install.html) | - | - | - | - | | [namespace-install.yaml](master/argocd-iac-namespace-install.html) | - | - | - | - | -### v2.5.0-rc3 +### v2.5.1 | | Critical | High | Medium | Low | |---:|:--------:|:----:|:------:|:---:| -| [go.mod](v2.5.0-rc3/argocd-test.html) | 0 | 0 | 2 | 0 | -| [ui/yarn.lock](v2.5.0-rc3/argocd-test.html) | 0 | 0 | 3 | 0 | -| [dex:v2.35.3-distroless](v2.5.0-rc3/ghcr.io_dexidp_dex_v2.35.3-distroless.html) | 0 | 0 | 0 | 0 | -| [haproxy:2.6.2-alpine](v2.5.0-rc3/haproxy_2.6.2-alpine.html) | 0 | 0 | 0 | 0 | -| [argocd:v2.5.0-rc3](v2.5.0-rc3/quay.io_argoproj_argocd_v2.5.0-rc3.html) | 0 | 1 | 8 | 13 | -| [redis:7.0.5-alpine](v2.5.0-rc3/redis_7.0.5-alpine.html) | 0 | 0 | 0 | 0 | -| [install.yaml](v2.5.0-rc3/argocd-iac-install.html) | - | - | - | - | -| [namespace-install.yaml](v2.5.0-rc3/argocd-iac-namespace-install.html) | - | - | - | - | +| [go.mod](v2.5.1/argocd-test.html) | 0 | 0 | 2 | 0 | +| [ui/yarn.lock](v2.5.1/argocd-test.html) | 0 | 0 | 3 | 0 | +| [dex:v2.35.3-distroless](v2.5.1/ghcr.io_dexidp_dex_v2.35.3-distroless.html) | 0 | 0 | 0 | 0 | +| [haproxy:2.6.2-alpine](v2.5.1/haproxy_2.6.2-alpine.html) | 0 | 0 | 0 | 0 | +| [argocd:v2.5.1](v2.5.1/quay.io_argoproj_argocd_v2.5.1.html) | 0 | 0 | 1 | 12 | +| [redis:7.0.5-alpine](v2.5.1/redis_7.0.5-alpine.html) | 0 | 0 | 0 | 0 | +| [install.yaml](v2.5.1/argocd-iac-install.html) | - | - | - | - | +| [namespace-install.yaml](v2.5.1/argocd-iac-namespace-install.html) | - | - | - | - | -### v2.4.15 +### v2.4.16 | | Critical | High | Medium | Low | |---:|:--------:|:----:|:------:|:---:| -| [go.mod](v2.4.15/argocd-test.html) | 0 | 0 | 3 | 0 | -| [ui/yarn.lock](v2.4.15/argocd-test.html) | 0 | 0 | 3 | 0 | -| [dex:v2.35.3-distroless](v2.4.15/ghcr.io_dexidp_dex_v2.35.3-distroless.html) | 0 | 0 | 0 | 0 | -| [haproxy:2.0.29-alpine](v2.4.15/haproxy_2.0.29-alpine.html) | 0 | 0 | 0 | 0 | -| [argocd:v2.4.15](v2.4.15/quay.io_argoproj_argocd_v2.4.15.html) | 0 | 1 | 7 | 13 | -| [redis:7.0.4-alpine](v2.4.15/redis_7.0.4-alpine.html) | 0 | 0 | 0 | 0 | -| [install.yaml](v2.4.15/argocd-iac-install.html) | - | - | - | - | -| [namespace-install.yaml](v2.4.15/argocd-iac-namespace-install.html) | - | - | - | - | +| [go.mod](v2.4.16/argocd-test.html) | 0 | 0 | 3 | 0 | +| [ui/yarn.lock](v2.4.16/argocd-test.html) | 0 | 0 | 3 | 0 | +| [dex:v2.35.3-distroless](v2.4.16/ghcr.io_dexidp_dex_v2.35.3-distroless.html) | 0 | 0 | 0 | 0 | +| [haproxy:2.0.29-alpine](v2.4.16/haproxy_2.0.29-alpine.html) | 0 | 0 | 0 | 0 | +| [argocd:v2.4.16](v2.4.16/quay.io_argoproj_argocd_v2.4.16.html) | 0 | 0 | 1 | 12 | +| [redis:7.0.4-alpine](v2.4.16/redis_7.0.4-alpine.html) | 0 | 0 | 0 | 0 | +| [install.yaml](v2.4.16/argocd-iac-install.html) | - | - | - | - | +| [namespace-install.yaml](v2.4.16/argocd-iac-namespace-install.html) | - | - | - | - | -### v2.3.10 +### v2.3.11 | | Critical | High | Medium | Low | |---:|:--------:|:----:|:------:|:---:| -| [go.mod](v2.3.10/argocd-test.html) | 0 | 0 | 3 | 0 | -| [ui/yarn.lock](v2.3.10/argocd-test.html) | 0 | 1 | 5 | 0 | -| [dex:v2.35.3-distroless](v2.3.10/ghcr.io_dexidp_dex_v2.35.3-distroless.html) | 0 | 0 | 0 | 0 | -| [haproxy:2.0.29-alpine](v2.3.10/haproxy_2.0.29-alpine.html) | 0 | 0 | 0 | 0 | -| [argocd-applicationset:v0.4.1](v2.3.10/quay.io_argoproj_argocd-applicationset_v0.4.1.html) | 0 | 4 | 38 | 29 | -| [argocd:v2.3.10](v2.3.10/quay.io_argoproj_argocd_v2.3.10.html) | 0 | 1 | 7 | 13 | -| [redis:6.2.7-alpine](v2.3.10/redis_6.2.7-alpine.html) | 0 | 0 | 0 | 0 | -| [install.yaml](v2.3.10/argocd-iac-install.html) | - | - | - | - | -| [namespace-install.yaml](v2.3.10/argocd-iac-namespace-install.html) | - | - | - | - | - -### v2.2.15 - -| | Critical | High | Medium | Low | -|---:|:--------:|:----:|:------:|:---:| -| [go.mod](v2.2.15/argocd-test.html) | 0 | 0 | 4 | 0 | -| [ui/yarn.lock](v2.2.15/argocd-test.html) | 0 | 1 | 5 | 0 | -| [dex:v2.35.3-distroless](v2.2.15/ghcr.io_dexidp_dex_v2.35.3-distroless.html) | 0 | 0 | 0 | 0 | -| [haproxy:2.0.29-alpine](v2.2.15/haproxy_2.0.29-alpine.html) | 0 | 0 | 0 | 0 | -| [argocd:v2.2.15](v2.2.15/quay.io_argoproj_argocd_v2.2.15.html) | 0 | 1 | 7 | 23 | -| [redis:6.2.7-alpine](v2.2.15/redis_6.2.7-alpine.html) | 0 | 0 | 0 | 0 | -| [install.yaml](v2.2.15/argocd-iac-install.html) | - | - | - | - | -| [namespace-install.yaml](v2.2.15/argocd-iac-namespace-install.html) | - | - | - | - | +| [go.mod](v2.3.11/argocd-test.html) | 0 | 0 | 3 | 0 | +| [ui/yarn.lock](v2.3.11/argocd-test.html) | 0 | 1 | 5 | 0 | +| [dex:v2.35.3-distroless](v2.3.11/ghcr.io_dexidp_dex_v2.35.3-distroless.html) | 0 | 0 | 0 | 0 | +| [haproxy:2.0.29-alpine](v2.3.11/haproxy_2.0.29-alpine.html) | 0 | 0 | 0 | 0 | +| [argocd-applicationset:v0.4.1](v2.3.11/quay.io_argoproj_argocd-applicationset_v0.4.1.html) | 0 | 4 | 38 | 29 | +| [argocd:v2.3.11](v2.3.11/quay.io_argoproj_argocd_v2.3.11.html) | 0 | 0 | 1 | 12 | +| [redis:6.2.7-alpine](v2.3.11/redis_6.2.7-alpine.html) | 0 | 0 | 0 | 0 | +| [install.yaml](v2.3.11/argocd-iac-install.html) | - | - | - | - | +| [namespace-install.yaml](v2.3.11/argocd-iac-namespace-install.html) | - | - | - | - | diff --git a/docs/snyk/master/argocd-iac-install.html b/docs/snyk/master/argocd-iac-install.html index 386e75e842964..317abc7e73f45 100644 --- a/docs/snyk/master/argocd-iac-install.html +++ b/docs/snyk/master/argocd-iac-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 30th 2022, 12:21:01 am

    +

    November 2nd 2022, 12:48:46 pm

    Scanned the following path: diff --git a/docs/snyk/master/argocd-iac-namespace-install.html b/docs/snyk/master/argocd-iac-namespace-install.html index 8f20d3c65098d..0b6f6efa2e8c6 100644 --- a/docs/snyk/master/argocd-iac-namespace-install.html +++ b/docs/snyk/master/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 30th 2022, 12:21:12 am

    +

    November 2nd 2022, 12:48:55 pm

    Scanned the following path: diff --git a/docs/snyk/master/argocd-test.html b/docs/snyk/master/argocd-test.html index bc885d3696896..7f8eec366bf77 100644 --- a/docs/snyk/master/argocd-test.html +++ b/docs/snyk/master/argocd-test.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 30th 2022, 12:19:12 am

    +

    November 2nd 2022, 12:47:09 pm

    Scanned the following paths: diff --git a/docs/snyk/master/ghcr.io_dexidp_dex_v2.35.3-distroless.html b/docs/snyk/master/ghcr.io_dexidp_dex_v2.35.3-distroless.html index 0e542ba18702f..51f73536cfb41 100644 --- a/docs/snyk/master/ghcr.io_dexidp_dex_v2.35.3-distroless.html +++ b/docs/snyk/master/ghcr.io_dexidp_dex_v2.35.3-distroless.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 30th 2022, 12:19:27 am

    +

    November 2nd 2022, 12:47:21 pm

    Scanned the following path: diff --git a/docs/snyk/master/haproxy_2.6.2-alpine.html b/docs/snyk/master/haproxy_2.6.2-alpine.html index ac34b0a807ee4..2425fe25e0451 100644 --- a/docs/snyk/master/haproxy_2.6.2-alpine.html +++ b/docs/snyk/master/haproxy_2.6.2-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 30th 2022, 12:19:33 am

    +

    November 2nd 2022, 12:47:29 pm

    Scanned the following path: diff --git a/docs/snyk/master/quay.io_argoproj_argocd_latest.html b/docs/snyk/master/quay.io_argoproj_argocd_latest.html index 0b388b871837f..0ef16f4c5413b 100644 --- a/docs/snyk/master/quay.io_argoproj_argocd_latest.html +++ b/docs/snyk/master/quay.io_argoproj_argocd_latest.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 30th 2022, 12:19:54 am

    +

    November 2nd 2022, 12:47:47 pm

    Scanned the following path: @@ -466,8 +466,8 @@

    Snyk test report

    -
    14 known vulnerabilities
    -
    84 vulnerable dependency paths
    +
    13 known vulnerabilities
    +
    75 vulnerable dependency paths
    162 dependencies
    @@ -548,6 +548,7 @@

    References

  • CONFIRM
  • CONFIRM
  • MISC
    • +
  • GENTOO
    • @@ -648,6 +649,7 @@

    References

  • MLIST
  • RedHat Bugzilla Bug
  • RedHat CVE Database
    • +
  • GENTOO
    • @@ -874,178 +876,6 @@

    References

    More about this vulnerability

    -
    -
    -

    NULL Pointer Dereference

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - openssl/libssl3 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@latest and openssl/libssl3@3.0.2-0ubuntu1.6 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - openssl/libssl3@3.0.2-0ubuntu1.6 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1 - - openssl/libssl3@3.0.2-0ubuntu1.6 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - libfido2/libfido2-1@1.10.0-1 - - openssl/libssl3@3.0.2-0ubuntu1.6 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - openssh/openssh-client@1:8.9p1-3 - - openssl/libssl3@3.0.2-0ubuntu1.6 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - ca-certificates@20211016 - - openssl@3.0.2-0ubuntu1.6 - - openssl/libssl3@3.0.2-0ubuntu1.6 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - git@1:2.34.1-1ubuntu1.5 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.6 - - libssh/libssh-4@0.9.6-2build1 - - openssl/libssl3@3.0.2-0ubuntu1.6 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2 - - pam/libpam-modules@1.4.0-11ubuntu2 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2 - - krb5/libkrb5-3@1.19.2-2 - - openssl/libssl3@3.0.2-0ubuntu1.6 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - openssl@3.0.2-0ubuntu1.6 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - ca-certificates@20211016 - - openssl@3.0.2-0ubuntu1.6 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply to the upstream openssl package.

    -

    OpenSSL supports creating a custom cipher via the legacy EVP_CIPHER_meth_new() function and associated function calls. This function was deprecated in OpenSSL 3.0 and application authors are instead encouraged to use the new provider mechanism in order to implement custom ciphers. OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy custom ciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and EVP_CipherInit_ex2() functions (as well as other similarly named encryption and decryption initialisation functions). Instead of using the custom cipher directly it incorrectly tries to fetch an equivalent cipher from the available providers. An equivalent cipher is found based on the NID passed to EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NID for a given cipher. However it is possible for an application to incorrectly pass NID_undef as this value in the call to EVP_CIPHER_meth_new(). When NID_undef is used in this way the OpenSSL encryption/decryption initialisation function will match the NULL cipher as being equivalent and will fetch this from the available providers. This will succeed if the default provider has been loaded (or if a third party provider has been loaded that offers this cipher). Using the NULL cipher means that the plaintext is emitted as the ciphertext. Applications are only affected by this issue if they call EVP_CIPHER_meth_new() using NID_undef and subsequently use it in a call to an encryption/decryption initialisation function. Applications that only use SSL/TLS are not impacted by this issue. Fixed in OpenSSL 3.0.6 (Affected 3.0.0-3.0.5).

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 openssl.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    -

    CVE-2021-41617

    @@ -1446,6 +1276,8 @@

    References

  • MISC
  • MISC
  • CONFIRM
    • +
  • MLIST
    • +
  • FULLDISC
    • diff --git a/docs/snyk/master/redis_7.0.5-alpine.html b/docs/snyk/master/redis_7.0.5-alpine.html index b841339c1dc2d..b83ae218b2643 100644 --- a/docs/snyk/master/redis_7.0.5-alpine.html +++ b/docs/snyk/master/redis_7.0.5-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 30th 2022, 12:19:59 am

    +

    November 2nd 2022, 12:47:53 pm

    Scanned the following path: diff --git a/docs/snyk/v2.2.15/argocd-iac-install.html b/docs/snyk/v2.2.15/argocd-iac-install.html deleted file mode 100644 index a0edf272b5831..0000000000000 --- a/docs/snyk/v2.2.15/argocd-iac-install.html +++ /dev/null @@ -1,2430 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    October 30th 2022, 12:29:41 am

    -
    -
    - Scanned the following path: -
      -
    • /argo-cd/manifests/install.yaml (Kubernetes)
      • -
    -
    - -
    -
    35 total issues
    -
    -
    -
    -
    - -
    - - - - - - -
    Project manifests/install.yaml
    Path /argo-cd/manifests/install.yaml
    Project Type Kubernetes
    -
    -
    -
    -

    Container does not drop all default capabilities

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-6 -
      • - -
    • Introduced through: - [DocId: 30] - - input - - spec - - template - - spec - - containers[dex] - - securityContext - - capabilities - - drop - -
      • - -
    • - Line number: 3067 -
      • -
    - -
    - -

    Impact

    -

    Containers are running with potentially unnecessary privileges

    - -

    Remediation

    -

    Add `ALL` to `securityContext.capabilities.drop` list, and add only required capabilities in `securityContext.capabilities.add`

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container does not drop all default capabilities

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-6 -
      • - -
    • Introduced through: - [DocId: 30] - - input - - spec - - template - - spec - - initContainers[copyutil] - - securityContext - - capabilities - - drop - -
      • - -
    • - Line number: 3077 -
      • -
    - -
    - -

    Impact

    -

    Containers are running with potentially unnecessary privileges

    - -

    Remediation

    -

    Add `ALL` to `securityContext.capabilities.drop` list, and add only required capabilities in `securityContext.capabilities.add`

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container does not drop all default capabilities

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-6 -
      • - -
    • Introduced through: - [DocId: 31] - - input - - spec - - template - - spec - - containers[redis] - - securityContext - - capabilities - - drop - -
      • - -
    • - Line number: 3130 -
      • -
    - -
    - -

    Impact

    -

    Containers are running with potentially unnecessary privileges

    - -

    Remediation

    -

    Add `ALL` to `securityContext.capabilities.drop` list, and add only required capabilities in `securityContext.capabilities.add`

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container does not drop all default capabilities

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-6 -
      • - -
    • Introduced through: - [DocId: 32] - - input - - spec - - template - - spec - - initContainers[copyutil] - - securityContext - - capabilities - - drop - -
      • - -
    • - Line number: 3313 -
      • -
    - -
    - -

    Impact

    -

    Containers are running with potentially unnecessary privileges

    - -

    Remediation

    -

    Add `ALL` to `securityContext.capabilities.drop` list, and add only required capabilities in `securityContext.capabilities.add`

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without privilege escalation control

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-9 -
      • - -
    • Introduced through: - [DocId: 30] - - input - - spec - - template - - spec - - initContainers[copyutil] - - securityContext - - allowPrivilegeEscalation - -
      • - -
    • - Line number: 3077 -
      • -
    - -
    - -

    Impact

    -

    Processes could elevate current privileges via known vectors, for example SUID binaries

    - -

    Remediation

    -

    Set `securityContext.allowPrivilegeEscalation` to `false`

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without privilege escalation control

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-9 -
      • - -
    • Introduced through: - [DocId: 31] - - input - - spec - - template - - spec - - containers[redis] - - securityContext - - allowPrivilegeEscalation - -
      • - -
    • - Line number: 3130 -
      • -
    - -
    - -

    Impact

    -

    Processes could elevate current privileges via known vectors, for example SUID binaries

    - -

    Remediation

    -

    Set `securityContext.allowPrivilegeEscalation` to `false`

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without privilege escalation control

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-9 -
      • - -
    • Introduced through: - [DocId: 32] - - input - - spec - - template - - spec - - initContainers[copyutil] - - securityContext - - allowPrivilegeEscalation - -
      • - -
    • - Line number: 3313 -
      • -
    - -
    - -

    Impact

    -

    Processes could elevate current privileges via known vectors, for example SUID binaries

    - -

    Remediation

    -

    Set `securityContext.allowPrivilegeEscalation` to `false`

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without root user control

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-10 -
      • - -
    • Introduced through: - [DocId: 30] - - input - - spec - - template - - spec - - initContainers[copyutil] - - securityContext - - runAsNonRoot - -
      • - -
    • - Line number: 3077 -
      • -
    - -
    - -

    Impact

    -

    Container could be running with full administrative privileges

    - -

    Remediation

    -

    Set `securityContext.runAsNonRoot` to `true`

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without root user control

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-10 -
      • - -
    • Introduced through: - [DocId: 32] - - input - - spec - - template - - spec - - initContainers[copyutil] - - securityContext - - runAsNonRoot - -
      • - -
    • - Line number: 3313 -
      • -
    - -
    - -

    Impact

    -

    Container could be running with full administrative privileges

    - -

    Remediation

    -

    Set `securityContext.runAsNonRoot` to `true`

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 6] - - role - - rules[0] - - resources - -
      • - -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions

    - -

    Remediation

    -

    Consider removing this permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 7] - - role - - rules[0] - - resources - -
      • - -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions

    - -

    Remediation

    -

    Consider removing this permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 8] - - role - - rules[0] - - resources - -
      • - -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions

    - -

    Remediation

    -

    Consider removing this permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container could be running with outdated image

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-42 -
      • - -
    • Introduced through: - [DocId: 32] - - spec - - template - - spec - - initContainers[copyutil] - - imagePullPolicy - -
      • - -
    • - Line number: 3313 -
      • -
    - -
    - -

    Impact

    -

    The container may run with outdated or unauthorized image

    - -

    Remediation

    -

    Set `imagePullPolicy` attribute to `Always`

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 30] - - input - - spec - - template - - spec - - initContainers[copyutil] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 3077 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 30] - - input - - spec - - template - - spec - - containers[dex] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 3057 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 31] - - input - - spec - - template - - spec - - containers[redis] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 3130 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 32] - - input - - spec - - template - - spec - - initContainers[copyutil] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 3313 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 32] - - input - - spec - - template - - spec - - containers[argocd-repo-server] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 3179 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 33] - - input - - spec - - template - - spec - - containers[argocd-server] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 3388 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 34] - - input - - spec - - template - - spec - - containers[argocd-application-controller] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 3638 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running with multiple open ports

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-36 -
      • - -
    • Introduced through: - [DocId: 30] - - spec - - template - - spec - - containers[dex] - - ports - -
      • - -
    • - Line number: 3064 -
      • -
    - -
    - -

    Impact

    -

    Increases the attack surface of the application and the container.

    - -

    Remediation

    -

    Reduce `ports` count to 2

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running with writable root filesystem

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-8 -
      • - -
    • Introduced through: - [DocId: 30] - - input - - spec - - template - - spec - - initContainers[copyutil] - - securityContext - - readOnlyRootFilesystem - -
      • - -
    • - Line number: 3077 -
      • -
    - -
    - -

    Impact

    -

    Compromised process could abuse writable root filesystem to elevate privileges

    - -

    Remediation

    -

    Set `securityContext.readOnlyRootFilesystem` to `true`

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running with writable root filesystem

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-8 -
      • - -
    • Introduced through: - [DocId: 31] - - input - - spec - - template - - spec - - containers[redis] - - securityContext - - readOnlyRootFilesystem - -
      • - -
    • - Line number: 3130 -
      • -
    - -
    - -

    Impact

    -

    Compromised process could abuse writable root filesystem to elevate privileges

    - -

    Remediation

    -

    Set `securityContext.readOnlyRootFilesystem` to `true`

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running with writable root filesystem

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-8 -
      • - -
    • Introduced through: - [DocId: 32] - - input - - spec - - template - - spec - - initContainers[copyutil] - - securityContext - - readOnlyRootFilesystem - -
      • - -
    • - Line number: 3313 -
      • -
    - -
    - -

    Impact

    -

    Compromised process could abuse writable root filesystem to elevate privileges

    - -

    Remediation

    -

    Set `securityContext.readOnlyRootFilesystem` to `true`

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without liveness probe

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-41 -
      • - -
    • Introduced through: - [DocId: 30] - - spec - - template - - spec - - containers[dex] - - livenessProbe - -
      • - -
    • - Line number: 3057 -
      • -
    - -
    - -

    Impact

    -

    Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

    - -

    Remediation

    -

    Add `livenessProbe` attribute

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without liveness probe

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-41 -
      • - -
    • Introduced through: - [DocId: 30] - - spec - - template - - spec - - initContainers[copyutil] - - livenessProbe - -
      • - -
    • - Line number: 3077 -
      • -
    - -
    - -

    Impact

    -

    Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

    - -

    Remediation

    -

    Add `livenessProbe` attribute

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without liveness probe

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-41 -
      • - -
    • Introduced through: - [DocId: 31] - - spec - - template - - spec - - containers[redis] - - livenessProbe - -
      • - -
    • - Line number: 3130 -
      • -
    - -
    - -

    Impact

    -

    Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

    - -

    Remediation

    -

    Add `livenessProbe` attribute

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without liveness probe

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-41 -
      • - -
    • Introduced through: - [DocId: 32] - - spec - - template - - spec - - initContainers[copyutil] - - livenessProbe - -
      • - -
    • - Line number: 3313 -
      • -
    - -
    - -

    Impact

    -

    Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

    - -

    Remediation

    -

    Add `livenessProbe` attribute

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 30] - - input - - spec - - template - - spec - - containers[dex] - - resources - - limits - - memory - -
      • - -
    • - Line number: 3057 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 30] - - input - - spec - - template - - spec - - initContainers[copyutil] - - resources - - limits - - memory - -
      • - -
    • - Line number: 3077 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 31] - - input - - spec - - template - - spec - - containers[redis] - - resources - - limits - - memory - -
      • - -
    • - Line number: 3130 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 32] - - input - - spec - - template - - spec - - initContainers[copyutil] - - resources - - limits - - memory - -
      • - -
    • - Line number: 3313 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 32] - - input - - spec - - template - - spec - - containers[argocd-repo-server] - - resources - - limits - - memory - -
      • - -
    • - Line number: 3179 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 33] - - input - - spec - - template - - spec - - containers[argocd-server] - - resources - - limits - - memory - -
      • - -
    • - Line number: 3388 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 34] - - input - - spec - - template - - spec - - containers[argocd-application-controller] - - resources - - limits - - memory - -
      • - -
    • - Line number: 3638 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -
    - -
    - - - diff --git a/docs/snyk/v2.2.15/argocd-iac-namespace-install.html b/docs/snyk/v2.2.15/argocd-iac-namespace-install.html deleted file mode 100644 index 5b87513e90510..0000000000000 --- a/docs/snyk/v2.2.15/argocd-iac-namespace-install.html +++ /dev/null @@ -1,2430 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    October 30th 2022, 12:29:48 am

    -
    -
    - Scanned the following path: -
      -
    • /argo-cd/manifests/namespace-install.yaml (Kubernetes)
      • -
    -
    - -
    -
    35 total issues
    -
    -
    -
    -
    - -
    - - - - - - -
    Project manifests/namespace-install.yaml
    Path /argo-cd/manifests/namespace-install.yaml
    Project Type Kubernetes
    -
    -
    -
    -

    Container does not drop all default capabilities

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-6 -
      • - -
    • Introduced through: - [DocId: 24] - - input - - spec - - template - - spec - - containers[dex] - - securityContext - - capabilities - - drop - -
      • - -
    • - Line number: 426 -
      • -
    - -
    - -

    Impact

    -

    Containers are running with potentially unnecessary privileges

    - -

    Remediation

    -

    Add `ALL` to `securityContext.capabilities.drop` list, and add only required capabilities in `securityContext.capabilities.add`

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container does not drop all default capabilities

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-6 -
      • - -
    • Introduced through: - [DocId: 24] - - input - - spec - - template - - spec - - initContainers[copyutil] - - securityContext - - capabilities - - drop - -
      • - -
    • - Line number: 436 -
      • -
    - -
    - -

    Impact

    -

    Containers are running with potentially unnecessary privileges

    - -

    Remediation

    -

    Add `ALL` to `securityContext.capabilities.drop` list, and add only required capabilities in `securityContext.capabilities.add`

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container does not drop all default capabilities

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-6 -
      • - -
    • Introduced through: - [DocId: 25] - - input - - spec - - template - - spec - - containers[redis] - - securityContext - - capabilities - - drop - -
      • - -
    • - Line number: 489 -
      • -
    - -
    - -

    Impact

    -

    Containers are running with potentially unnecessary privileges

    - -

    Remediation

    -

    Add `ALL` to `securityContext.capabilities.drop` list, and add only required capabilities in `securityContext.capabilities.add`

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container does not drop all default capabilities

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-6 -
      • - -
    • Introduced through: - [DocId: 26] - - input - - spec - - template - - spec - - initContainers[copyutil] - - securityContext - - capabilities - - drop - -
      • - -
    • - Line number: 672 -
      • -
    - -
    - -

    Impact

    -

    Containers are running with potentially unnecessary privileges

    - -

    Remediation

    -

    Add `ALL` to `securityContext.capabilities.drop` list, and add only required capabilities in `securityContext.capabilities.add`

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without privilege escalation control

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-9 -
      • - -
    • Introduced through: - [DocId: 24] - - input - - spec - - template - - spec - - initContainers[copyutil] - - securityContext - - allowPrivilegeEscalation - -
      • - -
    • - Line number: 436 -
      • -
    - -
    - -

    Impact

    -

    Processes could elevate current privileges via known vectors, for example SUID binaries

    - -

    Remediation

    -

    Set `securityContext.allowPrivilegeEscalation` to `false`

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without privilege escalation control

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-9 -
      • - -
    • Introduced through: - [DocId: 25] - - input - - spec - - template - - spec - - containers[redis] - - securityContext - - allowPrivilegeEscalation - -
      • - -
    • - Line number: 489 -
      • -
    - -
    - -

    Impact

    -

    Processes could elevate current privileges via known vectors, for example SUID binaries

    - -

    Remediation

    -

    Set `securityContext.allowPrivilegeEscalation` to `false`

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without privilege escalation control

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-9 -
      • - -
    • Introduced through: - [DocId: 26] - - input - - spec - - template - - spec - - initContainers[copyutil] - - securityContext - - allowPrivilegeEscalation - -
      • - -
    • - Line number: 672 -
      • -
    - -
    - -

    Impact

    -

    Processes could elevate current privileges via known vectors, for example SUID binaries

    - -

    Remediation

    -

    Set `securityContext.allowPrivilegeEscalation` to `false`

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without root user control

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-10 -
      • - -
    • Introduced through: - [DocId: 24] - - input - - spec - - template - - spec - - initContainers[copyutil] - - securityContext - - runAsNonRoot - -
      • - -
    • - Line number: 436 -
      • -
    - -
    - -

    Impact

    -

    Container could be running with full administrative privileges

    - -

    Remediation

    -

    Set `securityContext.runAsNonRoot` to `true`

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without root user control

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-10 -
      • - -
    • Introduced through: - [DocId: 26] - - input - - spec - - template - - spec - - initContainers[copyutil] - - securityContext - - runAsNonRoot - -
      • - -
    • - Line number: 672 -
      • -
    - -
    - -

    Impact

    -

    Container could be running with full administrative privileges

    - -

    Remediation

    -

    Set `securityContext.runAsNonRoot` to `true`

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 4] - - role - - rules[0] - - resources - -
      • - -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions

    - -

    Remediation

    -

    Consider removing this permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 5] - - role - - rules[0] - - resources - -
      • - -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions

    - -

    Remediation

    -

    Consider removing this permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 6] - - role - - rules[0] - - resources - -
      • - -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions

    - -

    Remediation

    -

    Consider removing this permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container could be running with outdated image

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-42 -
      • - -
    • Introduced through: - [DocId: 26] - - spec - - template - - spec - - initContainers[copyutil] - - imagePullPolicy - -
      • - -
    • - Line number: 672 -
      • -
    - -
    - -

    Impact

    -

    The container may run with outdated or unauthorized image

    - -

    Remediation

    -

    Set `imagePullPolicy` attribute to `Always`

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 24] - - input - - spec - - template - - spec - - initContainers[copyutil] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 436 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 24] - - input - - spec - - template - - spec - - containers[dex] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 416 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 25] - - input - - spec - - template - - spec - - containers[redis] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 489 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 26] - - input - - spec - - template - - spec - - initContainers[copyutil] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 672 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 26] - - input - - spec - - template - - spec - - containers[argocd-repo-server] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 538 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 27] - - input - - spec - - template - - spec - - containers[argocd-server] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 747 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 28] - - input - - spec - - template - - spec - - containers[argocd-application-controller] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 997 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running with multiple open ports

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-36 -
      • - -
    • Introduced through: - [DocId: 24] - - spec - - template - - spec - - containers[dex] - - ports - -
      • - -
    • - Line number: 423 -
      • -
    - -
    - -

    Impact

    -

    Increases the attack surface of the application and the container.

    - -

    Remediation

    -

    Reduce `ports` count to 2

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running with writable root filesystem

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-8 -
      • - -
    • Introduced through: - [DocId: 24] - - input - - spec - - template - - spec - - initContainers[copyutil] - - securityContext - - readOnlyRootFilesystem - -
      • - -
    • - Line number: 436 -
      • -
    - -
    - -

    Impact

    -

    Compromised process could abuse writable root filesystem to elevate privileges

    - -

    Remediation

    -

    Set `securityContext.readOnlyRootFilesystem` to `true`

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running with writable root filesystem

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-8 -
      • - -
    • Introduced through: - [DocId: 25] - - input - - spec - - template - - spec - - containers[redis] - - securityContext - - readOnlyRootFilesystem - -
      • - -
    • - Line number: 489 -
      • -
    - -
    - -

    Impact

    -

    Compromised process could abuse writable root filesystem to elevate privileges

    - -

    Remediation

    -

    Set `securityContext.readOnlyRootFilesystem` to `true`

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running with writable root filesystem

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-8 -
      • - -
    • Introduced through: - [DocId: 26] - - input - - spec - - template - - spec - - initContainers[copyutil] - - securityContext - - readOnlyRootFilesystem - -
      • - -
    • - Line number: 672 -
      • -
    - -
    - -

    Impact

    -

    Compromised process could abuse writable root filesystem to elevate privileges

    - -

    Remediation

    -

    Set `securityContext.readOnlyRootFilesystem` to `true`

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without liveness probe

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-41 -
      • - -
    • Introduced through: - [DocId: 24] - - spec - - template - - spec - - containers[dex] - - livenessProbe - -
      • - -
    • - Line number: 416 -
      • -
    - -
    - -

    Impact

    -

    Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

    - -

    Remediation

    -

    Add `livenessProbe` attribute

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without liveness probe

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-41 -
      • - -
    • Introduced through: - [DocId: 24] - - spec - - template - - spec - - initContainers[copyutil] - - livenessProbe - -
      • - -
    • - Line number: 436 -
      • -
    - -
    - -

    Impact

    -

    Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

    - -

    Remediation

    -

    Add `livenessProbe` attribute

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without liveness probe

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-41 -
      • - -
    • Introduced through: - [DocId: 25] - - spec - - template - - spec - - containers[redis] - - livenessProbe - -
      • - -
    • - Line number: 489 -
      • -
    - -
    - -

    Impact

    -

    Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

    - -

    Remediation

    -

    Add `livenessProbe` attribute

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without liveness probe

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-41 -
      • - -
    • Introduced through: - [DocId: 26] - - spec - - template - - spec - - initContainers[copyutil] - - livenessProbe - -
      • - -
    • - Line number: 672 -
      • -
    - -
    - -

    Impact

    -

    Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

    - -

    Remediation

    -

    Add `livenessProbe` attribute

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 24] - - input - - spec - - template - - spec - - containers[dex] - - resources - - limits - - memory - -
      • - -
    • - Line number: 416 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 24] - - input - - spec - - template - - spec - - initContainers[copyutil] - - resources - - limits - - memory - -
      • - -
    • - Line number: 436 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 25] - - input - - spec - - template - - spec - - containers[redis] - - resources - - limits - - memory - -
      • - -
    • - Line number: 489 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 26] - - input - - spec - - template - - spec - - initContainers[copyutil] - - resources - - limits - - memory - -
      • - -
    • - Line number: 672 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 26] - - input - - spec - - template - - spec - - containers[argocd-repo-server] - - resources - - limits - - memory - -
      • - -
    • - Line number: 538 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 27] - - input - - spec - - template - - spec - - containers[argocd-server] - - resources - - limits - - memory - -
      • - -
    • - Line number: 747 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 28] - - input - - spec - - template - - spec - - containers[argocd-application-controller] - - resources - - limits - - memory - -
      • - -
    • - Line number: 997 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -
    - -
    - - - diff --git a/docs/snyk/v2.2.15/argocd-test.html b/docs/snyk/v2.2.15/argocd-test.html deleted file mode 100644 index d84197a2ddc0b..0000000000000 --- a/docs/snyk/v2.2.15/argocd-test.html +++ /dev/null @@ -1,1495 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    October 30th 2022, 12:28:26 am

    -
    -
    - Scanned the following paths: -
      -
    • /argo-cd/argoproj/argo-cd/v2 (gomodules)
    • /argo-cd (yarn)
      • -
    -
    - -
    -
    10 known vulnerabilities
    -
    15 vulnerable dependency paths
    -
    1367 dependencies
    -
    -
    -
    -
    - -
    -
    -
    -

    Regular Expression Denial of Service (ReDoS)

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: npm -
      • -
    • - Vulnerable module: - - moment -
      • - -
    • Introduced through: - - - argo-cd-ui@1.0.0, argo-ui@1.0.0 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - argo-cd-ui@1.0.0 - - argo-ui@1.0.0 - - moment@2.29.1 - - - -
      • -
    • - Introduced through: - argo-cd-ui@1.0.0 - - argo-ui@1.0.0 - - moment-timezone@0.5.33 - - moment@2.29.1 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    moment is a lightweight JavaScript date library for parsing, validating, manipulating, and formatting dates.

    -

    Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the preprocessRFC2822() function in from-string.js, when processing a very long crafted string (over 10k characters).

    -

    PoC:

    - 
    moment("(".repeat(500000))
-
    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.

    -

    The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.

    -

    Let’s take the following regular expression as an example:

    - 
    regex = /A(B|C+)+D/
-
    -

    This regular expression accomplishes the following:

    -
      -
    • A The string must start with the letter 'A'
      • -
    • (B|C+)+ The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the + matches one or more times). The + at the end of this section states that we can look for one or more matches of this section.
      • -
    • D Finally, we ensure this section of the string ends with a 'D'
      • -
    -

    The expression would match inputs such as ABBD, ABCCCCD, ABCBCCCD and ACCCCCD

    -

    It most cases, it doesn't take very long for a regex engine to find a match:

    - 
    $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD")'
-        0.04s user 0.01s system 95% cpu 0.052 total
-        
-        $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX")'
-        1.79s user 0.02s system 99% cpu 1.812 total
-
    -

    The entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.

    -

    Most Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as catastrophic backtracking.

    -

    Let's look at how our expression runs into this problem, using a shorter string: "ACCCX". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:

    -
      -
    1. CCC
      2. -
    2. CC+C
      3. -
    3. C+CC
      4. -
    4. C+C+C.
      5. -
    -

    The engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use RegEx 101 debugger to see the engine has to take a total of 38 steps before it can determine the string doesn't match.

    -

    From there, the number of steps the engine must use to validate a string just continues to grow.

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    StringNumber of C'sNumber of steps
    ACCCX338
    ACCCCX471
    ACCCCCX5136
    ACCCCCCCCCCCCCCX1465,553
    -

    By the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.

    -

    Remediation

    -

    Upgrade moment to version 2.29.4 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Server-side Request Forgery (SSRF)

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: npm -
      • -
    • - Vulnerable module: - - parse-url -
      • - -
    • Introduced through: - - - argo-cd-ui@1.0.0, git-url-parse@11.1.2 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - argo-cd-ui@1.0.0 - - git-url-parse@11.1.2 - - git-up@4.0.5 - - parse-url@6.0.5 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    parse-url is an An advanced url parser supporting git urls too.

    -

    Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) due to improper detection of protocol, resource, and pathname fields. Exploiting this vulnerability results in bypassing protocol verification.

    -

    PoC:

    - 
    import parseUrl from "parse-url";
-        import fetch from 'node-fetch';
-        var parsed=parseUrl("http://nnnn@localhost:808:/?id=xss")
-        if(parsed.resource=="localhost"){
-        console.log("internal network access is blocked")
-        }
-        else{
-           const response = await fetch('http://'+parsed.resource+parsed.pathname);
-                console.log(response)
-         }
-
    -

    Remediation

    -

    Upgrade parse-url to version 8.1.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Input Validation

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: npm -
      • -
    • - Vulnerable module: - - parse-url -
      • - -
    • Introduced through: - - - argo-cd-ui@1.0.0, git-url-parse@11.1.2 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - argo-cd-ui@1.0.0 - - git-url-parse@11.1.2 - - git-up@4.0.5 - - parse-url@6.0.5 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    parse-url is an An advanced url parser supporting git urls too.

    -

    Affected versions of this package are vulnerable to Improper Input Validation due to incorrect parsing of URLs. This allows the attacker to craft a malformed URL which can lead to a phishing attack.

    - 
    
-        const parseUrl = require("parse-url");
-        const Url = require("url");
-        
-        const express = require('express');
-        const app = express();
-        
-        var url = "https://www.google.com:x@fakesite.com:x";
-        parsed = parseUrl(url);
-        console.log("[*]`parse-url` output: ")
-        console.log(parsed);
-        
-        parsed2 = Url.parse(url);
-        console.log("[*]`url` output: ")
-        console.log(parsed2)
-        
-        app.get('/', (req, res) => {
-            if (parsed.host == "www.google.com") {
-                res.send("<a href=\'" + parsed2.href + "\'>CLICK ME!</a>")
-            }
-        })
-        
-        app.listen(8888,"0.0.0.0");
-
    -

    Remediation

    -

    Upgrade parse-url to version 8.1.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Information Exposure

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: npm -
      • -
    • - Vulnerable module: - - node-fetch -
      • - -
    • Introduced through: - - - argo-cd-ui@1.0.0, argo-ui@1.0.0 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - argo-cd-ui@1.0.0 - - argo-ui@1.0.0 - - portable-fetch@3.0.0 - - node-fetch@1.7.3 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    node-fetch is a light-weight module that brings window.fetch to node.js

    -

    Affected versions of this package are vulnerable to Information Exposure when fetching a remote url with Cookie, if it get a Location response header, it will follow that url and try to fetch that url with provided cookie. This can lead to forwarding secure headers to 3th party.

    -

    Remediation

    -

    Upgrade node-fetch to version 2.6.7, 3.1.1 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Denial of Service

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: npm -
      • -
    • - Vulnerable module: - - node-fetch -
      • - -
    • Introduced through: - - - argo-cd-ui@1.0.0, argo-ui@1.0.0 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - argo-cd-ui@1.0.0 - - argo-ui@1.0.0 - - portable-fetch@3.0.0 - - node-fetch@1.7.3 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    node-fetch is a light-weight module that brings window.fetch to node.js

    -

    Affected versions of this package are vulnerable to Denial of Service. Node Fetch did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure.

    -

    Remediation

    -

    Upgrade node-fetch to version 2.6.1, 3.0.0-beta.9 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Regular Expression Denial of Service (ReDoS)

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: npm -
      • -
    • - Vulnerable module: - - minimatch -
      • - -
    • Introduced through: - - argo-cd-ui@1.0.0 and minimatch@3.0.4 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - argo-cd-ui@1.0.0 - - minimatch@3.0.4 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    minimatch is a minimal matching utility.

    -

    Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the braceExpand function in minimatch.js.

    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.

    -

    The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.

    -

    Let’s take the following regular expression as an example:

    - 
    regex = /A(B|C+)+D/
-
    -

    This regular expression accomplishes the following:

    -
      -
    • A The string must start with the letter 'A'
      • -
    • (B|C+)+ The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the + matches one or more times). The + at the end of this section states that we can look for one or more matches of this section.
      • -
    • D Finally, we ensure this section of the string ends with a 'D'
      • -
    -

    The expression would match inputs such as ABBD, ABCCCCD, ABCBCCCD and ACCCCCD

    -

    It most cases, it doesn't take very long for a regex engine to find a match:

    - 
    $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD")'
-        0.04s user 0.01s system 95% cpu 0.052 total
-        
-        $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX")'
-        1.79s user 0.02s system 99% cpu 1.812 total
-
    -

    The entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.

    -

    Most Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as catastrophic backtracking.

    -

    Let's look at how our expression runs into this problem, using a shorter string: "ACCCX". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:

    -
      -
    1. CCC
      2. -
    2. CC+C
      3. -
    3. C+CC
      4. -
    4. C+C+C.
      5. -
    -

    The engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use RegEx 101 debugger to see the engine has to take a total of 38 steps before it can determine the string doesn't match.

    -

    From there, the number of steps the engine must use to validate a string just continues to grow.

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    StringNumber of C'sNumber of steps
    ACCCX338
    ACCCCX471
    ACCCCCX5136
    ACCCCCCCCCCCCCCX1465,553
    -

    By the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.

    -

    Remediation

    -

    Upgrade minimatch to version 3.0.5 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Input Validation

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/text/language -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, sigs.k8s.io/controller-runtime/pkg/envtest@0.8.3 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/envtest@0.8.3 - - sigs.k8s.io/controller-runtime/pkg/internal/testing/integration@0.8.3 - - sigs.k8s.io/controller-runtime/pkg/internal/testing/integration/internal@0.8.3 - - github.com/onsi/gomega/gexec@1.15.0 - - github.com/onsi/gomega@1.15.0 - - github.com/onsi/gomega/matchers@1.15.0 - - golang.org/x/net/html/charset@#491a49abca63 - - golang.org/x/text/encoding/htmlindex@0.3.6 - - golang.org/x/text/language@0.3.6 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Improper Input Validation due to the parser being, by design, exposed to untrusted user input, which can be leveraged to force a program to consume significant time parsing Accept-Language headers.

    -

    Remediation

    -

    Upgrade golang.org/x/text/language to version 0.3.8 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Out-of-bounds Read

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/text/internal/language -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, sigs.k8s.io/controller-runtime/pkg/envtest@0.8.3 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/envtest@0.8.3 - - sigs.k8s.io/controller-runtime/pkg/internal/testing/integration@0.8.3 - - sigs.k8s.io/controller-runtime/pkg/internal/testing/integration/internal@0.8.3 - - github.com/onsi/gomega/gexec@1.15.0 - - github.com/onsi/gomega@1.15.0 - - github.com/onsi/gomega/matchers@1.15.0 - - golang.org/x/net/html/charset@#491a49abca63 - - golang.org/x/text/encoding/htmlindex@0.3.6 - - golang.org/x/text/language@0.3.6 - - golang.org/x/text/internal/language@0.3.6 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/envtest@0.8.3 - - sigs.k8s.io/controller-runtime/pkg/internal/testing/integration@0.8.3 - - sigs.k8s.io/controller-runtime/pkg/internal/testing/integration/internal@0.8.3 - - github.com/onsi/gomega/gexec@1.15.0 - - github.com/onsi/gomega@1.15.0 - - github.com/onsi/gomega/matchers@1.15.0 - - golang.org/x/net/html/charset@#491a49abca63 - - golang.org/x/text/encoding/htmlindex@0.3.6 - - golang.org/x/text/language@0.3.6 - - golang.org/x/text/internal/language/compact@0.3.6 - - golang.org/x/text/internal/language@0.3.6 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Out-of-bounds Read due to improper index calculation, an incorrectly formatted language tag can cause Parse to panic. If Parse is used to process untrusted user inputs, this may be used as a vector for a denial of service attack.

    -

    Remediation

    -

    Upgrade golang.org/x/text/internal/language to version 0.3.7 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Input Validation

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - go.mongodb.org/mongo-driver/bson/bsonrw -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/go-openapi/runtime/middleware@0.19.4 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-openapi/runtime/middleware@0.19.4 - - github.com/go-openapi/validate@0.19.2 - - github.com/go-openapi/strfmt@0.19.3 - - go.mongodb.org/mongo-driver/bson@1.1.1 - - go.mongodb.org/mongo-driver/bson/bsonrw@1.1.1 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-openapi/runtime/middleware@0.19.4 - - github.com/go-openapi/validate@0.19.2 - - github.com/go-openapi/strfmt@0.19.3 - - go.mongodb.org/mongo-driver/bson@1.1.1 - - go.mongodb.org/mongo-driver/bson/bsoncodec@1.1.1 - - go.mongodb.org/mongo-driver/bson/bsonrw@1.1.1 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    go.mongodb.org/mongo-driver/bson/bsonrw is a The MongoDB supported driver for Go.

    -

    Affected versions of this package are vulnerable to Improper Input Validation. Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents.

    -

    Remediation

    -

    Upgrade go.mongodb.org/mongo-driver/bson/bsonrw to version 1.5.1 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Denial of Service (DoS)

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - github.com/prometheus/client_golang/prometheus/promhttp -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/prometheus/client_golang/prometheus/promhttp@1.11.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/prometheus/client_golang/prometheus/promhttp@1.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/component-base/metrics/prometheus/workqueue@0.22.2 - - k8s.io/component-base/metrics/legacyregistry@0.22.2 - - github.com/prometheus/client_golang/prometheus/promhttp@1.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/component-base/metrics/prometheus/workqueue@0.22.2 - - k8s.io/component-base/metrics/legacyregistry@0.22.2 - - k8s.io/component-base/metrics@0.22.2 - - github.com/prometheus/client_golang/prometheus/promhttp@1.11.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Denial of Service (DoS) when handling requests with non-standard HTTP methods.

    -

    Note: In order to be affected, an instrumented software must:

    -
      -

    1. use promhttp.InstrumentHandler* middleware except RequestsInFlight

      -
      2. -

    2. not filter any specific methods (e.g GET) before middleware

      -
      3. -

    3. pass metric with method label name to the middleware

      -
      4. -

    4. not have any firewall/LB/proxy that filters away requests with unknown method.

      -
      5. -
    -

    Workarounds:

    -
      -

    1. removing the method label name from counter/gauge used in the InstrumentHandler

      -
      2. -

    2. turning off affected promhttp handlers

      -
      3. -

    3. adding custom middleware before promhttp handler that will sanitize the request method given by Go http.Request

      -
      4. -

    4. using a reverse proxy or web application firewall, configured to only allow a limited set of methods.

      -
      5. -
    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    -

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    -

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    -

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    -

    Two common types of DoS vulnerabilities:

    -
      -

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      -
      • -

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      -
      • -
    -

    Remediation

    -

    Upgrade github.com/prometheus/client_golang/prometheus/promhttp to version 1.11.1 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -
    -
    - - - diff --git a/docs/snyk/v2.2.15/ghcr.io_dexidp_dex_v2.35.3-distroless.html b/docs/snyk/v2.2.15/ghcr.io_dexidp_dex_v2.35.3-distroless.html deleted file mode 100644 index 6abcdafd65e97..0000000000000 --- a/docs/snyk/v2.2.15/ghcr.io_dexidp_dex_v2.35.3-distroless.html +++ /dev/null @@ -1,492 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    October 30th 2022, 12:28:32 am

    -
    -
    - Scanned the following path: -
      -
    • ghcr.io/dexidp/dex:v2.35.3-distroless/dexidp/dex (deb)
      • -
    -
    - -
    -
    0 known vulnerabilities
    -
    0 vulnerable dependency paths
    -
    3 dependencies
    -
    -
    -
    -
    -
    - - - - - - - -
    Project docker-image|ghcr.io/dexidp/dex
    Path ghcr.io/dexidp/dex:v2.35.3-distroless/dexidp/dex
    Package Manager deb
    -
    -
    - No known vulnerabilities detected. -
    -
    - - - diff --git a/docs/snyk/v2.2.15/quay.io_argoproj_argocd_v2.2.15.html b/docs/snyk/v2.2.15/quay.io_argoproj_argocd_v2.2.15.html deleted file mode 100644 index 5031a890611f9..0000000000000 --- a/docs/snyk/v2.2.15/quay.io_argoproj_argocd_v2.2.15.html +++ /dev/null @@ -1,4743 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    October 30th 2022, 12:29:20 am

    -
    -
    - Scanned the following path: -
      -
    • quay.io/argoproj/argocd:v2.2.15/argoproj/argocd (deb)
      • -
    -
    - -
    -
    31 known vulnerabilities
    -
    213 vulnerable dependency paths
    -
    253 dependencies
    -
    -
    -
    -
    -
    - - - - - - - -
    Project docker-image|quay.io/argoproj/argocd
    Path quay.io/argoproj/argocd:v2.2.15/argoproj/argocd
    Package Manager deb
    Manifest Dockerfile
    -
    -
    -
    -
    -

    CVE-2022-3515

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - libksba/libksba8 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.2.15 and libksba/libksba8@1.6.0-2build1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - libksba/libksba8@1.6.0-2build1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - - libksba/libksba8@1.6.0-2build1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 - - libksba/libksba8@1.6.0-2build1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpgsm@2.2.27-3ubuntu2.1 - - libksba/libksba8@1.6.0-2build1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    This vulnerability has not been analyzed by NVD yet.

    -

    Remediation

    -

    Upgrade Ubuntu:22.04 libksba to version 1.6.0-2ubuntu0.1 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Validation of Array Index

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - sqlite3/libsqlite3-0 -
      • - -
    • Introduced through: - - - docker-image|quay.io/argoproj/argocd@v2.2.15, gnupg2/gpg@2.2.27-3ubuntu2.1 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - sqlite3/libsqlite3-0@3.37.2-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - python3-defaults/libpython3-dev@3.10.6-1~22.04 - - python3.10/libpython3.10-dev@3.10.6-1~22.04 - - python3.10/libpython3.10-stdlib@3.10.6-1~22.04 - - sqlite3/libsqlite3-0@3.37.2-2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply to the upstream sqlite3 package.

    -

    SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 sqlite3.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Verification of Cryptographic Signature

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - perl/perl-modules-5.34 -
      • - -
    • Introduced through: - - - docker-image|quay.io/argoproj/argocd@v2.2.15, git@1:2.34.1-1ubuntu1.5 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - git@1:2.34.1-1ubuntu1.5 - - perl@5.34.0-3ubuntu1 - - perl/perl-modules-5.34@5.34.0-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - git@1:2.34.1-1ubuntu1.5 - - perl@5.34.0-3ubuntu1 - - perl/libperl5.34@5.34.0-3ubuntu1 - - perl/perl-modules-5.34@5.34.0-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - git@1:2.34.1-1ubuntu1.5 - - perl@5.34.0-3ubuntu1 - - perl/libperl5.34@5.34.0-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - git@1:2.34.1-1ubuntu1.5 - - perl@5.34.0-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - libalgorithm-diff-xs-perl@0.04-6build3 - - perl@5.34.0-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - libalgorithm-merge-perl@0.08-3 - - perl@5.34.0-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - libfile-fcntllock-perl@0.22-3build7 - - perl@5.34.0-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - meta-common-packages@meta - - perl/perl-base@5.34.0-3ubuntu1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply to the upstream perl package. - See How to fix? for Ubuntu:22.04 relevant versions.

    -

    CPAN 2.28 allows Signature Verification Bypass.

    -

    Remediation

    -

    Upgrade Ubuntu:22.04 perl to version 5.34.0-3ubuntu1.1 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Information Exposure

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - gcc-defaults/cpp -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.2.15 and gcc-defaults/cpp@4:11.2.0-1ubuntu1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - gcc-defaults/cpp@4:11.2.0-1ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - build-essential@12.9ubuntu3 - - gcc-defaults/g++@4:11.2.0-1ubuntu1 - - gcc-defaults/cpp@4:11.2.0-1ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - build-essential@12.9ubuntu3 - - gcc-defaults/gcc@4:11.2.0-1ubuntu1 - - gcc-defaults/cpp@4:11.2.0-1ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - gcc-defaults/gcc@4:11.2.0-1ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - build-essential@12.9ubuntu3 - - gcc-defaults/gcc@4:11.2.0-1ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - build-essential@12.9ubuntu3 - - gcc-defaults/g++@4:11.2.0-1ubuntu1 - - gcc-defaults/gcc@4:11.2.0-1ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - gcc-defaults/g++@4:11.2.0-1ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - build-essential@12.9ubuntu3 - - gcc-defaults/g++@4:11.2.0-1ubuntu1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply to the upstream gcc-defaults package.

    -

    Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka "straight-line speculation."

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 gcc-defaults.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2022-42916

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - curl/libcurl3-gnutls -
      • - -
    • Introduced through: - - - docker-image|quay.io/argoproj/argocd@v2.2.15, git@1:2.34.1-1ubuntu1.5 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - git@1:2.34.1-1ubuntu1.5 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.4 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply to the upstream curl package. - See How to fix? for Ubuntu:22.04 relevant versions.

    -

    In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step) even when HTTP is provided in the URL. This mechanism could be bypassed if the host name in the given URL uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion, e.g., using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop of U+002E (.). The earliest affected version is 7.77.0 2021-05-26.

    -

    Remediation

    -

    Upgrade Ubuntu:22.04 curl to version 7.81.0-1ubuntu1.6 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2022-42915

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - curl/libcurl3-gnutls -
      • - -
    • Introduced through: - - - docker-image|quay.io/argoproj/argocd@v2.2.15, git@1:2.34.1-1ubuntu1.5 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - git@1:2.34.1-1ubuntu1.5 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.4 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    This vulnerability has not been analyzed by NVD yet.

    -

    Remediation

    -

    Upgrade Ubuntu:22.04 curl to version 7.81.0-1ubuntu1.6 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2022-32221

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - curl/libcurl3-gnutls -
      • - -
    • Introduced through: - - - docker-image|quay.io/argoproj/argocd@v2.2.15, git@1:2.34.1-1ubuntu1.5 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - git@1:2.34.1-1ubuntu1.5 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.4 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    This vulnerability has not been analyzed by NVD yet.

    -

    Remediation

    -

    Upgrade Ubuntu:22.04 curl to version 7.81.0-1ubuntu1.6 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Out-of-bounds Write

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - binutils/binutils-common -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.2.15 and binutils/binutils-common@2.38-3ubuntu1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils/binutils-common@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils@2.38-3ubuntu1 - - binutils/binutils-common@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils@2.38-3ubuntu1 - - binutils/libbinutils@2.38-3ubuntu1 - - binutils/binutils-common@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils@2.38-3ubuntu1 - - binutils/binutils-x86-64-linux-gnu@2.38-3ubuntu1 - - binutils/binutils-common@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils/libbinutils@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils@2.38-3ubuntu1 - - binutils/libbinutils@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils@2.38-3ubuntu1 - - binutils/binutils-x86-64-linux-gnu@2.38-3ubuntu1 - - binutils/libbinutils@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils@2.38-3ubuntu1 - - binutils/binutils-x86-64-linux-gnu@2.38-3ubuntu1 - - binutils/libctf0@2.38-3ubuntu1 - - binutils/libbinutils@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils/libctf-nobfd0@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils@2.38-3ubuntu1 - - binutils/binutils-x86-64-linux-gnu@2.38-3ubuntu1 - - binutils/libctf-nobfd0@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils/libctf0@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils@2.38-3ubuntu1 - - binutils/binutils-x86-64-linux-gnu@2.38-3ubuntu1 - - binutils/libctf0@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils/binutils-x86-64-linux-gnu@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils@2.38-3ubuntu1 - - binutils/binutils-x86-64-linux-gnu@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - build-essential@12.9ubuntu3 - - dpkg/dpkg-dev@1.21.1ubuntu2.1 - - binutils@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - build-essential@12.9ubuntu3 - - gcc-defaults/gcc@4:11.2.0-1ubuntu1 - - gcc-11@11.2.0-19ubuntu1 - - binutils@2.38-3ubuntu1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply to the upstream binutils package.

    -

    In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 binutils.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Resource Exhaustion

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - tiff/libtiff5 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.2.15 and tiff/libtiff5@4.3.0-6ubuntu0.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - tiff/libtiff5@4.3.0-6ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - glibc/libc-devtools@2.35-0ubuntu3.1 - - libgd2/libgd3@2.3.0-2ubuntu2 - - tiff/libtiff5@4.3.0-6ubuntu0.1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply to the upstream tiff package.

    -

    A vulnerability classified as problematic was found in LibTIFF 4.3.0. Affected by this vulnerability is the TIFF File Handler of tiff2ps. Opening a malicious file leads to a denial of service. The attack can be launched remotely but requires user interaction. The exploit has been disclosed to the public and may be used.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 tiff.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    NULL Pointer Dereference

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - tiff/libtiff5 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.2.15 and tiff/libtiff5@4.3.0-6ubuntu0.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - tiff/libtiff5@4.3.0-6ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - glibc/libc-devtools@2.35-0ubuntu3.1 - - libgd2/libgd3@2.3.0-2ubuntu2 - - tiff/libtiff5@4.3.0-6ubuntu0.1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply to the upstream tiff package.

    -

    LibTIFF 4.0.9 has a NULL pointer dereference in the jpeg_fdct_16x16 function in jfdctint.c.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 tiff.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Time-of-check Time-of-use (TOCTOU)

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - shadow/passwd -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.2.15 and shadow/passwd@1:4.8.1-2ubuntu2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - shadow/passwd@1:4.8.1-2ubuntu2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - openssh/openssh-client@1:8.9p1-3 - - shadow/passwd@1:4.8.1-2ubuntu2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - shadow/login@1:4.8.1-2ubuntu2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply to the upstream shadow package.

    -

    shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 shadow.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Open Redirect

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - python3.10/libpython3.10-stdlib -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.2.15 and python3.10/libpython3.10-stdlib@3.10.6-1~22.04 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - python3.10/libpython3.10-stdlib@3.10.6-1~22.04 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - python3-defaults/libpython3-stdlib@3.10.6-1~22.04 - - python3.10/libpython3.10-stdlib@3.10.6-1~22.04 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - python3-defaults/python3@3.10.6-1~22.04 - - python3.10@3.10.6-1~22.04 - - python3.10/libpython3.10-stdlib@3.10.6-1~22.04 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - python3-defaults/libpython3-dev@3.10.6-1~22.04 - - python3.10/libpython3.10-dev@3.10.6-1~22.04 - - python3.10/libpython3.10-stdlib@3.10.6-1~22.04 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - python3-defaults/libpython3-dev@3.10.6-1~22.04 - - python3.10/libpython3.10-dev@3.10.6-1~22.04 - - python3.10/libpython3.10@3.10.6-1~22.04 - - python3.10/libpython3.10-stdlib@3.10.6-1~22.04 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - python3.10/libpython3.10@3.10.6-1~22.04 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - python3-defaults/libpython3-dev@3.10.6-1~22.04 - - python3.10/libpython3.10-dev@3.10.6-1~22.04 - - python3.10/libpython3.10@3.10.6-1~22.04 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - python3-defaults/python3-dev@3.10.6-1~22.04 - - python3.10/python3.10-dev@3.10.6-1~22.04 - - python3.10/libpython3.10@3.10.6-1~22.04 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - python3.10/libpython3.10-minimal@3.10.6-1~22.04 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - python3-defaults/libpython3-dev@3.10.6-1~22.04 - - python3.10/libpython3.10-dev@3.10.6-1~22.04 - - python3.10/libpython3.10-stdlib@3.10.6-1~22.04 - - python3.10/libpython3.10-minimal@3.10.6-1~22.04 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - python3-defaults/python3@3.10.6-1~22.04 - - python3.10@3.10.6-1~22.04 - - python3.10/python3.10-minimal@3.10.6-1~22.04 - - python3.10/libpython3.10-minimal@3.10.6-1~22.04 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - python3.10/libpython3.10-dev@3.10.6-1~22.04 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - python3-defaults/libpython3-dev@3.10.6-1~22.04 - - python3.10/libpython3.10-dev@3.10.6-1~22.04 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - python3-defaults/python3-dev@3.10.6-1~22.04 - - python3.10/python3.10-dev@3.10.6-1~22.04 - - python3.10/libpython3.10-dev@3.10.6-1~22.04 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - python3.10/python3.10-minimal@3.10.6-1~22.04 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - python3-defaults/python3@3.10.6-1~22.04 - - python3-defaults/python3-minimal@3.10.6-1~22.04 - - python3.10/python3.10-minimal@3.10.6-1~22.04 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - python3-defaults/python3@3.10.6-1~22.04 - - python3.10@3.10.6-1~22.04 - - python3.10/python3.10-minimal@3.10.6-1~22.04 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - python3.10@3.10.6-1~22.04 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - python3-defaults/python3@3.10.6-1~22.04 - - python3.10@3.10.6-1~22.04 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - python3-defaults/python3-dev@3.10.6-1~22.04 - - python3.10/python3.10-dev@3.10.6-1~22.04 - - python3.10@3.10.6-1~22.04 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - python3.10/python3.10-dev@3.10.6-1~22.04 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - python3-defaults/python3-dev@3.10.6-1~22.04 - - python3.10/python3.10-dev@3.10.6-1~22.04 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply to the upstream python3.10 package.

    -

    ** DISPUTED ** Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states "Warning: http.server is not recommended for production. It only implements basic security checks."

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 python3.10.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Uncontrolled Recursion

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - pcre3/libpcre3 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.2.15 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - grep@3.7-1build1 - - pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply to the upstream pcre3 package.

    -

    In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 pcre3.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Release of Invalid Pointer or Reference

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - patch -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.2.15 and patch@2.7.6-7build2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - patch@2.7.6-7build2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - build-essential@12.9ubuntu3 - - dpkg/dpkg-dev@1.21.1ubuntu2.1 - - patch@2.7.6-7build2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply to the upstream patch package.

    -

    An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 patch.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Double Free

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - patch -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.2.15 and patch@2.7.6-7build2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - patch@2.7.6-7build2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - build-essential@12.9ubuntu3 - - dpkg/dpkg-dev@1.21.1ubuntu2.1 - - patch@2.7.6-7build2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply to the upstream patch package.

    -

    A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 patch.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    NULL Pointer Dereference

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - openssl/libssl3 -
      • - -
    • Introduced through: - - - docker-image|quay.io/argoproj/argocd@v2.2.15, meta-common-packages@meta and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - meta-common-packages@meta - - openssl/libssl3@3.0.2-0ubuntu1.6 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - python-pip/python3-pip@22.0.2+dfsg-1 - - ca-certificates@20211016 - - openssl@3.0.2-0ubuntu1.6 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply to the upstream openssl package.

    -

    OpenSSL supports creating a custom cipher via the legacy EVP_CIPHER_meth_new() function and associated function calls. This function was deprecated in OpenSSL 3.0 and application authors are instead encouraged to use the new provider mechanism in order to implement custom ciphers. OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy custom ciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and EVP_CipherInit_ex2() functions (as well as other similarly named encryption and decryption initialisation functions). Instead of using the custom cipher directly it incorrectly tries to fetch an equivalent cipher from the available providers. An equivalent cipher is found based on the NID passed to EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NID for a given cipher. However it is possible for an application to incorrectly pass NID_undef as this value in the call to EVP_CIPHER_meth_new(). When NID_undef is used in this way the OpenSSL encryption/decryption initialisation function will match the NULL cipher as being equivalent and will fetch this from the available providers. This will succeed if the default provider has been loaded (or if a third party provider has been loaded that offers this cipher). Using the NULL cipher means that the plaintext is emitted as the ciphertext. Applications are only affected by this issue if they call EVP_CIPHER_meth_new() using NID_undef and subsequently use it in a call to an encryption/decryption initialisation function. Applications that only use SSL/TLS are not impacted by this issue. Fixed in OpenSSL 3.0.6 (Affected 3.0.0-3.0.5).

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 openssl.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2021-41617

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - openssh/openssh-client -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.2.15 and openssh/openssh-client@1:8.9p1-3 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - openssh/openssh-client@1:8.9p1-3 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply to the upstream openssh package.

    -

    sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 openssh.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Information Exposure

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - openssh/openssh-client -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.2.15 and openssh/openssh-client@1:8.9p1-3 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - openssh/openssh-client@1:8.9p1-3 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply to the upstream openssh package.

    -

    The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 openssh.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Out-of-bounds Read

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - ncurses/libncursesw6 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.2.15 and ncurses/libncursesw6@6.3-2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - ncurses/libncursesw6@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - procps@2:3.3.17-6ubuntu2 - - ncurses/libncursesw6@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - pinentry/pinentry-curses@1.1.1-1build2 - - ncurses/libncursesw6@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - python3-defaults/libpython3-dev@3.10.6-1~22.04 - - python3.10/libpython3.10-dev@3.10.6-1~22.04 - - python3.10/libpython3.10-stdlib@3.10.6-1~22.04 - - ncurses/libncursesw6@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - meta-common-packages@meta - - ncurses/libtinfo6@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - ncurses/libncurses6@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - procps@2:3.3.17-6ubuntu2 - - ncurses/libncurses6@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - ncurses/ncurses-base@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - ncurses/ncurses-bin@6.3-2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply to the upstream ncurses package.

    -

    ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 ncurses.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Out-of-bounds Read

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - libjpeg-turbo/libjpeg-turbo8 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.2.15 and libjpeg-turbo/libjpeg-turbo8@2.1.2-0ubuntu1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - libjpeg-turbo/libjpeg-turbo8@2.1.2-0ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - glibc/libc-devtools@2.35-0ubuntu3.1 - - libgd2/libgd3@2.3.0-2ubuntu2 - - libjpeg8-empty/libjpeg8@8c-2ubuntu10 - - libjpeg-turbo/libjpeg-turbo8@2.1.2-0ubuntu1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply to the upstream libjpeg-turbo package.

    -

    JPEGOPTIM v1.4.7 was discovered to contain a segmentation violation which is caused by a READ memory access at jpegoptim.c.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 libjpeg-turbo.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Out-of-bounds Read

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - libgd2/libgd3 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.2.15 and libgd2/libgd3@2.3.0-2ubuntu2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - libgd2/libgd3@2.3.0-2ubuntu2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - glibc/libc-devtools@2.35-0ubuntu3.1 - - libgd2/libgd3@2.3.0-2ubuntu2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply to the upstream libgd2 package.

    -

    The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds read because of the lack of certain gdGetBuf and gdPutBuf return value checks.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 libgd2.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Integer Overflow or Wraparound

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - krb5/libgssapi-krb5-2 -
      • - -
    • Introduced through: - - - docker-image|quay.io/argoproj/argocd@v2.2.15, meta-common-packages@meta and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - meta-common-packages@meta - - krb5/libgssapi-krb5-2@1.19.2-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - meta-common-packages@meta - - krb5/libk5crypto3@1.19.2-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - meta-common-packages@meta - - krb5/libkrb5-3@1.19.2-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - meta-common-packages@meta - - krb5/libkrb5support0@1.19.2-2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply to the upstream krb5 package.

    -

    An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 krb5.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Out-of-Bounds

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - jbigkit/libjbig0 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.2.15 and jbigkit/libjbig0@2.1-3.1build3 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - jbigkit/libjbig0@2.1-3.1build3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - glibc/libc-devtools@2.35-0ubuntu3.1 - - libgd2/libgd3@2.3.0-2ubuntu2 - - tiff/libtiff5@4.3.0-6ubuntu0.1 - - jbigkit/libjbig0@2.1-3.1build3 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply to the upstream jbigkit package.

    -

    In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A crafted TIFF document can lead to an abort resulting in a remote denial of service attack.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 jbigkit.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2022-3219

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - gnupg2/gpgv -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.2.15 and gnupg2/gpgv@2.2.27-3ubuntu2.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - gnupg2/gpgv@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - apt@2.4.8 - - gnupg2/gpgv@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpgv@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpgsm@2.2.27-3ubuntu2.1 - - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 - - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - gnupg2/gpgsm@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpgsm@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    This vulnerability has not been analyzed by NVD yet.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 gnupg2.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Allocation of Resources Without Limits or Throttling

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - glibc/libc6-dev -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.2.15 and glibc/libc6-dev@2.35-0ubuntu3.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - glibc/libc6-dev@2.35-0ubuntu3.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - expat/libexpat1-dev@2.4.7-1 - - glibc/libc6-dev@2.35-0ubuntu3.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - build-essential@12.9ubuntu3 - - glibc/libc6-dev@2.35-0ubuntu3.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - python3-defaults/libpython3-dev@3.10.6-1~22.04 - - python3.10/libpython3.10-dev@3.10.6-1~22.04 - - zlib/zlib1g-dev@1:1.2.11.dfsg-2ubuntu9.2 - - glibc/libc6-dev@2.35-0ubuntu3.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - build-essential@12.9ubuntu3 - - gcc-defaults/g++@4:11.2.0-1ubuntu1 - - gcc-11/g++-11@11.2.0-19ubuntu1 - - gcc-11/libstdc++-11-dev@11.2.0-19ubuntu1 - - glibc/libc6-dev@2.35-0ubuntu3.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - glibc/libc-dev-bin@2.35-0ubuntu3.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - build-essential@12.9ubuntu3 - - glibc/libc6-dev@2.35-0ubuntu3.1 - - glibc/libc-dev-bin@2.35-0ubuntu3.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - glibc/libc-bin@2.35-0ubuntu3.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - glibc/libc-devtools@2.35-0ubuntu3.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - meta-common-packages@meta - - glibc/libc6@2.35-0ubuntu3.1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply to the upstream glibc package.

    -

    sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 glibc.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Input Validation

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - git/git-man -
      • - -
    • Introduced through: - - - docker-image|quay.io/argoproj/argocd@v2.2.15, git@1:2.34.1-1ubuntu1.5 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - git@1:2.34.1-1ubuntu1.5 - - git/git-man@1:2.34.1-1ubuntu1.5 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - git@1:2.34.1-1ubuntu1.5 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - git-lfs@3.0.2-1 - - git@1:2.34.1-1ubuntu1.5 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply to the upstream git package.

    -

    GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack).

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 git.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Input Validation

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - coreutils -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.2.15 and coreutils@8.32-4.1ubuntu1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - coreutils@8.32-4.1ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - fontconfig/fontconfig-config@2.13.1-4.2ubuntu5 - - ucf@3.0043 - - coreutils@8.32-4.1ubuntu1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply to the upstream coreutils package.

    -

    chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 coreutils.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Uncontrolled Recursion

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - binutils/binutils-common -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.2.15 and binutils/binutils-common@2.38-3ubuntu1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils/binutils-common@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils@2.38-3ubuntu1 - - binutils/binutils-common@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils@2.38-3ubuntu1 - - binutils/libbinutils@2.38-3ubuntu1 - - binutils/binutils-common@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils@2.38-3ubuntu1 - - binutils/binutils-x86-64-linux-gnu@2.38-3ubuntu1 - - binutils/binutils-common@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils/libbinutils@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils@2.38-3ubuntu1 - - binutils/libbinutils@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils@2.38-3ubuntu1 - - binutils/binutils-x86-64-linux-gnu@2.38-3ubuntu1 - - binutils/libbinutils@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils@2.38-3ubuntu1 - - binutils/binutils-x86-64-linux-gnu@2.38-3ubuntu1 - - binutils/libctf0@2.38-3ubuntu1 - - binutils/libbinutils@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils/libctf-nobfd0@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils@2.38-3ubuntu1 - - binutils/binutils-x86-64-linux-gnu@2.38-3ubuntu1 - - binutils/libctf-nobfd0@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils/libctf0@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils@2.38-3ubuntu1 - - binutils/binutils-x86-64-linux-gnu@2.38-3ubuntu1 - - binutils/libctf0@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils/binutils-x86-64-linux-gnu@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils@2.38-3ubuntu1 - - binutils/binutils-x86-64-linux-gnu@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - build-essential@12.9ubuntu3 - - dpkg/dpkg-dev@1.21.1ubuntu2.1 - - binutils@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - build-essential@12.9ubuntu3 - - gcc-defaults/gcc@4:11.2.0-1ubuntu1 - - gcc-11@11.2.0-19ubuntu1 - - binutils@2.38-3ubuntu1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply to the upstream binutils package.

    -

    A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in GNU Binutils version 2.36. A crafted symbol can cause stack memory to be exhausted leading to a crash.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 binutils.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Out-of-bounds Read

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - binutils/binutils-common -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.2.15 and binutils/binutils-common@2.38-3ubuntu1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils/binutils-common@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils@2.38-3ubuntu1 - - binutils/binutils-common@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils@2.38-3ubuntu1 - - binutils/libbinutils@2.38-3ubuntu1 - - binutils/binutils-common@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils@2.38-3ubuntu1 - - binutils/binutils-x86-64-linux-gnu@2.38-3ubuntu1 - - binutils/binutils-common@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils/libbinutils@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils@2.38-3ubuntu1 - - binutils/libbinutils@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils@2.38-3ubuntu1 - - binutils/binutils-x86-64-linux-gnu@2.38-3ubuntu1 - - binutils/libbinutils@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils@2.38-3ubuntu1 - - binutils/binutils-x86-64-linux-gnu@2.38-3ubuntu1 - - binutils/libctf0@2.38-3ubuntu1 - - binutils/libbinutils@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils/libctf-nobfd0@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils@2.38-3ubuntu1 - - binutils/binutils-x86-64-linux-gnu@2.38-3ubuntu1 - - binutils/libctf-nobfd0@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils/libctf0@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils@2.38-3ubuntu1 - - binutils/binutils-x86-64-linux-gnu@2.38-3ubuntu1 - - binutils/libctf0@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils/binutils-x86-64-linux-gnu@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils@2.38-3ubuntu1 - - binutils/binutils-x86-64-linux-gnu@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - build-essential@12.9ubuntu3 - - dpkg/dpkg-dev@1.21.1ubuntu2.1 - - binutils@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - build-essential@12.9ubuntu3 - - gcc-defaults/gcc@4:11.2.0-1ubuntu1 - - gcc-11@11.2.0-19ubuntu1 - - binutils@2.38-3ubuntu1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply to the upstream binutils package.

    -

    GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 binutils.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Missing Release of Resource after Effective Lifetime

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - binutils/binutils-common -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.2.15 and binutils/binutils-common@2.38-3ubuntu1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils/binutils-common@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils@2.38-3ubuntu1 - - binutils/binutils-common@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils@2.38-3ubuntu1 - - binutils/libbinutils@2.38-3ubuntu1 - - binutils/binutils-common@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils@2.38-3ubuntu1 - - binutils/binutils-x86-64-linux-gnu@2.38-3ubuntu1 - - binutils/binutils-common@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils/libbinutils@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils@2.38-3ubuntu1 - - binutils/libbinutils@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils@2.38-3ubuntu1 - - binutils/binutils-x86-64-linux-gnu@2.38-3ubuntu1 - - binutils/libbinutils@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils@2.38-3ubuntu1 - - binutils/binutils-x86-64-linux-gnu@2.38-3ubuntu1 - - binutils/libctf0@2.38-3ubuntu1 - - binutils/libbinutils@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils/libctf-nobfd0@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils@2.38-3ubuntu1 - - binutils/binutils-x86-64-linux-gnu@2.38-3ubuntu1 - - binutils/libctf-nobfd0@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils/libctf0@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils@2.38-3ubuntu1 - - binutils/binutils-x86-64-linux-gnu@2.38-3ubuntu1 - - binutils/libctf0@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils/binutils-x86-64-linux-gnu@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils@2.38-3ubuntu1 - - binutils/binutils-x86-64-linux-gnu@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - build-essential@12.9ubuntu3 - - dpkg/dpkg-dev@1.21.1ubuntu2.1 - - binutils@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - build-essential@12.9ubuntu3 - - gcc-defaults/gcc@4:11.2.0-1ubuntu1 - - gcc-11@11.2.0-19ubuntu1 - - binutils@2.38-3ubuntu1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply to the upstream binutils package.

    -

    The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 binutils.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Allocation of Resources Without Limits or Throttling

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - binutils/binutils-common -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.2.15 and binutils/binutils-common@2.38-3ubuntu1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils/binutils-common@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils@2.38-3ubuntu1 - - binutils/binutils-common@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils@2.38-3ubuntu1 - - binutils/libbinutils@2.38-3ubuntu1 - - binutils/binutils-common@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils@2.38-3ubuntu1 - - binutils/binutils-x86-64-linux-gnu@2.38-3ubuntu1 - - binutils/binutils-common@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils/libbinutils@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils@2.38-3ubuntu1 - - binutils/libbinutils@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils@2.38-3ubuntu1 - - binutils/binutils-x86-64-linux-gnu@2.38-3ubuntu1 - - binutils/libbinutils@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils@2.38-3ubuntu1 - - binutils/binutils-x86-64-linux-gnu@2.38-3ubuntu1 - - binutils/libctf0@2.38-3ubuntu1 - - binutils/libbinutils@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils/libctf-nobfd0@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils@2.38-3ubuntu1 - - binutils/binutils-x86-64-linux-gnu@2.38-3ubuntu1 - - binutils/libctf-nobfd0@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils/libctf0@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils@2.38-3ubuntu1 - - binutils/binutils-x86-64-linux-gnu@2.38-3ubuntu1 - - binutils/libctf0@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils/binutils-x86-64-linux-gnu@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils@2.38-3ubuntu1 - - binutils/binutils-x86-64-linux-gnu@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - binutils@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - build-essential@12.9ubuntu3 - - dpkg/dpkg-dev@1.21.1ubuntu2.1 - - binutils@2.38-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.2.15 - - build-essential@12.9ubuntu3 - - gcc-defaults/gcc@4:11.2.0-1ubuntu1 - - gcc-11@11.2.0-19ubuntu1 - - binutils@2.38-3ubuntu1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply to the upstream binutils package.

    -

    The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 binutils.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -
    -
    - - - diff --git a/docs/snyk/v2.3.10/haproxy_2.0.29-alpine.html b/docs/snyk/v2.3.10/haproxy_2.0.29-alpine.html deleted file mode 100644 index edf2b4dbe8019..0000000000000 --- a/docs/snyk/v2.3.10/haproxy_2.0.29-alpine.html +++ /dev/null @@ -1,492 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    October 30th 2022, 12:25:35 am

    -
    -
    - Scanned the following path: -
      -
    • haproxy:2.0.29-alpine (apk)
      • -
    -
    - -
    -
    0 known vulnerabilities
    -
    0 vulnerable dependency paths
    -
    17 dependencies
    -
    -
    -
    -
    -
    - - - - - - - -
    Project docker-image|haproxy
    Path haproxy:2.0.29-alpine
    Package Manager apk
    -
    -
    - No known vulnerabilities detected. -
    -
    - - - diff --git a/docs/snyk/v2.3.10/redis_6.2.7-alpine.html b/docs/snyk/v2.3.10/redis_6.2.7-alpine.html deleted file mode 100644 index da39c18052fa9..0000000000000 --- a/docs/snyk/v2.3.10/redis_6.2.7-alpine.html +++ /dev/null @@ -1,492 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    October 30th 2022, 12:26:25 am

    -
    -
    - Scanned the following path: -
      -
    • redis:6.2.7-alpine (apk)
      • -
    -
    - -
    -
    0 known vulnerabilities
    -
    0 vulnerable dependency paths
    -
    17 dependencies
    -
    -
    -
    -
    -
    - - - - - - - -
    Project docker-image|redis
    Path redis:6.2.7-alpine
    Package Manager apk
    -
    -
    - No known vulnerabilities detected. -
    -
    - - - diff --git a/docs/snyk/v2.3.10/argocd-iac-install.html b/docs/snyk/v2.3.11/argocd-iac-install.html similarity index 99% rename from docs/snyk/v2.3.10/argocd-iac-install.html rename to docs/snyk/v2.3.11/argocd-iac-install.html index 65c9b917ebdd4..829952797459c 100644 --- a/docs/snyk/v2.3.10/argocd-iac-install.html +++ b/docs/snyk/v2.3.11/argocd-iac-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 30th 2022, 12:27:23 am

    +

    November 2nd 2022, 12:54:19 pm

    Scanned the following path: diff --git a/docs/snyk/v2.3.10/argocd-iac-namespace-install.html b/docs/snyk/v2.3.11/argocd-iac-namespace-install.html similarity index 99% rename from docs/snyk/v2.3.10/argocd-iac-namespace-install.html rename to docs/snyk/v2.3.11/argocd-iac-namespace-install.html index 3156dbd1385e1..a005e2998c7b3 100644 --- a/docs/snyk/v2.3.10/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.3.11/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 30th 2022, 12:28:00 am

    +

    November 2nd 2022, 12:54:51 pm

    Scanned the following path: diff --git a/docs/snyk/v2.3.10/argocd-test.html b/docs/snyk/v2.3.11/argocd-test.html similarity index 99% rename from docs/snyk/v2.3.10/argocd-test.html rename to docs/snyk/v2.3.11/argocd-test.html index 51460380dcd5b..e762adb83a412 100644 --- a/docs/snyk/v2.3.10/argocd-test.html +++ b/docs/snyk/v2.3.11/argocd-test.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 30th 2022, 12:25:27 am

    +

    November 2nd 2022, 12:52:41 pm

    Scanned the following paths: diff --git a/docs/snyk/v2.4.15/ghcr.io_dexidp_dex_v2.35.3-distroless.html b/docs/snyk/v2.3.11/ghcr.io_dexidp_dex_v2.35.3-distroless.html similarity index 99% rename from docs/snyk/v2.4.15/ghcr.io_dexidp_dex_v2.35.3-distroless.html rename to docs/snyk/v2.3.11/ghcr.io_dexidp_dex_v2.35.3-distroless.html index b437521d1696b..960a45ac9e069 100644 --- a/docs/snyk/v2.4.15/ghcr.io_dexidp_dex_v2.35.3-distroless.html +++ b/docs/snyk/v2.3.11/ghcr.io_dexidp_dex_v2.35.3-distroless.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 30th 2022, 12:23:36 am

    +

    November 2nd 2022, 12:52:45 pm

    Scanned the following path: diff --git a/docs/snyk/v2.2.15/haproxy_2.0.29-alpine.html b/docs/snyk/v2.3.11/haproxy_2.0.29-alpine.html similarity index 99% rename from docs/snyk/v2.2.15/haproxy_2.0.29-alpine.html rename to docs/snyk/v2.3.11/haproxy_2.0.29-alpine.html index 2108264cc7bfb..6c0d1f0ae6944 100644 --- a/docs/snyk/v2.2.15/haproxy_2.0.29-alpine.html +++ b/docs/snyk/v2.3.11/haproxy_2.0.29-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 30th 2022, 12:28:35 am

    +

    November 2nd 2022, 12:52:48 pm

    Scanned the following path: diff --git a/docs/snyk/v2.3.10/quay.io_argoproj_argocd-applicationset_v0.4.1.html b/docs/snyk/v2.3.11/quay.io_argoproj_argocd-applicationset_v0.4.1.html similarity index 99% rename from docs/snyk/v2.3.10/quay.io_argoproj_argocd-applicationset_v0.4.1.html rename to docs/snyk/v2.3.11/quay.io_argoproj_argocd-applicationset_v0.4.1.html index 24bca8a37301f..fc107d5cfdf9f 100644 --- a/docs/snyk/v2.3.10/quay.io_argoproj_argocd-applicationset_v0.4.1.html +++ b/docs/snyk/v2.3.11/quay.io_argoproj_argocd-applicationset_v0.4.1.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    October 30th 2022, 12:25:50 am

    +

    November 2nd 2022, 12:53:01 pm

    Scanned the following path: @@ -1034,6 +1034,7 @@

    References

  • FEDORA
  • FEDORA
  • MLIST
    • +
  • GENTOO
    • @@ -3475,6 +3476,7 @@

    References

  • MLIST
  • FEDORA
  • FEDORA
    • +
  • CONFIRM
    • @@ -4948,6 +4950,7 @@

    References

  • MLIST
  • CONFIRM
  • CONFIRM
    • +
  • FULLDISC
    • @@ -5021,6 +5024,7 @@

    References

  • DEBIAN
  • CONFIRM
  • CONFIRM
    • +
  • FULLDISC
    • @@ -5095,6 +5099,7 @@

    References

  • MLIST
  • CONFIRM
  • CONFIRM
    • +
  • FULLDISC
    • @@ -5168,6 +5173,7 @@

    References

  • DEBIAN
  • CONFIRM
  • CONFIRM
    • +
  • FULLDISC
    • @@ -5316,6 +5322,11 @@

    References

  • CONFIRM
  • CONFIRM
  • CONFIRM
    • +
  • FULLDISC
    • +
  • FULLDISC
    • +
  • FULLDISC
    • +
  • FULLDISC
    • +
  • FULLDISC
    • @@ -5579,6 +5590,7 @@

    References

  • MLIST
  • RedHat Bugzilla Bug
  • RedHat CVE Database
    • +
  • GENTOO
    • @@ -6441,6 +6453,8 @@

    References

  • MISC
  • MISC
  • CONFIRM
    • +
  • MLIST
    • +
  • FULLDISC
    • diff --git a/docs/snyk/v2.3.10/quay.io_argoproj_argocd_v2.3.10.html b/docs/snyk/v2.3.11/quay.io_argoproj_argocd_v2.3.11.html similarity index 68% rename from docs/snyk/v2.3.10/quay.io_argoproj_argocd_v2.3.10.html rename to docs/snyk/v2.3.11/quay.io_argoproj_argocd_v2.3.11.html index c5967593735df..03884f3a02922 100644 --- a/docs/snyk/v2.3.10/quay.io_argoproj_argocd_v2.3.10.html +++ b/docs/snyk/v2.3.11/quay.io_argoproj_argocd_v2.3.11.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,18 +456,18 @@

    Snyk test report

    -

    October 30th 2022, 12:26:21 am

    +

    November 2nd 2022, 12:53:26 pm

    Scanned the following path:
      -
    • quay.io/argoproj/argocd:v2.3.10/argoproj/argocd (deb)
      • +
    • quay.io/argoproj/argocd:v2.3.11/argoproj/argocd (deb)
    -
    21 known vulnerabilities
    -
    102 vulnerable dependency paths
    +
    13 known vulnerabilities
    +
    75 vulnerable dependency paths
    162 dependencies
    @@ -477,7 +477,7 @@

    Snyk test report

    - + @@ -485,622 +485,8 @@

    Snyk test report

    -
    -

    CVE-2022-3515

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - libksba/libksba8 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.3.10 and libksba/libksba8@1.6.0-2build1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 - - libksba/libksba8@1.6.0-2build1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 - - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - - libksba/libksba8@1.6.0-2build1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 - - libksba/libksba8@1.6.0-2build1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpgsm@2.2.27-3ubuntu2.1 - - libksba/libksba8@1.6.0-2build1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    This vulnerability has not been analyzed by NVD yet.

    -

    Remediation

    -

    Upgrade Ubuntu:22.04 libksba to version 1.6.0-2ubuntu0.1 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Validation of Array Index

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - sqlite3/libsqlite3-0 -
      • - -
    • Introduced through: - - - docker-image|quay.io/argoproj/argocd@v2.3.10, gnupg2/gpg@2.2.27-3ubuntu2.1 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - sqlite3/libsqlite3-0@3.37.2-2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply to the upstream sqlite3 package.

    -

    SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 sqlite3.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Verification of Cryptographic Signature

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - perl/perl-modules-5.34 -
      • - -
    • Introduced through: - - - docker-image|quay.io/argoproj/argocd@v2.3.10, git@1:2.34.1-1ubuntu1.4 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 - - git@1:2.34.1-1ubuntu1.4 - - perl@5.34.0-3ubuntu1 - - perl/perl-modules-5.34@5.34.0-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 - - git@1:2.34.1-1ubuntu1.4 - - perl@5.34.0-3ubuntu1 - - perl/libperl5.34@5.34.0-3ubuntu1 - - perl/perl-modules-5.34@5.34.0-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 - - git@1:2.34.1-1ubuntu1.4 - - perl@5.34.0-3ubuntu1 - - perl/libperl5.34@5.34.0-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 - - git@1:2.34.1-1ubuntu1.4 - - perl@5.34.0-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 - - meta-common-packages@meta - - perl/perl-base@5.34.0-3ubuntu1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply to the upstream perl package. - See How to fix? for Ubuntu:22.04 relevant versions.

    -

    CPAN 2.28 allows Signature Verification Bypass.

    -

    Remediation

    -

    Upgrade Ubuntu:22.04 perl to version 5.34.0-3ubuntu1.1 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Out-of-bounds Write

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - git/git-man -
      • - -
    • Introduced through: - - - docker-image|quay.io/argoproj/argocd@v2.3.10, git@1:2.34.1-1ubuntu1.4 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 - - git@1:2.34.1-1ubuntu1.4 - - git/git-man@1:2.34.1-1ubuntu1.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 - - git@1:2.34.1-1ubuntu1.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 - - git-lfs@3.0.2-1 - - git@1:2.34.1-1ubuntu1.4 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply to the upstream git package. - See How to fix? for Ubuntu:22.04 relevant versions.

    -

    Git is an open source, scalable, distributed revision control system. git shell is a restricted login shell that can be used to implement Git's push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the command arguments into an array improperly uses an int to represent the number of entries in the array, allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes. Because the resulting array is then passed to execv(), it is possible to leverage this attack to gain remote code execution on a victim machine. Note that a victim must first allow access to git shell as a login shell in order to be vulnerable to this attack. This problem is patched in versions 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 and users are advised to upgrade to the latest version. Disabling git shell access via remote logins is a viable short-term workaround.

    -

    Remediation

    -

    Upgrade Ubuntu:22.04 git to version 1:2.34.1-1ubuntu1.5 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Link Following

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - git/git-man -
      • - -
    • Introduced through: - - - docker-image|quay.io/argoproj/argocd@v2.3.10, git@1:2.34.1-1ubuntu1.4 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 - - git@1:2.34.1-1ubuntu1.4 - - git/git-man@1:2.34.1-1ubuntu1.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 - - git@1:2.34.1-1ubuntu1.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 - - git-lfs@3.0.2-1 - - git@1:2.34.1-1ubuntu1.4 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply to the upstream git package. - See How to fix? for Ubuntu:22.04 relevant versions.

    -

    Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and target of the clone are on the same volume), Git copies the contents of the source's $GIT_DIR/objects directory into the destination by either creating hardlinks to the source contents, or copying them (if hardlinks are disabled via --no-hardlinks). A malicious actor could convince a victim to clone a repository with a symbolic link pointing at sensitive information on the victim's machine. This can be done either by having the victim clone a malicious repository on the same machine, or having them clone a malicious repository embedded as a bare repository via a submodule from any source, provided they clone with the --recurse-submodules option. Git does not create symbolic links in the $GIT_DIR/objects directory. The problem has been patched in the versions published on 2022-10-18, and backported to v2.30.x. Potential workarounds: Avoid cloning untrusted repositories using the --local optimization when on a shared machine, either by passing the --no-local option to git clone or cloning from a URL that uses the file:// scheme. Alternatively, avoid cloning repositories from untrusted sources with --recurse-submodules or run git config --global protocol.file.allow user.

    -

    Remediation

    -

    Upgrade Ubuntu:22.04 git to version 1:2.34.1-1ubuntu1.5 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2022-42916

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - curl/libcurl3-gnutls -
      • - -
    • Introduced through: - - - docker-image|quay.io/argoproj/argocd@v2.3.10, git@1:2.34.1-1ubuntu1.4 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 - - git@1:2.34.1-1ubuntu1.4 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.4 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply to the upstream curl package. - See How to fix? for Ubuntu:22.04 relevant versions.

    -

    In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step) even when HTTP is provided in the URL. This mechanism could be bypassed if the host name in the given URL uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion, e.g., using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop of U+002E (.). The earliest affected version is 7.77.0 2021-05-26.

    -

    Remediation

    -

    Upgrade Ubuntu:22.04 curl to version 7.81.0-1ubuntu1.6 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2022-42915

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - curl/libcurl3-gnutls -
      • - -
    • Introduced through: - - - docker-image|quay.io/argoproj/argocd@v2.3.10, git@1:2.34.1-1ubuntu1.4 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 - - git@1:2.34.1-1ubuntu1.4 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.4 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    This vulnerability has not been analyzed by NVD yet.

    -

    Remediation

    -

    Upgrade Ubuntu:22.04 curl to version 7.81.0-1ubuntu1.6 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -

    CVE-2022-32221

    +

    Improper Validation of Array Index

    @@ -1116,13 +502,13 @@

    CVE-2022-32221

  • Vulnerable module: - curl/libcurl3-gnutls + sqlite3/libsqlite3-0
  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10, git@1:2.34.1-1ubuntu1.4 and others + docker-image|quay.io/argoproj/argocd@v2.3.11, gnupg2/gpg@2.2.27-3ubuntu2.1 and others
    • @@ -1134,11 +520,11 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 - git@1:2.34.1-1ubuntu1.4 + gnupg2/gpg@2.2.27-3ubuntu2.1 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.4 + sqlite3/libsqlite3-0@3.37.2-2 @@ -1150,18 +536,25 @@

      Detailed paths

      NVD Description

      -

      This vulnerability has not been analyzed by NVD yet.

      +

      Note: Versions mentioned in the description apply to the upstream sqlite3 package.

      +

      SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.

      Remediation

      -

      Upgrade Ubuntu:22.04 curl to version 7.81.0-1ubuntu1.6 or higher.

      +

      There is no fixed version for Ubuntu:22.04 sqlite3.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    @@ -1187,7 +580,7 @@

    Time-of-check Time-of-use (TOCTOU)

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 and shadow/passwd@1:4.8.1-2ubuntu2 + docker-image|quay.io/argoproj/argocd@v2.3.11 and shadow/passwd@1:4.8.1-2ubuntu2
    • @@ -1200,7 +593,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 shadow/passwd@1:4.8.1-2ubuntu2 @@ -1209,7 +602,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 adduser@3.118ubuntu5 @@ -1220,7 +613,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 openssh/openssh-client@1:8.9p1-3 @@ -1231,7 +624,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 shadow/login@1:4.8.1-2ubuntu2 @@ -1256,6 +649,7 @@

      References

    • MLIST
    • RedHat Bugzilla Bug
    • RedHat CVE Database
      • +
    • GENTOO
    @@ -1287,7 +681,7 @@

    Uncontrolled Recursion

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 + docker-image|quay.io/argoproj/argocd@v2.3.11 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1
    • @@ -1300,7 +694,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 @@ -1309,7 +703,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 grep@3.7-1build1 @@ -1368,7 +762,7 @@

      Release of Invalid Pointer or Reference

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 and patch@2.7.6-7build2 + docker-image|quay.io/argoproj/argocd@v2.3.11 and patch@2.7.6-7build2
    @@ -1381,7 +775,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 patch@2.7.6-7build2 @@ -1434,7 +828,7 @@

      Double Free

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 and patch@2.7.6-7build2 + docker-image|quay.io/argoproj/argocd@v2.3.11 and patch@2.7.6-7build2
    @@ -1447,7 +841,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 patch@2.7.6-7build2 @@ -1482,178 +876,6 @@

      References

      More about this vulnerability

    -
    -
    -

    NULL Pointer Dereference

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - openssl/libssl3 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.3.10 and openssl/libssl3@3.0.2-0ubuntu1.6 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 - - openssl/libssl3@3.0.2-0ubuntu1.6 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 - - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1 - - openssl/libssl3@3.0.2-0ubuntu1.6 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 - - libfido2/libfido2-1@1.10.0-1 - - openssl/libssl3@3.0.2-0ubuntu1.6 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 - - openssh/openssh-client@1:8.9p1-3 - - openssl/libssl3@3.0.2-0ubuntu1.6 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 - - ca-certificates@20211016 - - openssl@3.0.2-0ubuntu1.6 - - openssl/libssl3@3.0.2-0ubuntu1.6 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 - - git@1:2.34.1-1ubuntu1.4 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.4 - - libssh/libssh-4@0.9.6-2build1 - - openssl/libssl3@3.0.2-0ubuntu1.6 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2 - - pam/libpam-modules@1.4.0-11ubuntu2 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2 - - krb5/libkrb5-3@1.19.2-2 - - openssl/libssl3@3.0.2-0ubuntu1.6 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 - - openssl@3.0.2-0ubuntu1.6 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 - - ca-certificates@20211016 - - openssl@3.0.2-0ubuntu1.6 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply to the upstream openssl package.

    -

    OpenSSL supports creating a custom cipher via the legacy EVP_CIPHER_meth_new() function and associated function calls. This function was deprecated in OpenSSL 3.0 and application authors are instead encouraged to use the new provider mechanism in order to implement custom ciphers. OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy custom ciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and EVP_CipherInit_ex2() functions (as well as other similarly named encryption and decryption initialisation functions). Instead of using the custom cipher directly it incorrectly tries to fetch an equivalent cipher from the available providers. An equivalent cipher is found based on the NID passed to EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NID for a given cipher. However it is possible for an application to incorrectly pass NID_undef as this value in the call to EVP_CIPHER_meth_new(). When NID_undef is used in this way the OpenSSL encryption/decryption initialisation function will match the NULL cipher as being equivalent and will fetch this from the available providers. This will succeed if the default provider has been loaded (or if a third party provider has been loaded that offers this cipher). Using the NULL cipher means that the plaintext is emitted as the ciphertext. Applications are only affected by this issue if they call EVP_CIPHER_meth_new() using NID_undef and subsequently use it in a call to an encryption/decryption initialisation function. Applications that only use SSL/TLS are not impacted by this issue. Fixed in OpenSSL 3.0.6 (Affected 3.0.0-3.0.5).

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 openssl.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    -

    CVE-2021-41617

    @@ -1677,7 +899,7 @@

    CVE-2021-41617

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 and openssh/openssh-client@1:8.9p1-3 + docker-image|quay.io/argoproj/argocd@v2.3.11 and openssh/openssh-client@1:8.9p1-3
    • @@ -1690,7 +912,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 openssh/openssh-client@1:8.9p1-3 @@ -1753,7 +975,7 @@

      Information Exposure

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 and openssh/openssh-client@1:8.9p1-3 + docker-image|quay.io/argoproj/argocd@v2.3.11 and openssh/openssh-client@1:8.9p1-3
    @@ -1766,7 +988,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 openssh/openssh-client@1:8.9p1-3 @@ -1826,7 +1048,7 @@

      Out-of-bounds Read

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 and ncurses/libtinfo6@6.3-2 + docker-image|quay.io/argoproj/argocd@v2.3.11 and ncurses/libtinfo6@6.3-2
    @@ -1839,7 +1061,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 ncurses/libtinfo6@6.3-2 @@ -1848,7 +1070,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 bash@5.1-6ubuntu1 @@ -1859,7 +1081,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 ncurses/libncursesw6@6.3-2 @@ -1870,7 +1092,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 less@590-1build1 @@ -1881,7 +1103,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 libedit/libedit2@3.1-20210910-1build1 @@ -1892,7 +1114,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 ncurses/libncurses6@6.3-2 @@ -1903,7 +1125,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 ncurses/ncurses-bin@6.3-2 @@ -1914,7 +1136,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 procps@2:3.3.17-6ubuntu2 @@ -1925,7 +1147,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 util-linux@2.37.2-4ubuntu3 @@ -1936,7 +1158,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -1951,7 +1173,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -1966,7 +1188,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 ncurses/libncursesw6@6.3-2 @@ -1975,7 +1197,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 procps@2:3.3.17-6ubuntu2 @@ -1986,7 +1208,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2001,7 +1223,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 ncurses/libncurses6@6.3-2 @@ -2010,7 +1232,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 procps@2:3.3.17-6ubuntu2 @@ -2021,7 +1243,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 ncurses/ncurses-base@6.3-2 @@ -2030,7 +1252,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 ncurses/ncurses-bin@6.3-2 @@ -2054,6 +1276,8 @@

      References

    • MISC
    • MISC
    • CONFIRM
      • +
    • MLIST
      • +
    • FULLDISC
    @@ -2085,7 +1309,7 @@

    Integer Overflow or Wraparound

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 and krb5/libk5crypto3@1.19.2-2 + docker-image|quay.io/argoproj/argocd@v2.3.11 and krb5/libk5crypto3@1.19.2-2
    • @@ -2098,7 +1322,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 krb5/libk5crypto3@1.19.2-2 @@ -2107,7 +1331,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 adduser@3.118ubuntu5 @@ -2128,7 +1352,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 adduser@3.118ubuntu5 @@ -2151,7 +1375,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 krb5/libkrb5-3@1.19.2-2 @@ -2160,7 +1384,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 adduser@3.118ubuntu5 @@ -2181,7 +1405,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 krb5/libgssapi-krb5-2@1.19.2-2 @@ -2190,7 +1414,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 openssh/openssh-client@1:8.9p1-3 @@ -2201,11 +1425,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 - git@1:2.34.1-1ubuntu1.4 + git@1:2.34.1-1ubuntu1.5 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.4 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.6 krb5/libgssapi-krb5-2@1.19.2-2 @@ -2214,11 +1438,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 - git@1:2.34.1-1ubuntu1.4 + git@1:2.34.1-1ubuntu1.5 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.4 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.6 libssh/libssh-4@0.9.6-2build1 @@ -2229,7 +1453,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 adduser@3.118ubuntu5 @@ -2248,7 +1472,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 meta-common-packages@meta @@ -2306,7 +1530,7 @@

      CVE-2022-3219

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 and gnupg2/gpgv@2.2.27-3ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.3.11 and gnupg2/gpgv@2.2.27-3ubuntu2.1
    @@ -2319,7 +1543,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -2328,7 +1552,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 apt@2.4.8 @@ -2339,7 +1563,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2350,7 +1574,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -2361,7 +1585,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -2372,7 +1596,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2385,7 +1609,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2398,7 +1622,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -2407,7 +1631,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2418,7 +1642,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2431,7 +1655,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1 @@ -2440,7 +1664,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2451,7 +1675,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 @@ -2460,7 +1684,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2471,7 +1695,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -2480,7 +1704,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2491,7 +1715,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2504,7 +1728,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2517,7 +1741,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 gnupg2/gpg-agent@2.2.27-3ubuntu2.1 @@ -2526,7 +1750,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2537,7 +1761,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2550,7 +1774,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2563,7 +1787,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 @@ -2572,7 +1796,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2583,7 +1807,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 @@ -2592,7 +1816,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2603,7 +1827,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 gnupg2/gpgsm@2.2.27-3ubuntu2.1 @@ -2612,7 +1836,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2623,7 +1847,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2674,7 +1898,7 @@

      Allocation of Resources Without Limits or Throttling

      Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 and glibc/libc-bin@2.35-0ubuntu3.1 + docker-image|quay.io/argoproj/argocd@v2.3.11 and glibc/libc-bin@2.35-0ubuntu3.1
    @@ -2687,7 +1911,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 glibc/libc-bin@2.35-0ubuntu3.1 @@ -2696,7 +1920,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 meta-common-packages@meta @@ -2754,7 +1978,7 @@

      Improper Input Validation

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10, git@1:2.34.1-1ubuntu1.4 and others + docker-image|quay.io/argoproj/argocd@v2.3.11, git@1:2.34.1-1ubuntu1.5 and others
    @@ -2766,31 +1990,31 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 - git@1:2.34.1-1ubuntu1.4 + git@1:2.34.1-1ubuntu1.5 - git/git-man@1:2.34.1-1ubuntu1.4 + git/git-man@1:2.34.1-1ubuntu1.5
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 - git@1:2.34.1-1ubuntu1.4 + git@1:2.34.1-1ubuntu1.5
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 git-lfs@3.0.2-1 - git@1:2.34.1-1ubuntu1.4 + git@1:2.34.1-1ubuntu1.5 @@ -2842,7 +2066,7 @@

      Improper Input Validation

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 and coreutils@8.32-4.1ubuntu1 + docker-image|quay.io/argoproj/argocd@v2.3.11 and coreutils@8.32-4.1ubuntu1
    @@ -2855,7 +2079,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.10 + docker-image|quay.io/argoproj/argocd@v2.3.11 coreutils@8.32-4.1ubuntu1 diff --git a/docs/snyk/v2.2.15/redis_6.2.7-alpine.html b/docs/snyk/v2.3.11/redis_6.2.7-alpine.html similarity index 99% rename from docs/snyk/v2.2.15/redis_6.2.7-alpine.html rename to docs/snyk/v2.3.11/redis_6.2.7-alpine.html index e2c4c7b47e9bd..bbb2aa62c33da 100644 --- a/docs/snyk/v2.2.15/redis_6.2.7-alpine.html +++ b/docs/snyk/v2.3.11/redis_6.2.7-alpine.html @@ -456,7 +456,7 @@

      Snyk test report

      -

      October 30th 2022, 12:29:23 am

      +

      November 2nd 2022, 12:53:31 pm

      Scanned the following path: diff --git a/docs/snyk/v2.4.15/argocd-iac-install.html b/docs/snyk/v2.4.16/argocd-iac-install.html similarity index 99% rename from docs/snyk/v2.4.15/argocd-iac-install.html rename to docs/snyk/v2.4.16/argocd-iac-install.html index 2e8f85e06abbb..cd4e6b81468f5 100644 --- a/docs/snyk/v2.4.15/argocd-iac-install.html +++ b/docs/snyk/v2.4.16/argocd-iac-install.html @@ -456,7 +456,7 @@

      Snyk test report

      -

      October 30th 2022, 12:25:04 am

      +

      November 2nd 2022, 12:52:20 pm

      Scanned the following path: diff --git a/docs/snyk/v2.4.15/argocd-iac-namespace-install.html b/docs/snyk/v2.4.16/argocd-iac-namespace-install.html similarity index 99% rename from docs/snyk/v2.4.15/argocd-iac-namespace-install.html rename to docs/snyk/v2.4.16/argocd-iac-namespace-install.html index d1be6fe914228..803d15719077b 100644 --- a/docs/snyk/v2.4.15/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.4.16/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

      Snyk test report

      -

      October 30th 2022, 12:25:13 am

      +

      November 2nd 2022, 12:52:28 pm

      Scanned the following path: diff --git a/docs/snyk/v2.4.15/argocd-test.html b/docs/snyk/v2.4.16/argocd-test.html similarity index 99% rename from docs/snyk/v2.4.15/argocd-test.html rename to docs/snyk/v2.4.16/argocd-test.html index a57aed508e911..a528b50bb9deb 100644 --- a/docs/snyk/v2.4.15/argocd-test.html +++ b/docs/snyk/v2.4.16/argocd-test.html @@ -456,7 +456,7 @@

      Snyk test report

      -

      October 30th 2022, 12:23:29 am

      +

      November 2nd 2022, 12:50:53 pm

      Scanned the following paths: diff --git a/docs/snyk/v2.5.0-rc3/ghcr.io_dexidp_dex_v2.35.3-distroless.html b/docs/snyk/v2.4.16/ghcr.io_dexidp_dex_v2.35.3-distroless.html similarity index 99% rename from docs/snyk/v2.5.0-rc3/ghcr.io_dexidp_dex_v2.35.3-distroless.html rename to docs/snyk/v2.4.16/ghcr.io_dexidp_dex_v2.35.3-distroless.html index 668882f2fbd72..379ce74d44bc8 100644 --- a/docs/snyk/v2.5.0-rc3/ghcr.io_dexidp_dex_v2.35.3-distroless.html +++ b/docs/snyk/v2.4.16/ghcr.io_dexidp_dex_v2.35.3-distroless.html @@ -456,7 +456,7 @@

      Snyk test report

      -

      October 30th 2022, 12:21:29 am

      +

      November 2nd 2022, 12:50:59 pm

      Scanned the following path: diff --git a/docs/snyk/v2.4.15/haproxy_2.0.29-alpine.html b/docs/snyk/v2.4.16/haproxy_2.0.29-alpine.html similarity index 99% rename from docs/snyk/v2.4.15/haproxy_2.0.29-alpine.html rename to docs/snyk/v2.4.16/haproxy_2.0.29-alpine.html index b3252400d89d1..0c23ea585178e 100644 --- a/docs/snyk/v2.4.15/haproxy_2.0.29-alpine.html +++ b/docs/snyk/v2.4.16/haproxy_2.0.29-alpine.html @@ -456,7 +456,7 @@

      Snyk test report

      -

      October 30th 2022, 12:23:42 am

      +

      November 2nd 2022, 12:51:06 pm

      Scanned the following path: diff --git a/docs/snyk/v2.4.15/quay.io_argoproj_argocd_v2.4.15.html b/docs/snyk/v2.4.16/quay.io_argoproj_argocd_v2.4.16.html similarity index 68% rename from docs/snyk/v2.4.15/quay.io_argoproj_argocd_v2.4.15.html rename to docs/snyk/v2.4.16/quay.io_argoproj_argocd_v2.4.16.html index 8381f2c87b862..a9e26d1130e9a 100644 --- a/docs/snyk/v2.4.15/quay.io_argoproj_argocd_v2.4.15.html +++ b/docs/snyk/v2.4.16/quay.io_argoproj_argocd_v2.4.16.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,18 +456,18 @@

      Snyk test report

      -

      October 30th 2022, 12:24:01 am

      +

      November 2nd 2022, 12:51:26 pm

      Scanned the following path:
        -
      • quay.io/argoproj/argocd:v2.4.15/argoproj/argocd (deb)
        • +
      • quay.io/argoproj/argocd:v2.4.16/argoproj/argocd (deb)
      -
      21 known vulnerabilities
      -
      102 vulnerable dependency paths
      +
      13 known vulnerabilities
      +
      75 vulnerable dependency paths
      162 dependencies
      @@ -477,7 +477,7 @@

      Snyk test report

    Project docker-image|quay.io/argoproj/argocd
    Path quay.io/argoproj/argocd:v2.3.10/argoproj/argocd
    Path quay.io/argoproj/argocd:v2.3.11/argoproj/argocd
    Package Manager deb
    Manifest Dockerfile
    - + @@ -485,622 +485,8 @@

    Snyk test report

    -
    -

    CVE-2022-3515

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - libksba/libksba8 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.4.15 and libksba/libksba8@1.6.0-2build1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 - - libksba/libksba8@1.6.0-2build1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 - - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - - libksba/libksba8@1.6.0-2build1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 - - libksba/libksba8@1.6.0-2build1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpgsm@2.2.27-3ubuntu2.1 - - libksba/libksba8@1.6.0-2build1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    This vulnerability has not been analyzed by NVD yet.

    -

    Remediation

    -

    Upgrade Ubuntu:22.04 libksba to version 1.6.0-2ubuntu0.1 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Validation of Array Index

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - sqlite3/libsqlite3-0 -
      • - -
    • Introduced through: - - - docker-image|quay.io/argoproj/argocd@v2.4.15, gnupg2/gpg@2.2.27-3ubuntu2.1 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - sqlite3/libsqlite3-0@3.37.2-2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply to the upstream sqlite3 package.

    -

    SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 sqlite3.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Verification of Cryptographic Signature

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - perl/perl-modules-5.34 -
      • - -
    • Introduced through: - - - docker-image|quay.io/argoproj/argocd@v2.4.15, git@1:2.34.1-1ubuntu1.4 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 - - git@1:2.34.1-1ubuntu1.4 - - perl@5.34.0-3ubuntu1 - - perl/perl-modules-5.34@5.34.0-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 - - git@1:2.34.1-1ubuntu1.4 - - perl@5.34.0-3ubuntu1 - - perl/libperl5.34@5.34.0-3ubuntu1 - - perl/perl-modules-5.34@5.34.0-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 - - git@1:2.34.1-1ubuntu1.4 - - perl@5.34.0-3ubuntu1 - - perl/libperl5.34@5.34.0-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 - - git@1:2.34.1-1ubuntu1.4 - - perl@5.34.0-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 - - meta-common-packages@meta - - perl/perl-base@5.34.0-3ubuntu1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply to the upstream perl package. - See How to fix? for Ubuntu:22.04 relevant versions.

    -

    CPAN 2.28 allows Signature Verification Bypass.

    -

    Remediation

    -

    Upgrade Ubuntu:22.04 perl to version 5.34.0-3ubuntu1.1 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Out-of-bounds Write

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - git/git-man -
      • - -
    • Introduced through: - - - docker-image|quay.io/argoproj/argocd@v2.4.15, git@1:2.34.1-1ubuntu1.4 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 - - git@1:2.34.1-1ubuntu1.4 - - git/git-man@1:2.34.1-1ubuntu1.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 - - git@1:2.34.1-1ubuntu1.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 - - git-lfs@3.0.2-1 - - git@1:2.34.1-1ubuntu1.4 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply to the upstream git package. - See How to fix? for Ubuntu:22.04 relevant versions.

    -

    Git is an open source, scalable, distributed revision control system. git shell is a restricted login shell that can be used to implement Git's push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the command arguments into an array improperly uses an int to represent the number of entries in the array, allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes. Because the resulting array is then passed to execv(), it is possible to leverage this attack to gain remote code execution on a victim machine. Note that a victim must first allow access to git shell as a login shell in order to be vulnerable to this attack. This problem is patched in versions 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 and users are advised to upgrade to the latest version. Disabling git shell access via remote logins is a viable short-term workaround.

    -

    Remediation

    -

    Upgrade Ubuntu:22.04 git to version 1:2.34.1-1ubuntu1.5 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Link Following

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - git/git-man -
      • - -
    • Introduced through: - - - docker-image|quay.io/argoproj/argocd@v2.4.15, git@1:2.34.1-1ubuntu1.4 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 - - git@1:2.34.1-1ubuntu1.4 - - git/git-man@1:2.34.1-1ubuntu1.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 - - git@1:2.34.1-1ubuntu1.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 - - git-lfs@3.0.2-1 - - git@1:2.34.1-1ubuntu1.4 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply to the upstream git package. - See How to fix? for Ubuntu:22.04 relevant versions.

    -

    Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and target of the clone are on the same volume), Git copies the contents of the source's $GIT_DIR/objects directory into the destination by either creating hardlinks to the source contents, or copying them (if hardlinks are disabled via --no-hardlinks). A malicious actor could convince a victim to clone a repository with a symbolic link pointing at sensitive information on the victim's machine. This can be done either by having the victim clone a malicious repository on the same machine, or having them clone a malicious repository embedded as a bare repository via a submodule from any source, provided they clone with the --recurse-submodules option. Git does not create symbolic links in the $GIT_DIR/objects directory. The problem has been patched in the versions published on 2022-10-18, and backported to v2.30.x. Potential workarounds: Avoid cloning untrusted repositories using the --local optimization when on a shared machine, either by passing the --no-local option to git clone or cloning from a URL that uses the file:// scheme. Alternatively, avoid cloning repositories from untrusted sources with --recurse-submodules or run git config --global protocol.file.allow user.

    -

    Remediation

    -

    Upgrade Ubuntu:22.04 git to version 1:2.34.1-1ubuntu1.5 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2022-42916

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - curl/libcurl3-gnutls -
      • - -
    • Introduced through: - - - docker-image|quay.io/argoproj/argocd@v2.4.15, git@1:2.34.1-1ubuntu1.4 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 - - git@1:2.34.1-1ubuntu1.4 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.4 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply to the upstream curl package. - See How to fix? for Ubuntu:22.04 relevant versions.

    -

    In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step) even when HTTP is provided in the URL. This mechanism could be bypassed if the host name in the given URL uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion, e.g., using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop of U+002E (.). The earliest affected version is 7.77.0 2021-05-26.

    -

    Remediation

    -

    Upgrade Ubuntu:22.04 curl to version 7.81.0-1ubuntu1.6 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2022-42915

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - curl/libcurl3-gnutls -
      • - -
    • Introduced through: - - - docker-image|quay.io/argoproj/argocd@v2.4.15, git@1:2.34.1-1ubuntu1.4 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 - - git@1:2.34.1-1ubuntu1.4 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.4 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    This vulnerability has not been analyzed by NVD yet.

    -

    Remediation

    -

    Upgrade Ubuntu:22.04 curl to version 7.81.0-1ubuntu1.6 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -

    CVE-2022-32221

    +

    Improper Validation of Array Index

    @@ -1116,13 +502,13 @@

    CVE-2022-32221

  • Vulnerable module: - curl/libcurl3-gnutls + sqlite3/libsqlite3-0
  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15, git@1:2.34.1-1ubuntu1.4 and others + docker-image|quay.io/argoproj/argocd@v2.4.16, gnupg2/gpg@2.2.27-3ubuntu2.1 and others
    • @@ -1134,11 +520,11 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 - git@1:2.34.1-1ubuntu1.4 + gnupg2/gpg@2.2.27-3ubuntu2.1 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.4 + sqlite3/libsqlite3-0@3.37.2-2 @@ -1150,18 +536,25 @@

      Detailed paths

      NVD Description

      -

      This vulnerability has not been analyzed by NVD yet.

      +

      Note: Versions mentioned in the description apply to the upstream sqlite3 package.

      +

      SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.

      Remediation

      -

      Upgrade Ubuntu:22.04 curl to version 7.81.0-1ubuntu1.6 or higher.

      +

      There is no fixed version for Ubuntu:22.04 sqlite3.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    @@ -1187,7 +580,7 @@

    Time-of-check Time-of-use (TOCTOU)

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 and shadow/passwd@1:4.8.1-2ubuntu2 + docker-image|quay.io/argoproj/argocd@v2.4.16 and shadow/passwd@1:4.8.1-2ubuntu2
    • @@ -1200,7 +593,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 shadow/passwd@1:4.8.1-2ubuntu2 @@ -1209,7 +602,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 adduser@3.118ubuntu5 @@ -1220,7 +613,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 openssh/openssh-client@1:8.9p1-3 @@ -1231,7 +624,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 shadow/login@1:4.8.1-2ubuntu2 @@ -1256,6 +649,7 @@

      References

    • MLIST
    • RedHat Bugzilla Bug
    • RedHat CVE Database
      • +
    • GENTOO
    @@ -1287,7 +681,7 @@

    Uncontrolled Recursion

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 + docker-image|quay.io/argoproj/argocd@v2.4.16 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1
    • @@ -1300,7 +694,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 @@ -1309,7 +703,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 grep@3.7-1build1 @@ -1368,7 +762,7 @@

      Release of Invalid Pointer or Reference

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 and patch@2.7.6-7build2 + docker-image|quay.io/argoproj/argocd@v2.4.16 and patch@2.7.6-7build2
    @@ -1381,7 +775,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 patch@2.7.6-7build2 @@ -1434,7 +828,7 @@

      Double Free

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 and patch@2.7.6-7build2 + docker-image|quay.io/argoproj/argocd@v2.4.16 and patch@2.7.6-7build2
    @@ -1447,7 +841,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 patch@2.7.6-7build2 @@ -1482,178 +876,6 @@

      References

      More about this vulnerability

    -
    -
    -

    NULL Pointer Dereference

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - openssl/libssl3 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.4.15 and openssl/libssl3@3.0.2-0ubuntu1.6 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 - - openssl/libssl3@3.0.2-0ubuntu1.6 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 - - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1 - - openssl/libssl3@3.0.2-0ubuntu1.6 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 - - libfido2/libfido2-1@1.10.0-1 - - openssl/libssl3@3.0.2-0ubuntu1.6 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 - - openssh/openssh-client@1:8.9p1-3 - - openssl/libssl3@3.0.2-0ubuntu1.6 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 - - ca-certificates@20211016 - - openssl@3.0.2-0ubuntu1.6 - - openssl/libssl3@3.0.2-0ubuntu1.6 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 - - git@1:2.34.1-1ubuntu1.4 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.4 - - libssh/libssh-4@0.9.6-2build1 - - openssl/libssl3@3.0.2-0ubuntu1.6 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2 - - pam/libpam-modules@1.4.0-11ubuntu2 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2 - - krb5/libkrb5-3@1.19.2-2 - - openssl/libssl3@3.0.2-0ubuntu1.6 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 - - openssl@3.0.2-0ubuntu1.6 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 - - ca-certificates@20211016 - - openssl@3.0.2-0ubuntu1.6 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply to the upstream openssl package.

    -

    OpenSSL supports creating a custom cipher via the legacy EVP_CIPHER_meth_new() function and associated function calls. This function was deprecated in OpenSSL 3.0 and application authors are instead encouraged to use the new provider mechanism in order to implement custom ciphers. OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy custom ciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and EVP_CipherInit_ex2() functions (as well as other similarly named encryption and decryption initialisation functions). Instead of using the custom cipher directly it incorrectly tries to fetch an equivalent cipher from the available providers. An equivalent cipher is found based on the NID passed to EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NID for a given cipher. However it is possible for an application to incorrectly pass NID_undef as this value in the call to EVP_CIPHER_meth_new(). When NID_undef is used in this way the OpenSSL encryption/decryption initialisation function will match the NULL cipher as being equivalent and will fetch this from the available providers. This will succeed if the default provider has been loaded (or if a third party provider has been loaded that offers this cipher). Using the NULL cipher means that the plaintext is emitted as the ciphertext. Applications are only affected by this issue if they call EVP_CIPHER_meth_new() using NID_undef and subsequently use it in a call to an encryption/decryption initialisation function. Applications that only use SSL/TLS are not impacted by this issue. Fixed in OpenSSL 3.0.6 (Affected 3.0.0-3.0.5).

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 openssl.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    -

    CVE-2021-41617

    @@ -1677,7 +899,7 @@

    CVE-2021-41617

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 and openssh/openssh-client@1:8.9p1-3 + docker-image|quay.io/argoproj/argocd@v2.4.16 and openssh/openssh-client@1:8.9p1-3
    • @@ -1690,7 +912,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 openssh/openssh-client@1:8.9p1-3 @@ -1753,7 +975,7 @@

      Information Exposure

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 and openssh/openssh-client@1:8.9p1-3 + docker-image|quay.io/argoproj/argocd@v2.4.16 and openssh/openssh-client@1:8.9p1-3
    @@ -1766,7 +988,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 openssh/openssh-client@1:8.9p1-3 @@ -1826,7 +1048,7 @@

      Out-of-bounds Read

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 and ncurses/libtinfo6@6.3-2 + docker-image|quay.io/argoproj/argocd@v2.4.16 and ncurses/libtinfo6@6.3-2
    @@ -1839,7 +1061,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 ncurses/libtinfo6@6.3-2 @@ -1848,7 +1070,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 bash@5.1-6ubuntu1 @@ -1859,7 +1081,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 ncurses/libncursesw6@6.3-2 @@ -1870,7 +1092,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 less@590-1build1 @@ -1881,7 +1103,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 libedit/libedit2@3.1-20210910-1build1 @@ -1892,7 +1114,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 ncurses/libncurses6@6.3-2 @@ -1903,7 +1125,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 ncurses/ncurses-bin@6.3-2 @@ -1914,7 +1136,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 procps@2:3.3.17-6ubuntu2 @@ -1925,7 +1147,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 util-linux@2.37.2-4ubuntu3 @@ -1936,7 +1158,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -1951,7 +1173,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -1966,7 +1188,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 ncurses/libncursesw6@6.3-2 @@ -1975,7 +1197,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 procps@2:3.3.17-6ubuntu2 @@ -1986,7 +1208,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2001,7 +1223,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 ncurses/libncurses6@6.3-2 @@ -2010,7 +1232,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 procps@2:3.3.17-6ubuntu2 @@ -2021,7 +1243,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 ncurses/ncurses-base@6.3-2 @@ -2030,7 +1252,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 ncurses/ncurses-bin@6.3-2 @@ -2054,6 +1276,8 @@

      References

    • MISC
    • MISC
    • CONFIRM
      • +
    • MLIST
      • +
    • FULLDISC
    @@ -2085,7 +1309,7 @@

    Integer Overflow or Wraparound

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 and krb5/libk5crypto3@1.19.2-2 + docker-image|quay.io/argoproj/argocd@v2.4.16 and krb5/libk5crypto3@1.19.2-2
    • @@ -2098,7 +1322,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 krb5/libk5crypto3@1.19.2-2 @@ -2107,7 +1331,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 adduser@3.118ubuntu5 @@ -2128,7 +1352,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 adduser@3.118ubuntu5 @@ -2151,7 +1375,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 krb5/libkrb5-3@1.19.2-2 @@ -2160,7 +1384,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 adduser@3.118ubuntu5 @@ -2181,7 +1405,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 krb5/libgssapi-krb5-2@1.19.2-2 @@ -2190,7 +1414,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 openssh/openssh-client@1:8.9p1-3 @@ -2201,11 +1425,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 - git@1:2.34.1-1ubuntu1.4 + git@1:2.34.1-1ubuntu1.5 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.4 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.6 krb5/libgssapi-krb5-2@1.19.2-2 @@ -2214,11 +1438,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 - git@1:2.34.1-1ubuntu1.4 + git@1:2.34.1-1ubuntu1.5 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.4 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.6 libssh/libssh-4@0.9.6-2build1 @@ -2229,7 +1453,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 adduser@3.118ubuntu5 @@ -2248,7 +1472,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 meta-common-packages@meta @@ -2306,7 +1530,7 @@

      CVE-2022-3219

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 and gnupg2/gpgv@2.2.27-3ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.4.16 and gnupg2/gpgv@2.2.27-3ubuntu2.1
    @@ -2319,7 +1543,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -2328,7 +1552,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 apt@2.4.8 @@ -2339,7 +1563,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2350,7 +1574,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -2361,7 +1585,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -2372,7 +1596,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2385,7 +1609,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2398,7 +1622,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -2407,7 +1631,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2418,7 +1642,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2431,7 +1655,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1 @@ -2440,7 +1664,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2451,7 +1675,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 @@ -2460,7 +1684,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2471,7 +1695,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -2480,7 +1704,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2491,7 +1715,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2504,7 +1728,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2517,7 +1741,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 gnupg2/gpg-agent@2.2.27-3ubuntu2.1 @@ -2526,7 +1750,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2537,7 +1761,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2550,7 +1774,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2563,7 +1787,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 @@ -2572,7 +1796,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2583,7 +1807,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 @@ -2592,7 +1816,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2603,7 +1827,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 gnupg2/gpgsm@2.2.27-3ubuntu2.1 @@ -2612,7 +1836,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2623,7 +1847,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2674,7 +1898,7 @@

      Allocation of Resources Without Limits or Throttling

      Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 and glibc/libc-bin@2.35-0ubuntu3.1 + docker-image|quay.io/argoproj/argocd@v2.4.16 and glibc/libc-bin@2.35-0ubuntu3.1
    @@ -2687,7 +1911,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 glibc/libc-bin@2.35-0ubuntu3.1 @@ -2696,7 +1920,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 meta-common-packages@meta @@ -2754,7 +1978,7 @@

      Improper Input Validation

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15, git@1:2.34.1-1ubuntu1.4 and others + docker-image|quay.io/argoproj/argocd@v2.4.16, git@1:2.34.1-1ubuntu1.5 and others
    @@ -2766,31 +1990,31 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 - git@1:2.34.1-1ubuntu1.4 + git@1:2.34.1-1ubuntu1.5 - git/git-man@1:2.34.1-1ubuntu1.4 + git/git-man@1:2.34.1-1ubuntu1.5
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 - git@1:2.34.1-1ubuntu1.4 + git@1:2.34.1-1ubuntu1.5
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 git-lfs@3.0.2-1 - git@1:2.34.1-1ubuntu1.4 + git@1:2.34.1-1ubuntu1.5 @@ -2842,7 +2066,7 @@

      Improper Input Validation

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 and coreutils@8.32-4.1ubuntu1 + docker-image|quay.io/argoproj/argocd@v2.4.16 and coreutils@8.32-4.1ubuntu1
    @@ -2855,7 +2079,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.15 + docker-image|quay.io/argoproj/argocd@v2.4.16 coreutils@8.32-4.1ubuntu1 diff --git a/docs/snyk/v2.4.15/redis_7.0.4-alpine.html b/docs/snyk/v2.4.16/redis_7.0.4-alpine.html similarity index 99% rename from docs/snyk/v2.4.15/redis_7.0.4-alpine.html rename to docs/snyk/v2.4.16/redis_7.0.4-alpine.html index ad1c5cd591c69..cdc07d3b5ec4d 100644 --- a/docs/snyk/v2.4.15/redis_7.0.4-alpine.html +++ b/docs/snyk/v2.4.16/redis_7.0.4-alpine.html @@ -456,7 +456,7 @@

      Snyk test report

      -

      October 30th 2022, 12:24:06 am

      +

      November 2nd 2022, 12:51:32 pm

      Scanned the following path: diff --git a/docs/snyk/v2.5.0-rc3/argocd-iac-install.html b/docs/snyk/v2.5.1/argocd-iac-install.html similarity index 99% rename from docs/snyk/v2.5.0-rc3/argocd-iac-install.html rename to docs/snyk/v2.5.1/argocd-iac-install.html index d29cae2a9240c..6128687cfff2e 100644 --- a/docs/snyk/v2.5.0-rc3/argocd-iac-install.html +++ b/docs/snyk/v2.5.1/argocd-iac-install.html @@ -456,7 +456,7 @@

      Snyk test report

      -

      October 30th 2022, 12:22:59 am

      +

      November 2nd 2022, 12:50:27 pm

      Scanned the following path: diff --git a/docs/snyk/v2.5.0-rc3/argocd-iac-namespace-install.html b/docs/snyk/v2.5.1/argocd-iac-namespace-install.html similarity index 99% rename from docs/snyk/v2.5.0-rc3/argocd-iac-namespace-install.html rename to docs/snyk/v2.5.1/argocd-iac-namespace-install.html index 78a3f0349a1ec..9a02ac042678b 100644 --- a/docs/snyk/v2.5.0-rc3/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.5.1/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

      Snyk test report

      -

      October 30th 2022, 12:23:10 am

      +

      November 2nd 2022, 12:50:35 pm

      Scanned the following path: diff --git a/docs/snyk/v2.5.0-rc3/argocd-test.html b/docs/snyk/v2.5.1/argocd-test.html similarity index 99% rename from docs/snyk/v2.5.0-rc3/argocd-test.html rename to docs/snyk/v2.5.1/argocd-test.html index 1a400217f9556..e79d58a27efa5 100644 --- a/docs/snyk/v2.5.0-rc3/argocd-test.html +++ b/docs/snyk/v2.5.1/argocd-test.html @@ -456,7 +456,7 @@

      Snyk test report

      -

      October 30th 2022, 12:21:25 am

      +

      November 2nd 2022, 12:49:09 pm

      Scanned the following paths: diff --git a/docs/snyk/v2.3.10/ghcr.io_dexidp_dex_v2.35.3-distroless.html b/docs/snyk/v2.5.1/ghcr.io_dexidp_dex_v2.35.3-distroless.html similarity index 99% rename from docs/snyk/v2.3.10/ghcr.io_dexidp_dex_v2.35.3-distroless.html rename to docs/snyk/v2.5.1/ghcr.io_dexidp_dex_v2.35.3-distroless.html index a8415413a91a1..cfdb189ab5b63 100644 --- a/docs/snyk/v2.3.10/ghcr.io_dexidp_dex_v2.35.3-distroless.html +++ b/docs/snyk/v2.5.1/ghcr.io_dexidp_dex_v2.35.3-distroless.html @@ -456,7 +456,7 @@

      Snyk test report

      -

      October 30th 2022, 12:25:32 am

      +

      November 2nd 2022, 12:49:13 pm

      Scanned the following path: diff --git a/docs/snyk/v2.5.0-rc3/haproxy_2.6.2-alpine.html b/docs/snyk/v2.5.1/haproxy_2.6.2-alpine.html similarity index 99% rename from docs/snyk/v2.5.0-rc3/haproxy_2.6.2-alpine.html rename to docs/snyk/v2.5.1/haproxy_2.6.2-alpine.html index c190ae25c2367..8a58b5bf6f025 100644 --- a/docs/snyk/v2.5.0-rc3/haproxy_2.6.2-alpine.html +++ b/docs/snyk/v2.5.1/haproxy_2.6.2-alpine.html @@ -456,7 +456,7 @@

      Snyk test report

      -

      October 30th 2022, 12:21:31 am

      +

      November 2nd 2022, 12:49:15 pm

      Scanned the following path: diff --git a/docs/snyk/v2.5.0-rc3/quay.io_argoproj_argocd_v2.5.0-rc3.html b/docs/snyk/v2.5.1/quay.io_argoproj_argocd_v2.5.1.html similarity index 65% rename from docs/snyk/v2.5.0-rc3/quay.io_argoproj_argocd_v2.5.0-rc3.html rename to docs/snyk/v2.5.1/quay.io_argoproj_argocd_v2.5.1.html index 4133c1c06558c..0a2e402b354e5 100644 --- a/docs/snyk/v2.5.0-rc3/quay.io_argoproj_argocd_v2.5.0-rc3.html +++ b/docs/snyk/v2.5.1/quay.io_argoproj_argocd_v2.5.1.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,18 +456,18 @@

      Snyk test report

      -

      October 30th 2022, 12:21:55 am

      +

      November 2nd 2022, 12:49:32 pm

      Scanned the following path:
        -
      • quay.io/argoproj/argocd:v2.5.0-rc3/argoproj/argocd (deb)
        • +
      • quay.io/argoproj/argocd:v2.5.1/argoproj/argocd (deb)
      -
      22 known vulnerabilities
      -
      103 vulnerable dependency paths
      +
      13 known vulnerabilities
      +
      75 vulnerable dependency paths
      162 dependencies
      @@ -477,7 +477,7 @@

      Snyk test report

    Project docker-image|quay.io/argoproj/argocd
    Path quay.io/argoproj/argocd:v2.4.15/argoproj/argocd
    Path quay.io/argoproj/argocd:v2.4.16/argoproj/argocd
    Package Manager deb
    Manifest Dockerfile
    - + @@ -485,711 +485,8 @@

    Snyk test report

    -
    -

    CVE-2022-3515

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - libksba/libksba8 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 and libksba/libksba8@1.6.0-2build1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 - - libksba/libksba8@1.6.0-2build1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 - - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - - libksba/libksba8@1.6.0-2build1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 - - libksba/libksba8@1.6.0-2build1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpgsm@2.2.27-3ubuntu2.1 - - libksba/libksba8@1.6.0-2build1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    This vulnerability has not been analyzed by NVD yet.

    -

    Remediation

    -

    Upgrade Ubuntu:22.04 libksba to version 1.6.0-2ubuntu0.1 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Out-of-bounds Write

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - zlib/zlib1g -
      • - -
    • Introduced through: - - - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3, meta-common-packages@meta and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 - - meta-common-packages@meta - - zlib/zlib1g@1:1.2.11.dfsg-2ubuntu9.1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply to the upstream zlib package. - See How to fix? for Ubuntu:22.04 relevant versions.

    -

    zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).

    -

    Remediation

    -

    Upgrade Ubuntu:22.04 zlib to version 1:1.2.11.dfsg-2ubuntu9.2 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Validation of Array Index

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - sqlite3/libsqlite3-0 -
      • - -
    • Introduced through: - - - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3, gnupg2/gpg@2.2.27-3ubuntu2.1 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - sqlite3/libsqlite3-0@3.37.2-2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply to the upstream sqlite3 package.

    -

    SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 sqlite3.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Verification of Cryptographic Signature

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - perl/perl-modules-5.34 -
      • - -
    • Introduced through: - - - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3, git@1:2.34.1-1ubuntu1.4 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 - - git@1:2.34.1-1ubuntu1.4 - - perl@5.34.0-3ubuntu1 - - perl/perl-modules-5.34@5.34.0-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 - - git@1:2.34.1-1ubuntu1.4 - - perl@5.34.0-3ubuntu1 - - perl/libperl5.34@5.34.0-3ubuntu1 - - perl/perl-modules-5.34@5.34.0-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 - - git@1:2.34.1-1ubuntu1.4 - - perl@5.34.0-3ubuntu1 - - perl/libperl5.34@5.34.0-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 - - git@1:2.34.1-1ubuntu1.4 - - perl@5.34.0-3ubuntu1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 - - meta-common-packages@meta - - perl/perl-base@5.34.0-3ubuntu1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply to the upstream perl package. - See How to fix? for Ubuntu:22.04 relevant versions.

    -

    CPAN 2.28 allows Signature Verification Bypass.

    -

    Remediation

    -

    Upgrade Ubuntu:22.04 perl to version 5.34.0-3ubuntu1.1 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Out-of-bounds Write

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - git/git-man -
      • - -
    • Introduced through: - - - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3, git@1:2.34.1-1ubuntu1.4 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 - - git@1:2.34.1-1ubuntu1.4 - - git/git-man@1:2.34.1-1ubuntu1.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 - - git@1:2.34.1-1ubuntu1.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 - - git-lfs@3.0.2-1 - - git@1:2.34.1-1ubuntu1.4 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply to the upstream git package. - See How to fix? for Ubuntu:22.04 relevant versions.

    -

    Git is an open source, scalable, distributed revision control system. git shell is a restricted login shell that can be used to implement Git's push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the command arguments into an array improperly uses an int to represent the number of entries in the array, allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes. Because the resulting array is then passed to execv(), it is possible to leverage this attack to gain remote code execution on a victim machine. Note that a victim must first allow access to git shell as a login shell in order to be vulnerable to this attack. This problem is patched in versions 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 and users are advised to upgrade to the latest version. Disabling git shell access via remote logins is a viable short-term workaround.

    -

    Remediation

    -

    Upgrade Ubuntu:22.04 git to version 1:2.34.1-1ubuntu1.5 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Link Following

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - git/git-man -
      • - -
    • Introduced through: - - - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3, git@1:2.34.1-1ubuntu1.4 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 - - git@1:2.34.1-1ubuntu1.4 - - git/git-man@1:2.34.1-1ubuntu1.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 - - git@1:2.34.1-1ubuntu1.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 - - git-lfs@3.0.2-1 - - git@1:2.34.1-1ubuntu1.4 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply to the upstream git package. - See How to fix? for Ubuntu:22.04 relevant versions.

    -

    Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and target of the clone are on the same volume), Git copies the contents of the source's $GIT_DIR/objects directory into the destination by either creating hardlinks to the source contents, or copying them (if hardlinks are disabled via --no-hardlinks). A malicious actor could convince a victim to clone a repository with a symbolic link pointing at sensitive information on the victim's machine. This can be done either by having the victim clone a malicious repository on the same machine, or having them clone a malicious repository embedded as a bare repository via a submodule from any source, provided they clone with the --recurse-submodules option. Git does not create symbolic links in the $GIT_DIR/objects directory. The problem has been patched in the versions published on 2022-10-18, and backported to v2.30.x. Potential workarounds: Avoid cloning untrusted repositories using the --local optimization when on a shared machine, either by passing the --no-local option to git clone or cloning from a URL that uses the file:// scheme. Alternatively, avoid cloning repositories from untrusted sources with --recurse-submodules or run git config --global protocol.file.allow user.

    -

    Remediation

    -

    Upgrade Ubuntu:22.04 git to version 1:2.34.1-1ubuntu1.5 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2022-42916

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - curl/libcurl3-gnutls -
      • - -
    • Introduced through: - - - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3, git@1:2.34.1-1ubuntu1.4 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 - - git@1:2.34.1-1ubuntu1.4 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.4 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply to the upstream curl package. - See How to fix? for Ubuntu:22.04 relevant versions.

    -

    In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step) even when HTTP is provided in the URL. This mechanism could be bypassed if the host name in the given URL uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion, e.g., using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop of U+002E (.). The earliest affected version is 7.77.0 2021-05-26.

    -

    Remediation

    -

    Upgrade Ubuntu:22.04 curl to version 7.81.0-1ubuntu1.6 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2022-42915

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - curl/libcurl3-gnutls -
      • - -
    • Introduced through: - - - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3, git@1:2.34.1-1ubuntu1.4 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 - - git@1:2.34.1-1ubuntu1.4 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.4 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    This vulnerability has not been analyzed by NVD yet.

    -

    Remediation

    -

    Upgrade Ubuntu:22.04 curl to version 7.81.0-1ubuntu1.6 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -

    CVE-2022-32221

    +

    Improper Validation of Array Index

    @@ -1205,13 +502,13 @@

    CVE-2022-32221

  • Vulnerable module: - curl/libcurl3-gnutls + sqlite3/libsqlite3-0
  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3, git@1:2.34.1-1ubuntu1.4 and others + docker-image|quay.io/argoproj/argocd@v2.5.1, gnupg2/gpg@2.2.27-3ubuntu2.1 and others
    • @@ -1223,11 +520,11 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 - git@1:2.34.1-1ubuntu1.4 + gnupg2/gpg@2.2.27-3ubuntu2.1 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.4 + sqlite3/libsqlite3-0@3.37.2-2 @@ -1239,18 +536,25 @@

      Detailed paths

      NVD Description

      -

      This vulnerability has not been analyzed by NVD yet.

      +

      Note: Versions mentioned in the description apply to the upstream sqlite3 package.

      +

      SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.

      Remediation

      -

      Upgrade Ubuntu:22.04 curl to version 7.81.0-1ubuntu1.6 or higher.

      +

      There is no fixed version for Ubuntu:22.04 sqlite3.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    @@ -1276,7 +580,7 @@

    Time-of-check Time-of-use (TOCTOU)

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 and shadow/passwd@1:4.8.1-2ubuntu2 + docker-image|quay.io/argoproj/argocd@v2.5.1 and shadow/passwd@1:4.8.1-2ubuntu2
    • @@ -1289,7 +593,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 shadow/passwd@1:4.8.1-2ubuntu2 @@ -1298,7 +602,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 adduser@3.118ubuntu5 @@ -1309,7 +613,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 openssh/openssh-client@1:8.9p1-3 @@ -1320,7 +624,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 shadow/login@1:4.8.1-2ubuntu2 @@ -1345,6 +649,7 @@

      References

    • MLIST
    • RedHat Bugzilla Bug
    • RedHat CVE Database
      • +
    • GENTOO
    @@ -1376,7 +681,7 @@

    Uncontrolled Recursion

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 + docker-image|quay.io/argoproj/argocd@v2.5.1 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1
    • @@ -1389,7 +694,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 @@ -1398,7 +703,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 grep@3.7-1build1 @@ -1457,7 +762,7 @@

      Release of Invalid Pointer or Reference

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 and patch@2.7.6-7build2 + docker-image|quay.io/argoproj/argocd@v2.5.1 and patch@2.7.6-7build2
    @@ -1470,7 +775,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 patch@2.7.6-7build2 @@ -1523,7 +828,7 @@

      Double Free

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 and patch@2.7.6-7build2 + docker-image|quay.io/argoproj/argocd@v2.5.1 and patch@2.7.6-7build2
    @@ -1536,7 +841,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 patch@2.7.6-7build2 @@ -1571,178 +876,6 @@

      References

      More about this vulnerability

    -
    -
    -

    NULL Pointer Dereference

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - openssl/libssl3 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 and openssl/libssl3@3.0.2-0ubuntu1.6 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 - - openssl/libssl3@3.0.2-0ubuntu1.6 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 - - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1 - - openssl/libssl3@3.0.2-0ubuntu1.6 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 - - libfido2/libfido2-1@1.10.0-1 - - openssl/libssl3@3.0.2-0ubuntu1.6 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 - - openssh/openssh-client@1:8.9p1-3 - - openssl/libssl3@3.0.2-0ubuntu1.6 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 - - ca-certificates@20211016 - - openssl@3.0.2-0ubuntu1.6 - - openssl/libssl3@3.0.2-0ubuntu1.6 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 - - git@1:2.34.1-1ubuntu1.4 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.4 - - libssh/libssh-4@0.9.6-2build1 - - openssl/libssl3@3.0.2-0ubuntu1.6 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2 - - pam/libpam-modules@1.4.0-11ubuntu2 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2 - - krb5/libkrb5-3@1.19.2-2 - - openssl/libssl3@3.0.2-0ubuntu1.6 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 - - openssl@3.0.2-0ubuntu1.6 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 - - ca-certificates@20211016 - - openssl@3.0.2-0ubuntu1.6 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply to the upstream openssl package.

    -

    OpenSSL supports creating a custom cipher via the legacy EVP_CIPHER_meth_new() function and associated function calls. This function was deprecated in OpenSSL 3.0 and application authors are instead encouraged to use the new provider mechanism in order to implement custom ciphers. OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy custom ciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and EVP_CipherInit_ex2() functions (as well as other similarly named encryption and decryption initialisation functions). Instead of using the custom cipher directly it incorrectly tries to fetch an equivalent cipher from the available providers. An equivalent cipher is found based on the NID passed to EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NID for a given cipher. However it is possible for an application to incorrectly pass NID_undef as this value in the call to EVP_CIPHER_meth_new(). When NID_undef is used in this way the OpenSSL encryption/decryption initialisation function will match the NULL cipher as being equivalent and will fetch this from the available providers. This will succeed if the default provider has been loaded (or if a third party provider has been loaded that offers this cipher). Using the NULL cipher means that the plaintext is emitted as the ciphertext. Applications are only affected by this issue if they call EVP_CIPHER_meth_new() using NID_undef and subsequently use it in a call to an encryption/decryption initialisation function. Applications that only use SSL/TLS are not impacted by this issue. Fixed in OpenSSL 3.0.6 (Affected 3.0.0-3.0.5).

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 openssl.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    -

    CVE-2021-41617

    @@ -1766,7 +899,7 @@

    CVE-2021-41617

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 and openssh/openssh-client@1:8.9p1-3 + docker-image|quay.io/argoproj/argocd@v2.5.1 and openssh/openssh-client@1:8.9p1-3
    • @@ -1779,7 +912,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 openssh/openssh-client@1:8.9p1-3 @@ -1842,7 +975,7 @@

      Information Exposure

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 and openssh/openssh-client@1:8.9p1-3 + docker-image|quay.io/argoproj/argocd@v2.5.1 and openssh/openssh-client@1:8.9p1-3
    @@ -1855,7 +988,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 openssh/openssh-client@1:8.9p1-3 @@ -1915,7 +1048,7 @@

      Out-of-bounds Read

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 and ncurses/libtinfo6@6.3-2 + docker-image|quay.io/argoproj/argocd@v2.5.1 and ncurses/libtinfo6@6.3-2
    @@ -1928,7 +1061,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 ncurses/libtinfo6@6.3-2 @@ -1937,7 +1070,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 bash@5.1-6ubuntu1 @@ -1948,7 +1081,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 ncurses/libncursesw6@6.3-2 @@ -1959,7 +1092,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 less@590-1build1 @@ -1970,7 +1103,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 libedit/libedit2@3.1-20210910-1build1 @@ -1981,7 +1114,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 ncurses/libncurses6@6.3-2 @@ -1992,7 +1125,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 ncurses/ncurses-bin@6.3-2 @@ -2003,7 +1136,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 procps@2:3.3.17-6ubuntu2 @@ -2014,7 +1147,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 util-linux@2.37.2-4ubuntu3 @@ -2025,7 +1158,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -2040,7 +1173,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2055,7 +1188,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 ncurses/libncursesw6@6.3-2 @@ -2064,7 +1197,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 procps@2:3.3.17-6ubuntu2 @@ -2075,7 +1208,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2090,7 +1223,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 ncurses/libncurses6@6.3-2 @@ -2099,7 +1232,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 procps@2:3.3.17-6ubuntu2 @@ -2110,7 +1243,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 ncurses/ncurses-base@6.3-2 @@ -2119,7 +1252,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 ncurses/ncurses-bin@6.3-2 @@ -2143,6 +1276,8 @@

      References

    • MISC
    • MISC
    • CONFIRM
      • +
    • MLIST
      • +
    • FULLDISC
    @@ -2174,7 +1309,7 @@

    Integer Overflow or Wraparound

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 and krb5/libk5crypto3@1.19.2-2 + docker-image|quay.io/argoproj/argocd@v2.5.1 and krb5/libk5crypto3@1.19.2-2
    • @@ -2187,7 +1322,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 krb5/libk5crypto3@1.19.2-2 @@ -2196,7 +1331,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 adduser@3.118ubuntu5 @@ -2217,7 +1352,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 adduser@3.118ubuntu5 @@ -2240,7 +1375,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 krb5/libkrb5-3@1.19.2-2 @@ -2249,7 +1384,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 adduser@3.118ubuntu5 @@ -2270,7 +1405,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 krb5/libgssapi-krb5-2@1.19.2-2 @@ -2279,7 +1414,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 openssh/openssh-client@1:8.9p1-3 @@ -2290,11 +1425,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 - git@1:2.34.1-1ubuntu1.4 + git@1:2.34.1-1ubuntu1.5 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.4 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.6 krb5/libgssapi-krb5-2@1.19.2-2 @@ -2303,11 +1438,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 - git@1:2.34.1-1ubuntu1.4 + git@1:2.34.1-1ubuntu1.5 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.4 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.6 libssh/libssh-4@0.9.6-2build1 @@ -2318,7 +1453,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 adduser@3.118ubuntu5 @@ -2337,7 +1472,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 meta-common-packages@meta @@ -2395,7 +1530,7 @@

      CVE-2022-3219

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 and gnupg2/gpgv@2.2.27-3ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.5.1 and gnupg2/gpgv@2.2.27-3ubuntu2.1
    @@ -2408,7 +1543,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -2417,7 +1552,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 apt@2.4.8 @@ -2428,7 +1563,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2439,7 +1574,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -2450,7 +1585,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -2461,7 +1596,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2474,7 +1609,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2487,7 +1622,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -2496,7 +1631,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2507,7 +1642,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2520,7 +1655,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1 @@ -2529,7 +1664,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2540,7 +1675,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 @@ -2549,7 +1684,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2560,7 +1695,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -2569,7 +1704,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2580,7 +1715,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2593,7 +1728,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2606,7 +1741,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 gnupg2/gpg-agent@2.2.27-3ubuntu2.1 @@ -2615,7 +1750,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2626,7 +1761,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2639,7 +1774,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2652,7 +1787,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 @@ -2661,7 +1796,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2672,7 +1807,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 @@ -2681,7 +1816,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2692,7 +1827,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 gnupg2/gpgsm@2.2.27-3ubuntu2.1 @@ -2701,7 +1836,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2712,7 +1847,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2763,7 +1898,7 @@

      Allocation of Resources Without Limits or Throttling

      Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 and glibc/libc-bin@2.35-0ubuntu3.1 + docker-image|quay.io/argoproj/argocd@v2.5.1 and glibc/libc-bin@2.35-0ubuntu3.1
    @@ -2776,7 +1911,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 glibc/libc-bin@2.35-0ubuntu3.1 @@ -2785,7 +1920,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 meta-common-packages@meta @@ -2843,7 +1978,7 @@

      Improper Input Validation

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3, git@1:2.34.1-1ubuntu1.4 and others + docker-image|quay.io/argoproj/argocd@v2.5.1, git@1:2.34.1-1ubuntu1.5 and others
    @@ -2855,31 +1990,31 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 - git@1:2.34.1-1ubuntu1.4 + git@1:2.34.1-1ubuntu1.5 - git/git-man@1:2.34.1-1ubuntu1.4 + git/git-man@1:2.34.1-1ubuntu1.5
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 - git@1:2.34.1-1ubuntu1.4 + git@1:2.34.1-1ubuntu1.5
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 git-lfs@3.0.2-1 - git@1:2.34.1-1ubuntu1.4 + git@1:2.34.1-1ubuntu1.5 @@ -2931,7 +2066,7 @@

      Improper Input Validation

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 and coreutils@8.32-4.1ubuntu1 + docker-image|quay.io/argoproj/argocd@v2.5.1 and coreutils@8.32-4.1ubuntu1
    @@ -2944,7 +2079,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.0-rc3 + docker-image|quay.io/argoproj/argocd@v2.5.1 coreutils@8.32-4.1ubuntu1 diff --git a/docs/snyk/v2.5.0-rc3/redis_7.0.5-alpine.html b/docs/snyk/v2.5.1/redis_7.0.5-alpine.html similarity index 99% rename from docs/snyk/v2.5.0-rc3/redis_7.0.5-alpine.html rename to docs/snyk/v2.5.1/redis_7.0.5-alpine.html index c5a3ff76bea79..0da064e1918e1 100644 --- a/docs/snyk/v2.5.0-rc3/redis_7.0.5-alpine.html +++ b/docs/snyk/v2.5.1/redis_7.0.5-alpine.html @@ -456,7 +456,7 @@

      Snyk test report

      -

      October 30th 2022, 12:21:58 am

      +

      November 2nd 2022, 12:49:35 pm

      Scanned the following path: From 9dc60cb656cc78657bd8693eafc6a218edb115d1 Mon Sep 17 00:00:00 2001 From: Zach Aller Date: Thu, 3 Nov 2022 13:54:01 -0500 Subject: [PATCH 016/304] chore: update owners file from membership meeting (#11184) Signed-off-by: zachaller Signed-off-by: zachaller Signed-off-by: emirot --- OWNERS | 2 ++ 1 file changed, 2 insertions(+) diff --git a/OWNERS b/OWNERS index 235b7e3a9f696..2dc34bf6fc359 100644 --- a/OWNERS +++ b/OWNERS @@ -27,3 +27,5 @@ reviewers: - wanghong230 - ciiay - saumeya +- zachaller +- 34fathombelow From 1ddada1e2e59603c37cbac81db33640a30100587 Mon Sep 17 00:00:00 2001 From: Justin Marquis <34fathombelow@protonmail.com> Date: Thu, 3 Nov 2022 12:00:48 -0700 Subject: [PATCH 017/304] fix: upgrade redis-ha chart to 4.22.3, redis regression (#11176) * chore: upgrade redis-ha chart to 4.22.3, redis regression Signed-off-by: Justin Marquis <34fathombelow@protonmail.com> * fix manifest Signed-off-by: Justin Marquis <34fathombelow@protonmail.com> * fix missing cidr Signed-off-by: Justin Marquis <34fathombelow@protonmail.com> * fix typo Signed-off-by: Justin Marquis <34fathombelow@protonmail.com> * fix typo Signed-off-by: Justin Marquis <34fathombelow@protonmail.com> Signed-off-by: Justin Marquis <34fathombelow@protonmail.com> Signed-off-by: emirot --- .../redis/argocd-redis-network-policy.yaml | 3 +- manifests/core-install.yaml | 3 +- .../argocd-redis-ha-proxy-network-policy.yaml | 3 +- ...argocd-redis-ha-server-network-policy.yaml | 3 +- .../ha/base/redis-ha/chart/requirements.lock | 6 +- .../ha/base/redis-ha/chart/requirements.yaml | 2 +- .../ha/base/redis-ha/chart/upstream.yaml | 85 ++++++++++--------- manifests/ha/base/redis-ha/chart/values.yaml | 5 +- ...tatefulset-containers-securityContext.yaml | 9 ++ manifests/ha/install.yaml | 50 +++++------ manifests/ha/namespace-install.yaml | 50 +++++------ manifests/install.yaml | 3 +- manifests/namespace-install.yaml | 3 +- 13 files changed, 124 insertions(+), 101 deletions(-) diff --git a/manifests/base/redis/argocd-redis-network-policy.yaml b/manifests/base/redis/argocd-redis-network-policy.yaml index 261d27fc9acf0..a0f29d973a247 100644 --- a/manifests/base/redis/argocd-redis-network-policy.yaml +++ b/manifests/base/redis/argocd-redis-network-policy.yaml @@ -25,7 +25,8 @@ spec: port: 6379 egress: - to: - - namespaceSelector: {} + - ipBlock: + cidr: 0.0.0.0/0 ports: - port: 53 protocol: UDP diff --git a/manifests/core-install.yaml b/manifests/core-install.yaml index bbd8f3cc3a932..959582d68c4b2 100644 --- a/manifests/core-install.yaml +++ b/manifests/core-install.yaml @@ -10301,7 +10301,8 @@ spec: - port: 53 protocol: TCP to: - - namespaceSelector: {} + - ipBlock: + cidr: 0.0.0.0/0 ingress: - from: - podSelector: diff --git a/manifests/ha/base/redis-ha/argocd-redis-ha-proxy-network-policy.yaml b/manifests/ha/base/redis-ha/argocd-redis-ha-proxy-network-policy.yaml index 168bfc3278317..bf21d91f3060a 100644 --- a/manifests/ha/base/redis-ha/argocd-redis-ha-proxy-network-policy.yaml +++ b/manifests/ha/base/redis-ha/argocd-redis-ha-proxy-network-policy.yaml @@ -36,7 +36,8 @@ spec: - port: 26379 protocol: TCP - to: - - namespaceSelector: {} + - ipBlock: + cidr: 0.0.0.0/0 ports: - port: 53 protocol: UDP diff --git a/manifests/ha/base/redis-ha/argocd-redis-ha-server-network-policy.yaml b/manifests/ha/base/redis-ha/argocd-redis-ha-server-network-policy.yaml index 0e8add7895424..04c5ddd94f6d0 100644 --- a/manifests/ha/base/redis-ha/argocd-redis-ha-server-network-policy.yaml +++ b/manifests/ha/base/redis-ha/argocd-redis-ha-server-network-policy.yaml @@ -33,7 +33,8 @@ spec: - port: 26379 protocol: TCP - to: - - namespaceSelector: {} + - ipBlock: + cidr: 0.0.0.0/0 ports: - port: 53 protocol: UDP diff --git a/manifests/ha/base/redis-ha/chart/requirements.lock b/manifests/ha/base/redis-ha/chart/requirements.lock index 177f7486a0d87..9e5e9273942da 100644 --- a/manifests/ha/base/redis-ha/chart/requirements.lock +++ b/manifests/ha/base/redis-ha/chart/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: redis-ha repository: https://dandydeveloper.github.io/charts - version: 4.17.8 -digest: sha256:24b66a7cd8e6ec23502173bd643bfaa66cf0d062df0361370226754e0cedda12 -generated: "2022-08-12T00:12:34.042365707-07:00" + version: 4.22.3 +digest: sha256:ae773caf65b172bdd2216072c03ba76ef3c0383dbd1e2478934a67b9455f6a2e +generated: "2022-11-02T16:57:25.047025473-07:00" diff --git a/manifests/ha/base/redis-ha/chart/requirements.yaml b/manifests/ha/base/redis-ha/chart/requirements.yaml index 50117942dbf73..bdcde75a60727 100644 --- a/manifests/ha/base/redis-ha/chart/requirements.yaml +++ b/manifests/ha/base/redis-ha/chart/requirements.yaml @@ -1,4 +1,4 @@ dependencies: - name: redis-ha - version: 4.17.8 + version: 4.22.3 repository: https://dandydeveloper.github.io/charts diff --git a/manifests/ha/base/redis-ha/chart/upstream.yaml b/manifests/ha/base/redis-ha/chart/upstream.yaml index 586b83427a555..918bba8a78d77 100644 --- a/manifests/ha/base/redis-ha/chart/upstream.yaml +++ b/manifests/ha/base/redis-ha/chart/upstream.yaml @@ -9,7 +9,7 @@ metadata: labels: heritage: Helm release: argocd - chart: redis-ha-4.17.8 + chart: redis-ha-4.22.3 app: argocd-redis-ha --- # Source: redis-ha/charts/redis-ha/templates/redis-haproxy-serviceaccount.yaml @@ -21,7 +21,7 @@ metadata: labels: heritage: Helm release: argocd - chart: redis-ha-4.17.8 + chart: redis-ha-4.22.3 app: argocd-redis-ha --- # Source: redis-ha/charts/redis-ha/templates/redis-ha-configmap.yaml @@ -33,7 +33,7 @@ metadata: labels: heritage: Helm release: argocd - chart: redis-ha-4.17.8 + chart: redis-ha-4.22.3 app: argocd-redis-ha data: redis.conf: | @@ -41,7 +41,6 @@ data: port 6379 rename-command FLUSHDB "" rename-command FLUSHALL "" - bind 0.0.0.0 maxmemory 0 maxmemory-policy volatile-lru min-replicas-max-lag 5 @@ -54,7 +53,6 @@ data: sentinel.conf: | dir "/data" port 26379 - bind 0.0.0.0 sentinel down-after-milliseconds argocd 10000 sentinel failover-timeout argocd 180000 maxclients 10000 @@ -176,11 +174,11 @@ data: echo "Getting redis master ip.." echo " blindly assuming (${SERVICE}-announce-0) or (${SERVICE}-server-0) are master" DEFAULT_MASTER="$(getent_hosts 0 | awk '{ print $1 }')" - echo " identified redis (may be redis master) ip (${DEFAULT_MASTER})" if [ -z "${DEFAULT_MASTER}" ]; then echo "Error: Unable to resolve redis master (getent hosts)." exit 1 fi + echo " identified redis (may be redis master) ip (${DEFAULT_MASTER})" echo "Setting default slave config for redis and sentinel.." echo " using master ip (${DEFAULT_MASTER})" redis_update "${DEFAULT_MASTER}" @@ -277,11 +275,7 @@ data: getent_hosts() { index=${1:-${INDEX}} service="${SERVICE}-announce-${index}" - pod="${SERVICE}-server-${index}" host=$(getent hosts "${service}") - if [ -z "${host}" ]; then - host=$(getent hosts "${pod}") - fi echo "${host}" } @@ -443,11 +437,11 @@ data: echo "Getting redis master ip.." echo " blindly assuming (${SERVICE}-announce-0) or (${SERVICE}-server-0) are master" DEFAULT_MASTER="$(getent_hosts 0 | awk '{ print $1 }')" - echo " identified redis (may be redis master) ip (${DEFAULT_MASTER})" if [ -z "${DEFAULT_MASTER}" ]; then echo "Error: Unable to resolve redis master (getent hosts)." exit 1 fi + echo " identified redis (may be redis master) ip (${DEFAULT_MASTER})" echo "Setting default slave config for redis and sentinel.." echo " using master ip (${DEFAULT_MASTER})" redis_update "${DEFAULT_MASTER}" @@ -544,11 +538,7 @@ data: getent_hosts() { index=${1:-${INDEX}} service="${SERVICE}-announce-${index}" - pod="${SERVICE}-server-${index}" host=$(getent hosts "${service}") - if [ -z "${host}" ]; then - host=$(getent hosts "${pod}") - fi echo "${host}" } @@ -593,18 +583,24 @@ data: identify_announce_ip + while [ -z "${ANNOUNCE_IP}" ]; do + echo "Error: Could not resolve the announce ip for this pod." + sleep 30 + identify_announce_ip + done + while true; do sleep 60 # where is redis master identify_master - if [ "$MASTER" == "$ANNOUNCE_IP" ]; then + if [ "$MASTER" = "$ANNOUNCE_IP" ]; then redis_role if [ "$ROLE" != "master" ]; then reinit fi - else + elif [ "${MASTER}" ]; then identify_redis_master if [ "$REDIS_MASTER" != "$MASTER" ]; then reinit @@ -622,7 +618,7 @@ data: timeout check 2s listen health_check_http_url - bind [::]:8888 v4v6 + bind [::]:8888 v4v6 mode http monitor-uri /healthz option dontlognull @@ -636,7 +632,6 @@ data: tcp-check send SENTINEL\ get-master-addr-by-name\ argocd\r\n tcp-check expect string REPLACE_ANNOUNCE0 tcp-check send QUIT\r\n - tcp-check expect string +OK server R0 argocd-redis-ha-announce-0:26379 check inter 3s server R1 argocd-redis-ha-announce-1:26379 check inter 3s server R2 argocd-redis-ha-announce-2:26379 check inter 3s @@ -650,7 +645,6 @@ data: tcp-check send SENTINEL\ get-master-addr-by-name\ argocd\r\n tcp-check expect string REPLACE_ANNOUNCE1 tcp-check send QUIT\r\n - tcp-check expect string +OK server R0 argocd-redis-ha-announce-0:26379 check inter 3s server R1 argocd-redis-ha-announce-1:26379 check inter 3s server R2 argocd-redis-ha-announce-2:26379 check inter 3s @@ -664,7 +658,6 @@ data: tcp-check send SENTINEL\ get-master-addr-by-name\ argocd\r\n tcp-check expect string REPLACE_ANNOUNCE2 tcp-check send QUIT\r\n - tcp-check expect string +OK server R0 argocd-redis-ha-announce-0:26379 check inter 3s server R1 argocd-redis-ha-announce-1:26379 check inter 3s server R2 argocd-redis-ha-announce-2:26379 check inter 3s @@ -764,7 +757,7 @@ metadata: labels: heritage: Helm release: argocd - chart: redis-ha-4.17.8 + chart: redis-ha-4.22.3 app: argocd-redis-ha data: redis_liveness.sh: | @@ -814,7 +807,7 @@ metadata: app: redis-ha heritage: "Helm" release: "argocd" - chart: redis-ha-4.17.8 + chart: redis-ha-4.22.3 rules: - apiGroups: - "" @@ -833,7 +826,7 @@ metadata: app: redis-ha heritage: "Helm" release: "argocd" - chart: redis-ha-4.17.8 + chart: redis-ha-4.22.3 component: argocd-redis-ha-haproxy rules: - apiGroups: @@ -853,7 +846,7 @@ metadata: app: redis-ha heritage: "Helm" release: "argocd" - chart: redis-ha-4.17.8 + chart: redis-ha-4.22.3 subjects: - kind: ServiceAccount name: argocd-redis-ha @@ -872,7 +865,7 @@ metadata: app: redis-ha heritage: "Helm" release: "argocd" - chart: redis-ha-4.17.8 + chart: redis-ha-4.22.3 component: argocd-redis-ha-haproxy subjects: - kind: ServiceAccount @@ -892,7 +885,7 @@ metadata: app: redis-ha heritage: "Helm" release: "argocd" - chart: redis-ha-4.17.8 + chart: redis-ha-4.22.3 annotations: service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" spec: @@ -922,7 +915,7 @@ metadata: app: redis-ha heritage: "Helm" release: "argocd" - chart: redis-ha-4.17.8 + chart: redis-ha-4.22.3 annotations: service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" spec: @@ -952,7 +945,7 @@ metadata: app: redis-ha heritage: "Helm" release: "argocd" - chart: redis-ha-4.17.8 + chart: redis-ha-4.22.3 annotations: service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" spec: @@ -982,7 +975,7 @@ metadata: app: redis-ha heritage: "Helm" release: "argocd" - chart: redis-ha-4.17.8 + chart: redis-ha-4.22.3 annotations: spec: type: ClusterIP @@ -1010,7 +1003,7 @@ metadata: app: redis-ha heritage: "Helm" release: "argocd" - chart: redis-ha-4.17.8 + chart: redis-ha-4.22.3 component: argocd-redis-ha-haproxy annotations: spec: @@ -1034,7 +1027,7 @@ metadata: app: redis-ha heritage: "Helm" release: "argocd" - chart: redis-ha-4.17.8 + chart: redis-ha-4.22.3 spec: strategy: type: RollingUpdate @@ -1052,11 +1045,15 @@ spec: release: argocd revision: "1" annotations: - checksum/config: 33967cee643b636d6e9a66e82b7f85814ceb8c55fba7a1d8af439ef056934e5c + checksum/config: 1f7a9ffcacb3871ceb9b0741c0714e3f7fa656d426a398c1f727fffb01073f35 spec: # Needed when using unmodified rbac-setup.yml serviceAccountName: argocd-redis-ha-haproxy + securityContext: + fsGroup: 99 + runAsNonRoot: true + runAsUser: 99 nodeSelector: {} tolerations: @@ -1080,20 +1077,20 @@ spec: - sh args: - /readonly/haproxy_init.sh + securityContext: + null volumeMounts: - name: config-volume mountPath: /readonly readOnly: true - name: data mountPath: /data - securityContext: - fsGroup: 1000 - runAsNonRoot: true - runAsUser: 1000 containers: - name: haproxy image: haproxy:2.6.2-alpine imagePullPolicy: IfNotPresent + securityContext: + null livenessProbe: httpGet: path: /healthz @@ -1140,7 +1137,7 @@ metadata: app: redis-ha heritage: "Helm" release: "argocd" - chart: redis-ha-4.17.8 + chart: redis-ha-4.22.3 annotations: {} spec: @@ -1156,7 +1153,7 @@ spec: template: metadata: annotations: - checksum/init-config: 226aec192d2f29b5355769c9f1fbf093bf36c3a1e15b574b71fb8fe73fd37c05 + checksum/init-config: 84ccf6a9b8a7fa3ae5b62a8f17d6c65a5197e9605da9b2761179bf942828eefe labels: release: argocd app: redis-ha @@ -1172,7 +1169,7 @@ spec: release: argocd argocd-redis-ha: replica topologyKey: kubernetes.io/hostname - securityContext: + securityContext: fsGroup: 1000 runAsNonRoot: true runAsUser: 1000 @@ -1188,6 +1185,8 @@ spec: - sh args: - /readonly-config/init.sh + securityContext: + null env: - name: SENTINEL_ID_0 value: 3c0d9c0320bb34888c2df5757c718ce6ca992ce6 @@ -1211,6 +1210,8 @@ spec: - redis-server args: - /data/conf/redis.conf + securityContext: + null livenessProbe: initialDelaySeconds: 30 periodSeconds: 15 @@ -1259,6 +1260,8 @@ spec: - redis-sentinel args: - /data/conf/sentinel.conf + securityContext: + null livenessProbe: initialDelaySeconds: 30 periodSeconds: 15 @@ -1301,6 +1304,8 @@ spec: - sh args: - /readonly-config/fix-split-brain.sh + securityContext: + null env: - name: SENTINEL_ID_0 value: 3c0d9c0320bb34888c2df5757c718ce6ca992ce6 diff --git a/manifests/ha/base/redis-ha/chart/values.yaml b/manifests/ha/base/redis-ha/chart/values.yaml index 25a6c855f2847..ca2e7295e00d7 100644 --- a/manifests/ha/base/redis-ha/chart/values.yaml +++ b/manifests/ha/base/redis-ha/chart/values.yaml @@ -5,16 +5,15 @@ redis-ha: masterGroupName: argocd config: save: "\"\"" - bind: "0.0.0.0" haproxy: enabled: true image: tag: 2.6.2-alpine + containerSecurityContext: null timeout: server: 6m client: 6m checkInterval: 3s image: tag: 7.0.5-alpine - sentinel: - bind: "0.0.0.0" + containerSecurityContext: null diff --git a/manifests/ha/base/redis-ha/overlays/statefulset-containers-securityContext.yaml b/manifests/ha/base/redis-ha/overlays/statefulset-containers-securityContext.yaml index 3152797d2b8af..386b219575eb7 100644 --- a/manifests/ha/base/redis-ha/overlays/statefulset-containers-securityContext.yaml +++ b/manifests/ha/base/redis-ha/overlays/statefulset-containers-securityContext.yaml @@ -25,3 +25,12 @@ - ALL seccompProfile: type: RuntimeDefault +- op: add + path: /spec/template/spec/containers/2/securityContext + value: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault diff --git a/manifests/ha/install.yaml b/manifests/ha/install.yaml index d22dd2eb073b8..1cdac6f264cd2 100644 --- a/manifests/ha/install.yaml +++ b/manifests/ha/install.yaml @@ -9911,11 +9911,11 @@ data: echo "Getting redis master ip.." echo " blindly assuming (${SERVICE}-announce-0) or (${SERVICE}-server-0) are master" DEFAULT_MASTER="$(getent_hosts 0 | awk '{ print $1 }')" - echo " identified redis (may be redis master) ip (${DEFAULT_MASTER})" if [ -z "${DEFAULT_MASTER}" ]; then echo "Error: Unable to resolve redis master (getent hosts)." exit 1 fi + echo " identified redis (may be redis master) ip (${DEFAULT_MASTER})" echo "Setting default slave config for redis and sentinel.." echo " using master ip (${DEFAULT_MASTER})" redis_update "${DEFAULT_MASTER}" @@ -10012,11 +10012,7 @@ data: getent_hosts() { index=${1:-${INDEX}} service="${SERVICE}-announce-${index}" - pod="${SERVICE}-server-${index}" host=$(getent hosts "${service}") - if [ -z "${host}" ]; then - host=$(getent hosts "${pod}") - fi echo "${host}" } @@ -10061,18 +10057,24 @@ data: identify_announce_ip + while [ -z "${ANNOUNCE_IP}" ]; do + echo "Error: Could not resolve the announce ip for this pod." + sleep 30 + identify_announce_ip + done + while true; do sleep 60 # where is redis master identify_master - if [ "$MASTER" == "$ANNOUNCE_IP" ]; then + if [ "$MASTER" = "$ANNOUNCE_IP" ]; then redis_role if [ "$ROLE" != "master" ]; then reinit fi - else + elif [ "${MASTER}" ]; then identify_redis_master if [ "$REDIS_MASTER" != "$MASTER" ]; then reinit @@ -10088,7 +10090,7 @@ data: timeout check 2s listen health_check_http_url - bind [::]:8888 v4v6 + bind [::]:8888 v4v6 mode http monitor-uri /healthz option dontlognull @@ -10102,7 +10104,6 @@ data: tcp-check send SENTINEL\ get-master-addr-by-name\ argocd\r\n tcp-check expect string REPLACE_ANNOUNCE0 tcp-check send QUIT\r\n - tcp-check expect string +OK server R0 argocd-redis-ha-announce-0:26379 check inter 3s server R1 argocd-redis-ha-announce-1:26379 check inter 3s server R2 argocd-redis-ha-announce-2:26379 check inter 3s @@ -10116,7 +10117,6 @@ data: tcp-check send SENTINEL\ get-master-addr-by-name\ argocd\r\n tcp-check expect string REPLACE_ANNOUNCE1 tcp-check send QUIT\r\n - tcp-check expect string +OK server R0 argocd-redis-ha-announce-0:26379 check inter 3s server R1 argocd-redis-ha-announce-1:26379 check inter 3s server R2 argocd-redis-ha-announce-2:26379 check inter 3s @@ -10130,7 +10130,6 @@ data: tcp-check send SENTINEL\ get-master-addr-by-name\ argocd\r\n tcp-check expect string REPLACE_ANNOUNCE2 tcp-check send QUIT\r\n - tcp-check expect string +OK server R0 argocd-redis-ha-announce-0:26379 check inter 3s server R1 argocd-redis-ha-announce-1:26379 check inter 3s server R2 argocd-redis-ha-announce-2:26379 check inter 3s @@ -10306,11 +10305,11 @@ data: echo "Getting redis master ip.." echo " blindly assuming (${SERVICE}-announce-0) or (${SERVICE}-server-0) are master" DEFAULT_MASTER="$(getent_hosts 0 | awk '{ print $1 }')" - echo " identified redis (may be redis master) ip (${DEFAULT_MASTER})" if [ -z "${DEFAULT_MASTER}" ]; then echo "Error: Unable to resolve redis master (getent hosts)." exit 1 fi + echo " identified redis (may be redis master) ip (${DEFAULT_MASTER})" echo "Setting default slave config for redis and sentinel.." echo " using master ip (${DEFAULT_MASTER})" redis_update "${DEFAULT_MASTER}" @@ -10407,11 +10406,7 @@ data: getent_hosts() { index=${1:-${INDEX}} service="${SERVICE}-announce-${index}" - pod="${SERVICE}-server-${index}" host=$(getent hosts "${service}") - if [ -z "${host}" ]; then - host=$(getent hosts "${pod}") - fi echo "${host}" } @@ -10459,7 +10454,6 @@ data: port 6379 rename-command FLUSHDB "" rename-command FLUSHALL "" - bind 0.0.0.0 maxmemory 0 maxmemory-policy volatile-lru min-replicas-max-lag 5 @@ -10471,7 +10465,6 @@ data: sentinel.conf: | dir "/data" port 26379 - bind 0.0.0.0 sentinel down-after-milliseconds argocd 10000 sentinel failover-timeout argocd 180000 maxclients 10000 @@ -11159,7 +11152,7 @@ spec: template: metadata: annotations: - checksum/config: 33967cee643b636d6e9a66e82b7f85814ceb8c55fba7a1d8af439ef056934e5c + checksum/config: 1f7a9ffcacb3871ceb9b0741c0714e3f7fa656d426a398c1f727fffb01073f35 labels: app.kubernetes.io/name: argocd-redis-ha-haproxy name: argocd-redis-ha-haproxy @@ -11225,9 +11218,9 @@ spec: - mountPath: /data name: data securityContext: - fsGroup: 1000 + fsGroup: 99 runAsNonRoot: true - runAsUser: 1000 + runAsUser: 99 serviceAccountName: argocd-redis-ha-haproxy volumes: - configMap: @@ -12025,7 +12018,7 @@ spec: template: metadata: annotations: - checksum/init-config: 226aec192d2f29b5355769c9f1fbf093bf36c3a1e15b574b71fb8fe73fd37c05 + checksum/init-config: 84ccf6a9b8a7fa3ae5b62a8f17d6c65a5197e9605da9b2761179bf942828eefe labels: app.kubernetes.io/name: argocd-redis-ha spec: @@ -12151,6 +12144,13 @@ spec: imagePullPolicy: IfNotPresent name: split-brain-fix resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault volumeMounts: - mountPath: /readonly-config name: config @@ -12303,7 +12303,8 @@ spec: - port: 53 protocol: TCP to: - - namespaceSelector: {} + - ipBlock: + cidr: 0.0.0.0/0 ingress: - from: - podSelector: @@ -12348,7 +12349,8 @@ spec: - port: 53 protocol: TCP to: - - namespaceSelector: {} + - ipBlock: + cidr: 0.0.0.0/0 ingress: - from: - podSelector: diff --git a/manifests/ha/namespace-install.yaml b/manifests/ha/namespace-install.yaml index ed1cf578989ab..af6e259295c21 100644 --- a/manifests/ha/namespace-install.yaml +++ b/manifests/ha/namespace-install.yaml @@ -577,11 +577,11 @@ data: echo "Getting redis master ip.." echo " blindly assuming (${SERVICE}-announce-0) or (${SERVICE}-server-0) are master" DEFAULT_MASTER="$(getent_hosts 0 | awk '{ print $1 }')" - echo " identified redis (may be redis master) ip (${DEFAULT_MASTER})" if [ -z "${DEFAULT_MASTER}" ]; then echo "Error: Unable to resolve redis master (getent hosts)." exit 1 fi + echo " identified redis (may be redis master) ip (${DEFAULT_MASTER})" echo "Setting default slave config for redis and sentinel.." echo " using master ip (${DEFAULT_MASTER})" redis_update "${DEFAULT_MASTER}" @@ -678,11 +678,7 @@ data: getent_hosts() { index=${1:-${INDEX}} service="${SERVICE}-announce-${index}" - pod="${SERVICE}-server-${index}" host=$(getent hosts "${service}") - if [ -z "${host}" ]; then - host=$(getent hosts "${pod}") - fi echo "${host}" } @@ -727,18 +723,24 @@ data: identify_announce_ip + while [ -z "${ANNOUNCE_IP}" ]; do + echo "Error: Could not resolve the announce ip for this pod." + sleep 30 + identify_announce_ip + done + while true; do sleep 60 # where is redis master identify_master - if [ "$MASTER" == "$ANNOUNCE_IP" ]; then + if [ "$MASTER" = "$ANNOUNCE_IP" ]; then redis_role if [ "$ROLE" != "master" ]; then reinit fi - else + elif [ "${MASTER}" ]; then identify_redis_master if [ "$REDIS_MASTER" != "$MASTER" ]; then reinit @@ -754,7 +756,7 @@ data: timeout check 2s listen health_check_http_url - bind [::]:8888 v4v6 + bind [::]:8888 v4v6 mode http monitor-uri /healthz option dontlognull @@ -768,7 +770,6 @@ data: tcp-check send SENTINEL\ get-master-addr-by-name\ argocd\r\n tcp-check expect string REPLACE_ANNOUNCE0 tcp-check send QUIT\r\n - tcp-check expect string +OK server R0 argocd-redis-ha-announce-0:26379 check inter 3s server R1 argocd-redis-ha-announce-1:26379 check inter 3s server R2 argocd-redis-ha-announce-2:26379 check inter 3s @@ -782,7 +783,6 @@ data: tcp-check send SENTINEL\ get-master-addr-by-name\ argocd\r\n tcp-check expect string REPLACE_ANNOUNCE1 tcp-check send QUIT\r\n - tcp-check expect string +OK server R0 argocd-redis-ha-announce-0:26379 check inter 3s server R1 argocd-redis-ha-announce-1:26379 check inter 3s server R2 argocd-redis-ha-announce-2:26379 check inter 3s @@ -796,7 +796,6 @@ data: tcp-check send SENTINEL\ get-master-addr-by-name\ argocd\r\n tcp-check expect string REPLACE_ANNOUNCE2 tcp-check send QUIT\r\n - tcp-check expect string +OK server R0 argocd-redis-ha-announce-0:26379 check inter 3s server R1 argocd-redis-ha-announce-1:26379 check inter 3s server R2 argocd-redis-ha-announce-2:26379 check inter 3s @@ -972,11 +971,11 @@ data: echo "Getting redis master ip.." echo " blindly assuming (${SERVICE}-announce-0) or (${SERVICE}-server-0) are master" DEFAULT_MASTER="$(getent_hosts 0 | awk '{ print $1 }')" - echo " identified redis (may be redis master) ip (${DEFAULT_MASTER})" if [ -z "${DEFAULT_MASTER}" ]; then echo "Error: Unable to resolve redis master (getent hosts)." exit 1 fi + echo " identified redis (may be redis master) ip (${DEFAULT_MASTER})" echo "Setting default slave config for redis and sentinel.." echo " using master ip (${DEFAULT_MASTER})" redis_update "${DEFAULT_MASTER}" @@ -1073,11 +1072,7 @@ data: getent_hosts() { index=${1:-${INDEX}} service="${SERVICE}-announce-${index}" - pod="${SERVICE}-server-${index}" host=$(getent hosts "${service}") - if [ -z "${host}" ]; then - host=$(getent hosts "${pod}") - fi echo "${host}" } @@ -1125,7 +1120,6 @@ data: port 6379 rename-command FLUSHDB "" rename-command FLUSHALL "" - bind 0.0.0.0 maxmemory 0 maxmemory-policy volatile-lru min-replicas-max-lag 5 @@ -1137,7 +1131,6 @@ data: sentinel.conf: | dir "/data" port 26379 - bind 0.0.0.0 sentinel down-after-milliseconds argocd 10000 sentinel failover-timeout argocd 180000 maxclients 10000 @@ -1825,7 +1818,7 @@ spec: template: metadata: annotations: - checksum/config: 33967cee643b636d6e9a66e82b7f85814ceb8c55fba7a1d8af439ef056934e5c + checksum/config: 1f7a9ffcacb3871ceb9b0741c0714e3f7fa656d426a398c1f727fffb01073f35 labels: app.kubernetes.io/name: argocd-redis-ha-haproxy name: argocd-redis-ha-haproxy @@ -1891,9 +1884,9 @@ spec: - mountPath: /data name: data securityContext: - fsGroup: 1000 + fsGroup: 99 runAsNonRoot: true - runAsUser: 1000 + runAsUser: 99 serviceAccountName: argocd-redis-ha-haproxy volumes: - configMap: @@ -2691,7 +2684,7 @@ spec: template: metadata: annotations: - checksum/init-config: 226aec192d2f29b5355769c9f1fbf093bf36c3a1e15b574b71fb8fe73fd37c05 + checksum/init-config: 84ccf6a9b8a7fa3ae5b62a8f17d6c65a5197e9605da9b2761179bf942828eefe labels: app.kubernetes.io/name: argocd-redis-ha spec: @@ -2817,6 +2810,13 @@ spec: imagePullPolicy: IfNotPresent name: split-brain-fix resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault volumeMounts: - mountPath: /readonly-config name: config @@ -2969,7 +2969,8 @@ spec: - port: 53 protocol: TCP to: - - namespaceSelector: {} + - ipBlock: + cidr: 0.0.0.0/0 ingress: - from: - podSelector: @@ -3014,7 +3015,8 @@ spec: - port: 53 protocol: TCP to: - - namespaceSelector: {} + - ipBlock: + cidr: 0.0.0.0/0 ingress: - from: - podSelector: diff --git a/manifests/install.yaml b/manifests/install.yaml index a713fb387940a..32b793b23213c 100644 --- a/manifests/install.yaml +++ b/manifests/install.yaml @@ -11118,7 +11118,8 @@ spec: - port: 53 protocol: TCP to: - - namespaceSelector: {} + - ipBlock: + cidr: 0.0.0.0/0 ingress: - from: - podSelector: diff --git a/manifests/namespace-install.yaml b/manifests/namespace-install.yaml index 7db9f5497cba6..232357ce81083 100644 --- a/manifests/namespace-install.yaml +++ b/manifests/namespace-install.yaml @@ -1784,7 +1784,8 @@ spec: - port: 53 protocol: TCP to: - - namespaceSelector: {} + - ipBlock: + cidr: 0.0.0.0/0 ingress: - from: - podSelector: From 13240799539865b82055bb021204bad833726aa7 Mon Sep 17 00:00:00 2001 From: Leonardo Luz Almeida Date: Thu, 3 Nov 2022 15:02:13 -0400 Subject: [PATCH 018/304] fix: handle apiGroup updates in resource-tracking (#11012) * fix: handle apiGroup updates in resource-tracking Signed-off-by: Leonardo Luz Almeida * Fix test Signed-off-by: Leonardo Luz Almeida * change the fix approach by inspecting tracking id from the config Signed-off-by: Leonardo Luz Almeida * add unit-test to validate the scenario Signed-off-by: Leonardo Luz Almeida * fix test lint Signed-off-by: Leonardo Luz Almeida * review fixes Signed-off-by: Leonardo Luz Almeida * Reword godocs for clarity Signed-off-by: Leonardo Luz Almeida Signed-off-by: Leonardo Luz Almeida Signed-off-by: emirot --- controller/state.go | 60 +++++++++++++++------- controller/state_test.go | 91 +++++++++++++++++++++++++++------- controller/sync.go | 2 +- util/argo/diff/diff.go | 2 +- util/argo/resource_tracking.go | 43 ++++++++-------- 5 files changed, 140 insertions(+), 58 deletions(-) diff --git a/controller/state.go b/controller/state.go index 3c7976e20a9ae..8cbc78d2b4274 100644 --- a/controller/state.go +++ b/controller/state.go @@ -514,7 +514,7 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *ap } gvk := obj.GroupVersionKind() - isSelfReferencedObj := m.isSelfReferencedObj(liveObj, appLabelKey, trackingMethod) + isSelfReferencedObj := m.isSelfReferencedObj(liveObj, targetObj, app.GetName(), appLabelKey, trackingMethod) resState := v1alpha1.ResourceStatus{ Namespace: obj.GetNamespace(), @@ -699,12 +699,13 @@ func NewAppStateManager( } // isSelfReferencedObj returns whether the given obj is managed by the application -// according to the values in the tracking annotation. It returns true when all -// of the properties in the annotation (name, namespace, group and kind) match -// the properties of the inspected object, or if the tracking method used does -// not provide the required properties for matching. -func (m *appStateManager) isSelfReferencedObj(obj *unstructured.Unstructured, appLabelKey string, trackingMethod v1alpha1.TrackingMethod) bool { - if obj == nil { +// according to the values of the tracking id (aka app instance value) annotation. +// It returns true when all of the properties of the tracking id (app name, namespace, +// group and kind) match the properties of the live object, or if the tracking method +// used does not provide the required properties for matching. +// Reference: https://github.com/argoproj/argo-cd/issues/8683 +func (m *appStateManager) isSelfReferencedObj(live, config *unstructured.Unstructured, appName, appLabelKey string, trackingMethod v1alpha1.TrackingMethod) bool { + if live == nil { return true } @@ -714,17 +715,42 @@ func (m *appStateManager) isSelfReferencedObj(obj *unstructured.Unstructured, ap return true } - // In order for us to assume obj to be managed by this application, the - // values from the annotation have to match the properties from the live - // object. Cluster scoped objects carry the app's destination namespace - // in the tracking annotation, but are unique in GVK + name combination. - appInstance := m.resourceTracking.GetAppInstance(obj, appLabelKey, trackingMethod) + // config != nil is the best-case scenario for constructing an accurate + // Tracking ID. `config` is the "desired state" (from git/helm/etc.). + // Using the desired state is important when there is an ApiGroup upgrade. + // When upgrading, the comparison must be made with the new tracking ID. + // Example: + // live resource annotation will be: + // ingress-app:extensions/Ingress:default/some-ingress + // when it should be: + // ingress-app:networking.k8s.io/Ingress:default/some-ingress + // More details in: https://github.com/argoproj/argo-cd/pull/11012 + var aiv argo.AppInstanceValue + if config != nil { + aiv = argo.UnstructuredToAppInstanceValue(config, appName, "") + return isSelfReferencedObj(live, aiv) + } + + // If config is nil then compare the live resource with the value + // of the annotation. In this case, in order to validate if obj is + // managed by this application, the values from the annotation have + // to match the properties from the live object. Cluster scoped objects + // carry the app's destination namespace in the tracking annotation, + // but are unique in GVK + name combination. + appInstance := m.resourceTracking.GetAppInstance(live, appLabelKey, trackingMethod) if appInstance != nil { - return (obj.GetNamespace() == appInstance.Namespace || obj.GetNamespace() == "") && - obj.GetName() == appInstance.Name && - obj.GetObjectKind().GroupVersionKind().Group == appInstance.Group && - obj.GetObjectKind().GroupVersionKind().Kind == appInstance.Kind + return isSelfReferencedObj(live, *appInstance) } - return true } + +// isSelfReferencedObj returns true if the given Tracking ID (`aiv`) matches +// the given object. It returns false when the ID doesn't match. This sometimes +// happens when a tracking label or annotation gets accidentally copied to a +// different resource. +func isSelfReferencedObj(obj *unstructured.Unstructured, aiv argo.AppInstanceValue) bool { + return (obj.GetNamespace() == aiv.Namespace || obj.GetNamespace() == "") && + obj.GetName() == aiv.Name && + obj.GetObjectKind().GroupVersionKind().Group == aiv.Group && + obj.GetObjectKind().GroupVersionKind().Kind == aiv.Kind +} diff --git a/controller/state_test.go b/controller/state_test.go index 055dc2f72e007..7d577ea1cb82d 100644 --- a/controller/state_test.go +++ b/controller/state_test.go @@ -13,6 +13,7 @@ import ( "github.com/stretchr/testify/assert" v1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" + networkingv1 "k8s.io/api/networking/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/runtime" @@ -852,6 +853,19 @@ func TestIsLiveResourceManaged(t *testing.T) { }, }, }) + managedWrongAPIGroup := kube.MustToUnstructured(&networkingv1.Ingress{ + TypeMeta: metav1.TypeMeta{ + APIVersion: "networking.k8s.io/v1", + Kind: "Ingress", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "some-ingress", + Namespace: "default", + Annotations: map[string]string{ + common.AnnotationKeyAppInstance: "guestbook:extensions/Ingress:default/some-ingress", + }, + }, + }) ctrl := newFakeController(&fakeData{ apps: []runtime.Object{app, &defaultProj}, manifestResponse: &apiclient.ManifestResponse{ @@ -870,30 +884,69 @@ func TestIsLiveResourceManaged(t *testing.T) { }) manager := ctrl.appStateManager.(*appStateManager) + appName := "guestbook" + + t.Run("will return true if trackingid matches the resource", func(t *testing.T) { + // given + t.Parallel() + configObj := managedObj.DeepCopy() - // Managed resource w/ annotations - assert.True(t, manager.isSelfReferencedObj(managedObj, common.AnnotationKeyAppInstance, argo.TrackingMethodLabel)) - assert.True(t, manager.isSelfReferencedObj(managedObj, common.AnnotationKeyAppInstance, argo.TrackingMethodAnnotation)) + // then + assert.True(t, manager.isSelfReferencedObj(managedObj, configObj, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodLabel)) + assert.True(t, manager.isSelfReferencedObj(managedObj, configObj, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodAnnotation)) + }) + t.Run("will return true if tracked with label", func(t *testing.T) { + // given + t.Parallel() + configObj := managedObjWithLabel.DeepCopy() - // Managed resource w/ label - assert.True(t, manager.isSelfReferencedObj(managedObjWithLabel, common.AnnotationKeyAppInstance, argo.TrackingMethodLabel)) + // then + assert.True(t, manager.isSelfReferencedObj(managedObjWithLabel, configObj, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodLabel)) + }) + t.Run("will handle if trackingId has wrong resource name and config is nil", func(t *testing.T) { + // given + t.Parallel() - // Wrong resource name - assert.True(t, manager.isSelfReferencedObj(unmanagedObjWrongName, common.AnnotationKeyAppInstance, argo.TrackingMethodLabel)) - assert.False(t, manager.isSelfReferencedObj(unmanagedObjWrongName, common.AnnotationKeyAppInstance, argo.TrackingMethodAnnotation)) + // then + assert.True(t, manager.isSelfReferencedObj(unmanagedObjWrongName, nil, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodLabel)) + assert.False(t, manager.isSelfReferencedObj(unmanagedObjWrongName, nil, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodAnnotation)) + }) + t.Run("will handle if trackingId has wrong resource group and config is nil", func(t *testing.T) { + // given + t.Parallel() - // Wrong resource group - assert.True(t, manager.isSelfReferencedObj(unmanagedObjWrongGroup, common.AnnotationKeyAppInstance, argo.TrackingMethodLabel)) - assert.False(t, manager.isSelfReferencedObj(unmanagedObjWrongGroup, common.AnnotationKeyAppInstance, argo.TrackingMethodAnnotation)) + // then + assert.True(t, manager.isSelfReferencedObj(unmanagedObjWrongGroup, nil, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodLabel)) + assert.False(t, manager.isSelfReferencedObj(unmanagedObjWrongGroup, nil, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodAnnotation)) + }) + t.Run("will handle if trackingId has wrong kind and config is nil", func(t *testing.T) { + // given + t.Parallel() - // Wrong resource kind - assert.True(t, manager.isSelfReferencedObj(unmanagedObjWrongKind, common.AnnotationKeyAppInstance, argo.TrackingMethodLabel)) - assert.False(t, manager.isSelfReferencedObj(unmanagedObjWrongKind, common.AnnotationKeyAppInstance, argo.TrackingMethodAnnotation)) + // then + assert.True(t, manager.isSelfReferencedObj(unmanagedObjWrongKind, nil, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodLabel)) + assert.False(t, manager.isSelfReferencedObj(unmanagedObjWrongKind, nil, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodAnnotation)) + }) + t.Run("will handle if trackingId has wrong namespace and config is nil", func(t *testing.T) { + // given + t.Parallel() - // Wrong resource namespace - assert.True(t, manager.isSelfReferencedObj(unmanagedObjWrongNamespace, common.AnnotationKeyAppInstance, argo.TrackingMethodLabel)) - assert.False(t, manager.isSelfReferencedObj(unmanagedObjWrongNamespace, common.AnnotationKeyAppInstance, argo.TrackingMethodAnnotationAndLabel)) + // then + assert.True(t, manager.isSelfReferencedObj(unmanagedObjWrongNamespace, nil, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodLabel)) + assert.False(t, manager.isSelfReferencedObj(unmanagedObjWrongNamespace, nil, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodAnnotationAndLabel)) + }) + t.Run("will return true if live is nil", func(t *testing.T) { + t.Parallel() + assert.True(t, manager.isSelfReferencedObj(nil, nil, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodAnnotation)) + }) - // Nil resource - assert.True(t, manager.isSelfReferencedObj(nil, common.AnnotationKeyAppInstance, argo.TrackingMethodAnnotation)) + t.Run("will handle upgrade in desired state APIGroup", func(t *testing.T) { + // given + t.Parallel() + config := managedWrongAPIGroup.DeepCopy() + delete(config.GetAnnotations(), common.AnnotationKeyAppInstance) + + // then + assert.True(t, manager.isSelfReferencedObj(managedWrongAPIGroup, config, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodAnnotation)) + }) } diff --git a/controller/sync.go b/controller/sync.go index 7c7cd1108c4a6..5f597495cee0a 100644 --- a/controller/sync.go +++ b/controller/sync.go @@ -246,7 +246,7 @@ func (m *appStateManager) SyncAppState(app *v1alpha1.Application, state *v1alpha sync.WithResourcesFilter(func(key kube.ResourceKey, target *unstructured.Unstructured, live *unstructured.Unstructured) bool { return (len(syncOp.Resources) == 0 || argo.ContainsSyncResource(key.Name, key.Namespace, schema.GroupVersionKind{Kind: key.Kind, Group: key.Group}, syncOp.Resources)) && - m.isSelfReferencedObj(live, appLabelKey, trackingMethod) + m.isSelfReferencedObj(live, target, app.GetName(), appLabelKey, trackingMethod) }), sync.WithManifestValidation(!syncOp.SyncOptions.HasOption(common.SyncOptionsDisableValidation)), sync.WithNamespaceCreation(syncOp.SyncOptions.HasOption("CreateNamespace=true"), func(un *unstructured.Unstructured) bool { diff --git a/util/argo/diff/diff.go b/util/argo/diff/diff.go index ad339cde744ff..59f878036c361 100644 --- a/util/argo/diff/diff.go +++ b/util/argo/diff/diff.go @@ -334,7 +334,7 @@ func (c *diffConfig) DiffFromCache(appName string) (bool, []*appv1.ResourceDiff) } // preDiffNormalize applies the normalization of live and target resources before invoking -// the diff. None of the attributes in the preDiffNormalizeParams will be modified. +// the diff. None of the attributes in the lives and targets params will be modified. func preDiffNormalize(lives, targets []*unstructured.Unstructured, diffConfig DiffConfig) (*NormalizationResult, error) { if diffConfig == nil { return nil, fmt.Errorf("preDiffNormalize error: diffConfig can not be nil") diff --git a/util/argo/resource_tracking.go b/util/argo/resource_tracking.go index 1741bf413d05d..53659115e8b10 100644 --- a/util/argo/resource_tracking.go +++ b/util/argo/resource_tracking.go @@ -4,17 +4,12 @@ import ( "fmt" "strings" - "github.com/argoproj/gitops-engine/pkg/utils/kube" - "github.com/argoproj/argo-cd/v2/common" - - "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" - - "github.com/argoproj/argo-cd/v2/util/settings" - "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" - + "github.com/argoproj/argo-cd/v2/util/kube" argokube "github.com/argoproj/argo-cd/v2/util/kube" + "github.com/argoproj/argo-cd/v2/util/settings" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" ) const ( @@ -107,21 +102,29 @@ func (rt *resourceTracking) GetAppInstance(un *unstructured.Unstructured, key st } } +// UnstructuredToAppInstanceValue will build the AppInstanceValue based +// on the provided unstructured. The given namespace works as a default +// value if the resource's namespace is not defined. It should be the +// Application's target destination namespace. +func UnstructuredToAppInstanceValue(un *unstructured.Unstructured, appName, namespace string) AppInstanceValue { + ns := un.GetNamespace() + if ns == "" { + ns = namespace + } + gvk := un.GetObjectKind().GroupVersionKind() + return AppInstanceValue{ + ApplicationName: appName, + Group: gvk.Group, + Kind: gvk.Kind, + Namespace: ns, + Name: un.GetName(), + } +} + // SetAppInstance set label/annotation base on tracking method func (rt *resourceTracking) SetAppInstance(un *unstructured.Unstructured, key, val, namespace string, trackingMethod v1alpha1.TrackingMethod) error { setAppInstanceAnnotation := func() error { - ns := un.GetNamespace() - if ns == "" { - ns = namespace - } - gvk := un.GetObjectKind().GroupVersionKind() - appInstanceValue := AppInstanceValue{ - ApplicationName: val, - Group: gvk.Group, - Kind: gvk.Kind, - Namespace: ns, - Name: un.GetName(), - } + appInstanceValue := UnstructuredToAppInstanceValue(un, val, namespace) return argokube.SetAppInstanceAnnotation(un, common.AnnotationKeyAppInstance, rt.BuildAppInstanceValue(appInstanceValue)) } switch trackingMethod { From ed4d7c55d3661d675be2ddca1602ad30f77e8273 Mon Sep 17 00:00:00 2001 From: Saumeya Katyal Date: Fri, 4 Nov 2022 02:09:53 +0530 Subject: [PATCH 019/304] docs: add ui banner options in docs (#10907) Signed-off-by: saumeya Signed-off-by: saumeya Signed-off-by: emirot --- docs/operator-manual/custom-styles.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/operator-manual/custom-styles.md b/docs/operator-manual/custom-styles.md index e58824622c5f0..21fa79efeeb2f 100644 --- a/docs/operator-manual/custom-styles.md +++ b/docs/operator-manual/custom-styles.md @@ -100,7 +100,7 @@ experience, you may wish to build a separate project using the [Argo CD UI dev s ## Banners -Argo CD can optionally display a banner that can be used to notify your users of upcoming maintenance and operational changes. This feature can be enabled by specifying the banner message using the `ui.bannercontent` field in the `argocd-cm` ConfigMap and Argo CD will display this message at the top of every UI page. You can optionally add a link to this message by setting `ui.bannerurl`. +Argo CD can optionally display a banner that can be used to notify your users of upcoming maintenance and operational changes. This feature can be enabled by specifying the banner message using the `ui.bannercontent` field in the `argocd-cm` ConfigMap and Argo CD will display this message at the top of every UI page. You can optionally add a link to this message by setting `ui.bannerurl`. You can also make the banner sticky (permanent) by setting `ui.bannerpermanent` to `true` and change it's position to the bottom by using `ui.bannerposition: "bottom"` ### argocd-cm ```yaml @@ -113,6 +113,8 @@ metadata: data: ui.bannercontent: "Banner message linked to a URL" ui.bannerurl: "www.bannerlink.com" + ui.bannerpermanent: "true" + ui.bannerposition: "bottom" ``` ![banner with link](../assets/banner.png) From daea06227b3392f3469582dad4428af8f83ac83a Mon Sep 17 00:00:00 2001 From: Hariharasuthan99 Date: Fri, 4 Nov 2022 02:38:48 +0530 Subject: [PATCH 020/304] chore: Add Amadeus to user list (#11177) Co-authored-by: hraajeshwar Signed-off-by: emirot --- USERS.md | 1 + 1 file changed, 1 insertion(+) diff --git a/USERS.md b/USERS.md index 7aa76abf45ba0..644494d5b46cd 100644 --- a/USERS.md +++ b/USERS.md @@ -15,6 +15,7 @@ Currently, the following organizations are **officially** using Argo CD: 1. [Akuity](https://akuity.io/) 1. [Alibaba Group](https://www.alibabagroup.com/) 1. [Allianz Direct](https://www.allianzdirect.de/) +1. [Amadeus IT Group](https://amadeus.com/) 1. [Ambassador Labs](https://www.getambassador.io/) 1. [ANSTO - Australian Synchrotron](https://www.synchrotron.org.au/) 1. [Ant Group](https://www.antgroup.com/) From 37b303caaabc1967039d913052cb6074cb6180f6 Mon Sep 17 00:00:00 2001 From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Date: Thu, 3 Nov 2022 19:17:04 -0400 Subject: [PATCH 021/304] fix: templating keys in ApplicationSet (#11076) (#11163) Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: emirot --- applicationset/utils/utils.go | 10 +++++++ applicationset/utils/utils_test.go | 43 ++++++++++++++++++++++++++++++ 2 files changed, 53 insertions(+) diff --git a/applicationset/utils/utils.go b/applicationset/utils/utils.go index 6883a2b7c1121..f729b6afb6274 100644 --- a/applicationset/utils/utils.go +++ b/applicationset/utils/utils.go @@ -133,6 +133,16 @@ func (r *Render) deeplyReplace(copy, original reflect.Value, replaceMap map[stri if err := r.deeplyReplace(copyValue, originalValue, replaceMap, useGoTemplate); err != nil { return err } + + // Keys can be templated as well as values (e.g. to template something into an annotation). + if key.Kind() == reflect.String { + templatedKey, err := r.Replace(key.String(), replaceMap, useGoTemplate) + if err != nil { + return err + } + key = reflect.ValueOf(templatedKey) + } + copy.SetMapIndex(key, copyValue) } diff --git a/applicationset/utils/utils_test.go b/applicationset/utils/utils_test.go index 3ee1d431b1a48..38c6aee2bf1f1 100644 --- a/applicationset/utils/utils_test.go +++ b/applicationset/utils/utils_test.go @@ -7,6 +7,7 @@ import ( "github.com/sirupsen/logrus" logtest "github.com/sirupsen/logrus/hooks/test" "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/types" @@ -461,7 +462,49 @@ func TestRenderTemplateParamsGoTemplate(t *testing.T) { } }) } +} + +func TestRenderTemplateKeys(t *testing.T) { + t.Run("fasttemplate", func(t *testing.T) { + application := &argoappsv1.Application{ + ObjectMeta: metav1.ObjectMeta{ + Annotations: map[string]string{ + "annotation-{{key}}": "annotation-{{value}}", + }, + }, + } + + params := map[string]interface{}{ + "key": "some-key", + "value": "some-value", + } + + render := Render{} + newApplication, err := render.RenderTemplateParams(application, nil, params, false) + require.NoError(t, err) + require.Contains(t, newApplication.ObjectMeta.Annotations, "annotation-some-key") + assert.Equal(t, newApplication.ObjectMeta.Annotations["annotation-some-key"], "annotation-some-value") + }) + t.Run("gotemplate", func(t *testing.T) { + application := &argoappsv1.Application{ + ObjectMeta: metav1.ObjectMeta{ + Annotations: map[string]string{ + "annotation-{{ .key }}": "annotation-{{ .value }}", + }, + }, + } + + params := map[string]interface{}{ + "key": "some-key", + "value": "some-value", + } + render := Render{} + newApplication, err := render.RenderTemplateParams(application, nil, params, true) + require.NoError(t, err) + require.Contains(t, newApplication.ObjectMeta.Annotations, "annotation-some-key") + assert.Equal(t, newApplication.ObjectMeta.Annotations["annotation-some-key"], "annotation-some-value") + }) } func TestRenderTemplateParamsFinalizers(t *testing.T) { From 2162574a399e9f8a52808f8df07766ac3d3858e6 Mon Sep 17 00:00:00 2001 From: Artur Rodrigues Date: Fri, 4 Nov 2022 00:30:50 +0000 Subject: [PATCH 022/304] chore: add debug logs around CMP manifest generation (#11185) * docs: note one single CMP per app Signed-off-by: Artur Rodrigues * cmp: debug logs around manifest handling Signed-off-by: Artur Rodrigues Signed-off-by: Artur Rodrigues Signed-off-by: emirot --- cmpserver/plugin/plugin.go | 5 +++++ docs/user-guide/config-management-plugins.md | 11 +++++++++++ reposerver/repository/repository.go | 5 +++++ 3 files changed, 21 insertions(+) diff --git a/cmpserver/plugin/plugin.go b/cmpserver/plugin/plugin.go index 899312f8a81f1..7ade241b9f069 100644 --- a/cmpserver/plugin/plugin.go +++ b/cmpserver/plugin/plugin.go @@ -203,6 +203,11 @@ func (s *Service) generateManifest(ctx context.Context, appDir string, envEntrie manifests, err := kube.SplitYAMLToString([]byte(out)) if err != nil { + sanitizedManifests := manifests + if len(sanitizedManifests) > 1000 { + sanitizedManifests = manifests[:1000] + } + log.Debugf("Failed to split generated manifests. Beginning of generated manifests: %q", sanitizedManifests) return &apiclient.ManifestResponse{}, err } diff --git a/docs/user-guide/config-management-plugins.md b/docs/user-guide/config-management-plugins.md index c9bc639d72353..dc9a11e6a6f6a 100644 --- a/docs/user-guide/config-management-plugins.md +++ b/docs/user-guide/config-management-plugins.md @@ -63,6 +63,10 @@ metadata: name: cmp-plugin spec: version: v1.0 + init: + # Init always happens immediately before generate, but its output is not treated as manifests. + # This is a good place to, for example, download chart dependencies. + command: [sh, -c, 'echo "Initializing..."'] generate: command: [sh, -c, 'echo "{\"kind\": \"ConfigMap\", \"apiVersion\": \"v1\", \"metadata\": { \"name\": \"$ARGOCD_APP_NAME\", \"namespace\": \"$ARGOCD_APP_NAMESPACE\", \"annotations\": {\"Foo\": \"$FOO\", \"KubeVersion\": \"$KUBE_VERSION\", \"KubeApiVersion\": \"$KUBE_API_VERSIONS\",\"Bar\": \"baz\"}}}"'] discover: @@ -110,6 +114,8 @@ data: name: cmp-plugin spec: version: v1.0 + init: + command: [sh, -c, 'echo "Initializing..."'] generate: command: [sh, -c, 'echo "{\"kind\": \"ConfigMap\", \"apiVersion\": \"v1\", \"metadata\": { \"name\": \"$ARGOCD_APP_NAME\", \"namespace\": \"$ARGOCD_APP_NAMESPACE\", \"annotations\": {\"Foo\": \"$FOO\", \"KubeVersion\": \"$KUBE_VERSION\", \"KubeApiVersion\": \"$KUBE_API_VERSIONS\",\"Bar\": \"baz\"}}}"'] discover: @@ -231,6 +237,11 @@ If you don't need to set any environment variables, you can set an empty plugin is 90s. So if you increase the repo server timeout greater than 90s, be sure to set `ARGOCD_EXEC_TIMEOUT` on the sidecar. +!!! note + Each Application can only have one config management plugin configured at a time. If you're converting an existing + plugin configured through the `argocd-cm` ConfigMap to a sidecar, make sure the discovery mechanism only returns + true for Applications that have had their `name` field in the `plugin` section of their spec removed. + ## Plugin tar stream exclusions In order to increase the speed of manifest generation, certain files and folders can be excluded from being sent to your diff --git a/reposerver/repository/repository.go b/reposerver/repository/repository.go index d22a23892f869..6e8fa34d6052a 100644 --- a/reposerver/repository/repository.go +++ b/reposerver/repository/repository.go @@ -1635,6 +1635,11 @@ func runConfigManagementPluginSidecars(ctx context.Context, appPath, repoPath st for _, manifestString := range cmpManifests.Manifests { manifestObjs, err := kube.SplitYAML([]byte(manifestString)) if err != nil { + sanitizedManifestString := manifestString + if len(manifestString) > 1000 { + sanitizedManifestString = sanitizedManifestString[:1000] + } + log.Debugf("Failed to convert generated manifests. Beginning of generated manifests: %q", sanitizedManifestString) return nil, fmt.Errorf("failed to convert CMP manifests to unstructured objects: %s", err.Error()) } manifests = append(manifests, manifestObjs...) From ed7f7b6aabc3684d026eb7426188a4badf8d8886 Mon Sep 17 00:00:00 2001 From: balajisa <50614674+balajisa09@users.noreply.github.com> Date: Fri, 4 Nov 2022 18:13:21 +0530 Subject: [PATCH 023/304] docs(user-guide): Add doc for import argocd packages (#11041) (#11096) * Add doc for argocd pkg import Signed-off-by: balajisa09 * Update docs/user-guide/import.md Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: balajisa <50614674+balajisa09@users.noreply.github.com> * Add detailed solution Signed-off-by: balajisa09 * Update suggestions Signed-off-by: balajisa09 * Update docs/user-guide/import.md Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: balajisa <50614674+balajisa09@users.noreply.github.com> * Update docs/user-guide/import.md Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: balajisa <50614674+balajisa09@users.noreply.github.com> * Update docs/user-guide/import.md Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: balajisa <50614674+balajisa09@users.noreply.github.com> * Update docs/user-guide/import.md Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: balajisa <50614674+balajisa09@users.noreply.github.com> * Update docs/user-guide/import.md Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * fix code block Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: balajisa09 Signed-off-by: balajisa <50614674+balajisa09@users.noreply.github.com> Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Co-authored-by: balajisa09 Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: emirot --- docs/user-guide/import.md | 55 +++++++++++++++++++++++++++++++++++++++ mkdocs.yml | 1 + 2 files changed, 56 insertions(+) create mode 100644 docs/user-guide/import.md diff --git a/docs/user-guide/import.md b/docs/user-guide/import.md new file mode 100644 index 0000000000000..56d88db197f84 --- /dev/null +++ b/docs/user-guide/import.md @@ -0,0 +1,55 @@ +# Importing Argo CD go packages + +## Issue + +When importing Argo CD packages in your own projects, you may face some errors when downloading the dependencies, such as "unknown revision v0.0.0". This is because Argo CD directly depends on some Kubernetes packages which have these unknown v0.0.0 versions in their go.mod. + +## Solution + +Add a replace section in your own go.mod as same as the replace section of the corresponding Argo CD version's go.mod. In order to find the go.mod for a specific version, navigate to the [Argo CD repository](https://github.com/argoproj/argo-cd/) and click on the switch branches/tags dropdown to select the version you are looking for. Now you can view the go.mod file for a specific version along with all other files. + +## Example + +If you are using Argo CD v2.4.15, your go.mod should contain the following: + +``` +replace ( + // https://github.com/golang/go/issues/33546#issuecomment-519656923 + github.com/go-check/check => github.com/go-check/check v0.0.0-20180628173108-788fd7840127 + + github.com/golang/protobuf => github.com/golang/protobuf v1.4.2 + github.com/gorilla/websocket => github.com/gorilla/websocket v1.4.2 + github.com/grpc-ecosystem/grpc-gateway => github.com/grpc-ecosystem/grpc-gateway v1.16.0 + github.com/improbable-eng/grpc-web => github.com/improbable-eng/grpc-web v0.0.0-20181111100011-16092bd1d58a + + // Avoid CVE-2022-28948 + gopkg.in/yaml.v3 => gopkg.in/yaml.v3 v3.0.1 + + // https://github.com/kubernetes/kubernetes/issues/79384#issuecomment-505627280 + k8s.io/api => k8s.io/api v0.23.1 + k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.23.1 + k8s.io/apimachinery => k8s.io/apimachinery v0.23.1 + k8s.io/apiserver => k8s.io/apiserver v0.23.1 + k8s.io/cli-runtime => k8s.io/cli-runtime v0.23.1 + k8s.io/client-go => k8s.io/client-go v0.23.1 + k8s.io/cloud-provider => k8s.io/cloud-provider v0.23.1 + k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.23.1 + k8s.io/code-generator => k8s.io/code-generator v0.23.1 + k8s.io/component-base => k8s.io/component-base v0.23.1 + k8s.io/component-helpers => k8s.io/component-helpers v0.23.1 + k8s.io/controller-manager => k8s.io/controller-manager v0.23.1 + k8s.io/cri-api => k8s.io/cri-api v0.23.1 + k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.23.1 + k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.23.1 + k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.23.1 + k8s.io/kube-proxy => k8s.io/kube-proxy v0.23.1 + k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.23.1 + k8s.io/kubectl => k8s.io/kubectl v0.23.1 + k8s.io/kubelet => k8s.io/kubelet v0.23.1 + k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.23.1 + k8s.io/metrics => k8s.io/metrics v0.23.1 + k8s.io/mount-utils => k8s.io/mount-utils v0.23.1 + k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.23.1 + k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.23.1 +) +``` diff --git a/mkdocs.yml b/mkdocs.yml index 8f4a19ddb38fd..35116f848eb77 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -124,6 +124,7 @@ nav: - user-guide/application_sources.md - user-guide/kustomize.md - user-guide/helm.md + - user-guide/import.md - user-guide/jsonnet.md - user-guide/directory.md - user-guide/config-management-plugins.md From bafebe99ba45c1907f475a6b853ae0075d288b54 Mon Sep 17 00:00:00 2001 From: Blake Pettersson Date: Fri, 4 Nov 2022 13:59:16 +0100 Subject: [PATCH 024/304] feat: enable metadata to be set on namespaces (#10672) * namespace labels Signed-off-by: pashavictorovich * create namespace should support annotations Signed-off-by: pashavictorovich * handle also modification hook Signed-off-by: pashavictorovich * regenerate entity on modify hook Signed-off-by: pashavictorovich * manifests Signed-off-by: pashavictorovich * feat: enable metadata to be set on namespaces This builds upon the work that @pasha-codefresh did in #10288. The main differences between this PR and the previous one is that we use SSA to diff between different versions of the namespace, as well as having a slightly different API in gitops-engine for setting the namespace modifier. We now also set the ownership of the namespace in ArgoCD. Closes #4628 Closes #6215 Closes #7799 Signed-off-by: Blake Pettersson * fix: don't always track namespaces For now, only allow namespaces managed with `managedNamespaceMetadata` to have tracking set by Argo. Ideally we'd like new namespaces to also be tracked by Argo, but there's currently an issue with a failing integration test. Also wrap error message if setting the app instance errors on the namespace. Signed-off-by: Blake Pettersson * fix: always return true with `hasManagedMetadata` If `hasManagedMetadata` is set, `true` should always be returned. Signed-off-by: Blake Pettersson * docs: add clarifying docs on resource tracking Signed-off-by: Blake Pettersson * style: pr tweaks Signed-off-by: Blake Pettersson * fix: re-add label unsetting Signed-off-by: Blake Pettersson * Update gitops-engine to current master Signed-off-by: Leonardo Luz Almeida Signed-off-by: pashavictorovich Signed-off-by: Blake Pettersson Signed-off-by: Leonardo Luz Almeida Co-authored-by: pashavictorovich Co-authored-by: Leonardo Luz Almeida Signed-off-by: emirot --- assets/swagger.json | 20 + controller/sync.go | 33 +- controller/sync_namespace.go | 51 + controller/sync_namespace_test.go | 284 +++ docs/operator-manual/application.yaml | 9 + docs/user-guide/sync-options.md | 132 +- go.mod | 2 +- go.sum | 4 +- hack/generate-proto.sh | 33 +- manifests/core-install.yaml | 244 +++ manifests/crds/application-crd.yaml | 13 + manifests/crds/applicationset-crd.yaml | 231 ++ manifests/ha/install.yaml | 244 +++ manifests/install.yaml | 244 +++ pkg/apis/application/v1alpha1/generated.pb.go | 1896 +++++++++++------ pkg/apis/application/v1alpha1/generated.proto | 9 + .../application/v1alpha1/openapi_generated.go | 51 +- pkg/apis/application/v1alpha1/types.go | 7 + .../v1alpha1/zz_generated.deepcopy.go | 35 + test/e2e/app_management_ns_test.go | 312 ++- test/e2e/fixture/app/expectation.go | 30 + .../guestbook-ui-deployment.yaml | 23 + .../guestbook-ui-namespace.yaml | 9 + .../guestbook-ui-svc.yaml | 10 + .../kustomization.yaml | 7 + 25 files changed, 3198 insertions(+), 735 deletions(-) create mode 100644 controller/sync_namespace.go create mode 100644 controller/sync_namespace_test.go create mode 100644 test/e2e/testdata/guestbook-with-namespace-manifest/guestbook-ui-deployment.yaml create mode 100644 test/e2e/testdata/guestbook-with-namespace-manifest/guestbook-ui-namespace.yaml create mode 100644 test/e2e/testdata/guestbook-with-namespace-manifest/guestbook-ui-svc.yaml create mode 100644 test/e2e/testdata/guestbook-with-namespace-manifest/kustomization.yaml diff --git a/assets/swagger.json b/assets/swagger.json index 942efa3692423..4046f83600425 100644 --- a/assets/swagger.json +++ b/assets/swagger.json @@ -6544,6 +6544,23 @@ } } }, + "v1alpha1ManagedNamespaceMetadata": { + "type": "object", + "properties": { + "annotations": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "labels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + } + }, "v1alpha1MatrixGenerator": { "description": "MatrixGenerator generates the cartesian product of two sets of parameters. The parameters are defined by two nested\ngenerators.", "type": "object", @@ -7827,6 +7844,9 @@ "automated": { "$ref": "#/definitions/v1alpha1SyncPolicyAutomated" }, + "managedNamespaceMetadata": { + "$ref": "#/definitions/v1alpha1ManagedNamespaceMetadata" + }, "retry": { "$ref": "#/definitions/v1alpha1RetryStrategy" }, diff --git a/controller/sync.go b/controller/sync.go index 5f597495cee0a..1c592f5c0a733 100644 --- a/controller/sync.go +++ b/controller/sync.go @@ -4,6 +4,7 @@ import ( "context" "encoding/json" "fmt" + cdcommon "github.com/argoproj/argo-cd/v2/common" "os" "strconv" "sync/atomic" @@ -20,7 +21,6 @@ import ( "k8s.io/apimachinery/pkg/util/managedfields" "k8s.io/kubectl/pkg/util/openapi" - cdcommon "github.com/argoproj/argo-cd/v2/common" "github.com/argoproj/argo-cd/v2/controller/metrics" "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" listersv1alpha1 "github.com/argoproj/argo-cd/v2/pkg/client/listers/application/v1alpha1" @@ -212,14 +212,7 @@ func (m *appStateManager) SyncAppState(app *v1alpha1.Application, state *v1alpha } trackingMethod := argo.GetTrackingMethod(m.settingsMgr) - syncCtx, cleanup, err := sync.NewSyncContext( - compareResult.syncStatus.Revision, - reconciliationResult, - restConfig, - rawConfig, - m.kubectl, - app.Spec.Destination.Namespace, - openAPISchema, + opts := []sync.SyncOpt{ sync.WithLogr(logutils.NewLogrusLogger(logEntry)), sync.WithHealthOverride(lua.ResourceHealthOverrides(resourceOverrides)), sync.WithPermissionValidator(func(un *unstructured.Unstructured, res *v1.APIResource) error { @@ -249,13 +242,6 @@ func (m *appStateManager) SyncAppState(app *v1alpha1.Application, state *v1alpha m.isSelfReferencedObj(live, target, app.GetName(), appLabelKey, trackingMethod) }), sync.WithManifestValidation(!syncOp.SyncOptions.HasOption(common.SyncOptionsDisableValidation)), - sync.WithNamespaceCreation(syncOp.SyncOptions.HasOption("CreateNamespace=true"), func(un *unstructured.Unstructured) bool { - if un != nil && kube.GetAppInstanceLabel(un, cdcommon.LabelKeyAppInstance) != "" { - kube.UnsetLabel(un, cdcommon.LabelKeyAppInstance) - return true - } - return false - }), sync.WithSyncWaveHook(delayBetweenSyncWaves), sync.WithPruneLast(syncOp.SyncOptions.HasOption(common.SyncOptionPruneLast)), sync.WithResourceModificationChecker(syncOp.SyncOptions.HasOption("ApplyOutOfSyncOnly=true"), compareResult.diffResultList), @@ -263,6 +249,21 @@ func (m *appStateManager) SyncAppState(app *v1alpha1.Application, state *v1alpha sync.WithReplace(syncOp.SyncOptions.HasOption(common.SyncOptionReplace)), sync.WithServerSideApply(syncOp.SyncOptions.HasOption(common.SyncOptionServerSideApply)), sync.WithServerSideApplyManager(cdcommon.ArgoCDSSAManager), + } + + if syncOp.SyncOptions.HasOption("CreateNamespace=true") { + opts = append(opts, sync.WithNamespaceModifier(syncNamespace(m.resourceTracking, appLabelKey, trackingMethod, app.Name, app.Spec.SyncPolicy))) + } + + syncCtx, cleanup, err := sync.NewSyncContext( + compareResult.syncStatus.Revision, + reconciliationResult, + restConfig, + rawConfig, + m.kubectl, + app.Spec.Destination.Namespace, + openAPISchema, + opts..., ) if err != nil { diff --git a/controller/sync_namespace.go b/controller/sync_namespace.go new file mode 100644 index 0000000000000..b96dd4421b3c2 --- /dev/null +++ b/controller/sync_namespace.go @@ -0,0 +1,51 @@ +package controller + +import ( + "fmt" + cdcommon "github.com/argoproj/argo-cd/v2/common" + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" + "github.com/argoproj/argo-cd/v2/util/argo" + gitopscommon "github.com/argoproj/gitops-engine/pkg/sync/common" + "github.com/argoproj/gitops-engine/pkg/utils/kube" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" +) + +func syncNamespace(resourceTracking argo.ResourceTracking, appLabelKey string, trackingMethod v1alpha1.TrackingMethod, appName string, syncPolicy *v1alpha1.SyncPolicy) func(un *unstructured.Unstructured) (bool, error) { + return func(liveNs *unstructured.Unstructured) (bool, error) { + if liveNs != nil && kube.GetAppInstanceLabel(liveNs, cdcommon.LabelKeyAppInstance) != "" { + kube.UnsetLabel(liveNs, cdcommon.LabelKeyAppInstance) + return true, nil + } + + isNewNamespace := liveNs != nil && liveNs.GetUID() == "" && liveNs.GetResourceVersion() == "" + + if liveNs != nil && syncPolicy != nil { + // managedNamespaceMetadata relies on SSA, and since the diffs are computed by the k8s control plane we + // always need to call the k8s api server, so we'll always need to return true if managedNamespaceMetadata is set. + hasManagedMetadata := syncPolicy.ManagedNamespaceMetadata != nil + if hasManagedMetadata { + managedNamespaceMetadata := syncPolicy.ManagedNamespaceMetadata + liveNs.SetLabels(managedNamespaceMetadata.Labels) + liveNs.SetAnnotations(appendSSAAnnotation(managedNamespaceMetadata.Annotations)) + + err := resourceTracking.SetAppInstance(liveNs, appLabelKey, appName, "", trackingMethod) + if err != nil { + return false, fmt.Errorf("failed to set app instance tracking on the namespace %s: %s", liveNs.GetName(), err) + } + + return true, nil + } + } + + return isNewNamespace, nil + } +} + +func appendSSAAnnotation(in map[string]string) map[string]string { + r := map[string]string{} + for k, v := range in { + r[k] = v + } + r[gitopscommon.AnnotationSyncOptions] = gitopscommon.SyncOptionServerSideApply + return r +} diff --git a/controller/sync_namespace_test.go b/controller/sync_namespace_test.go new file mode 100644 index 0000000000000..9a8b7819220d7 --- /dev/null +++ b/controller/sync_namespace_test.go @@ -0,0 +1,284 @@ +package controller + +import ( + "errors" + "github.com/argoproj/argo-cd/v2/common" + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" + "github.com/argoproj/argo-cd/v2/util/argo" + "github.com/stretchr/testify/assert" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + "k8s.io/apimachinery/pkg/types" + "testing" +) + +type fakeResourceTracking struct { +} + +func (f fakeResourceTracking) GetAppName(un *unstructured.Unstructured, key string, trackingMethod v1alpha1.TrackingMethod) string { + panic("implement me") +} + +func (f fakeResourceTracking) GetAppInstance(un *unstructured.Unstructured, key string, trackingMethod v1alpha1.TrackingMethod) *argo.AppInstanceValue { + return nil +} + +func (f fakeResourceTracking) SetAppInstance(un *unstructured.Unstructured, key, val, namespace string, trackingMethod v1alpha1.TrackingMethod) error { + return errors.New("some error") +} + +func (f fakeResourceTracking) BuildAppInstanceValue(value argo.AppInstanceValue) string { + panic("implement me") +} + +func (f fakeResourceTracking) ParseAppInstanceValue(value string) (*argo.AppInstanceValue, error) { + panic("implement me") +} + +func (f fakeResourceTracking) Normalize(config, live *unstructured.Unstructured, labelKey, trackingMethod string) error { + panic("implement me") +} + +func createFakeNamespace(uid string, resourceVersion string, labels map[string]string, annotations map[string]string) *unstructured.Unstructured { + un := unstructured.Unstructured{} + un.SetUID(types.UID(uid)) + un.SetResourceVersion(resourceVersion) + un.SetLabels(labels) + un.SetAnnotations(annotations) + un.SetKind("Namespace") + un.SetName("some-namespace") + return &un +} + +func Test_shouldNamespaceSync(t *testing.T) { + tests := []struct { + name string + syncPolicy *v1alpha1.SyncPolicy + un *unstructured.Unstructured + expected bool + expectedLabels map[string]string + expectedAnnotations map[string]string + }{ + { + name: "un is nil and syncPolicy is nil", + expected: false, + un: nil, + syncPolicy: nil, + }, + { + name: "un is nil and syncPolicy is not nil", + expected: false, + un: nil, + syncPolicy: &v1alpha1.SyncPolicy{ + ManagedNamespaceMetadata: nil, + }, + }, + { + name: "un is nil and syncPolicy has labels and annotations", + expected: false, + un: nil, + expectedLabels: map[string]string{"my-cool-label": "some-value"}, + expectedAnnotations: map[string]string{"my-cool-annotation": "some-value"}, + syncPolicy: &v1alpha1.SyncPolicy{ + ManagedNamespaceMetadata: &v1alpha1.ManagedNamespaceMetadata{ + Labels: map[string]string{"my-cool-label": "some-value"}, + Annotations: map[string]string{"my-cool-annotation": "some-value"}, + }, + }, + }, + { + name: "namespace does not yet exist and managedNamespaceMetadata nil", + expected: true, + expectedLabels: map[string]string{}, + //expectedAnnotations: map[string]string{"argocd.argoproj.io/tracking-id": "some-app:/Namespace:/some-namespace"}, + expectedAnnotations: map[string]string{}, + un: createFakeNamespace("", "", map[string]string{}, map[string]string{}), + syncPolicy: &v1alpha1.SyncPolicy{ + ManagedNamespaceMetadata: nil, + }, + }, + { + name: "namespace does not yet exist and managedNamespaceMetadata not nil", + expected: true, + expectedAnnotations: map[string]string{"argocd.argoproj.io/tracking-id": "some-app:/Namespace:/some-namespace", "argocd.argoproj.io/sync-options": "ServerSideApply=true"}, + un: createFakeNamespace("", "", map[string]string{}, map[string]string{}), + syncPolicy: &v1alpha1.SyncPolicy{ + ManagedNamespaceMetadata: &v1alpha1.ManagedNamespaceMetadata{}, + }, + }, + { + name: "namespace does not yet exist and managedNamespaceMetadata has empty labels map", + expected: true, + expectedLabels: map[string]string{}, + expectedAnnotations: map[string]string{"argocd.argoproj.io/tracking-id": "some-app:/Namespace:/some-namespace", "argocd.argoproj.io/sync-options": "ServerSideApply=true"}, + un: createFakeNamespace("", "", map[string]string{}, map[string]string{}), + syncPolicy: &v1alpha1.SyncPolicy{ + ManagedNamespaceMetadata: &v1alpha1.ManagedNamespaceMetadata{ + Labels: map[string]string{}, + }, + }, + }, + { + name: "namespace does not yet exist and managedNamespaceMetadata has empty annotations map", + expected: true, + expectedAnnotations: map[string]string{"argocd.argoproj.io/tracking-id": "some-app:/Namespace:/some-namespace", "argocd.argoproj.io/sync-options": "ServerSideApply=true"}, + un: createFakeNamespace("", "", map[string]string{}, map[string]string{}), + syncPolicy: &v1alpha1.SyncPolicy{ + ManagedNamespaceMetadata: &v1alpha1.ManagedNamespaceMetadata{ + Annotations: map[string]string{}, + }, + }, + }, + { + name: "namespace does not yet exist and managedNamespaceMetadata has empty annotations and labels map", + expected: true, + expectedLabels: map[string]string{}, + expectedAnnotations: map[string]string{"argocd.argoproj.io/tracking-id": "some-app:/Namespace:/some-namespace", "argocd.argoproj.io/sync-options": "ServerSideApply=true"}, + un: createFakeNamespace("", "", map[string]string{}, map[string]string{}), + syncPolicy: &v1alpha1.SyncPolicy{ + ManagedNamespaceMetadata: &v1alpha1.ManagedNamespaceMetadata{ + Labels: map[string]string{}, + Annotations: map[string]string{}, + }, + }, + }, + { + name: "namespace does not yet exist and managedNamespaceMetadata has labels", + expected: true, + expectedLabels: map[string]string{"my-cool-label": "some-value"}, + expectedAnnotations: map[string]string{"argocd.argoproj.io/tracking-id": "some-app:/Namespace:/some-namespace", "argocd.argoproj.io/sync-options": "ServerSideApply=true"}, + un: createFakeNamespace("", "", map[string]string{}, map[string]string{}), + syncPolicy: &v1alpha1.SyncPolicy{ + ManagedNamespaceMetadata: &v1alpha1.ManagedNamespaceMetadata{ + Labels: map[string]string{"my-cool-label": "some-value"}, + Annotations: nil, + }, + }, + }, + { + name: "namespace does not yet exist and managedNamespaceMetadata has annotations", + expected: true, + expectedAnnotations: map[string]string{"my-cool-annotation": "some-value", "argocd.argoproj.io/tracking-id": "some-app:/Namespace:/some-namespace", "argocd.argoproj.io/sync-options": "ServerSideApply=true"}, + un: createFakeNamespace("", "", map[string]string{}, map[string]string{}), + syncPolicy: &v1alpha1.SyncPolicy{ + ManagedNamespaceMetadata: &v1alpha1.ManagedNamespaceMetadata{ + Labels: nil, + Annotations: map[string]string{"my-cool-annotation": "some-value"}, + }, + }, + }, + { + name: "namespace does not yet exist and managedNamespaceMetadata has annotations and labels", + expected: true, + expectedLabels: map[string]string{"my-cool-label": "some-value"}, + expectedAnnotations: map[string]string{"my-cool-annotation": "some-value", "argocd.argoproj.io/tracking-id": "some-app:/Namespace:/some-namespace", "argocd.argoproj.io/sync-options": "ServerSideApply=true"}, + un: createFakeNamespace("", "", map[string]string{}, map[string]string{}), + syncPolicy: &v1alpha1.SyncPolicy{ + ManagedNamespaceMetadata: &v1alpha1.ManagedNamespaceMetadata{ + Labels: map[string]string{"my-cool-label": "some-value"}, + Annotations: map[string]string{"my-cool-annotation": "some-value"}, + }, + }, + }, + { + name: "namespace exists with no labels or annotations and managedNamespaceMetadata has labels", + expected: true, + expectedLabels: map[string]string{"my-cool-label": "some-value"}, + expectedAnnotations: map[string]string{"argocd.argoproj.io/tracking-id": "some-app:/Namespace:/some-namespace", "argocd.argoproj.io/sync-options": "ServerSideApply=true"}, + un: createFakeNamespace("something", "1", map[string]string{}, map[string]string{}), + syncPolicy: &v1alpha1.SyncPolicy{ + ManagedNamespaceMetadata: &v1alpha1.ManagedNamespaceMetadata{ + Labels: map[string]string{"my-cool-label": "some-value"}, + }, + }, + }, + { + name: "namespace exists with no labels or annotations and managedNamespaceMetadata has annotations", + expected: true, + expectedAnnotations: map[string]string{"my-cool-annotation": "some-value", "argocd.argoproj.io/tracking-id": "some-app:/Namespace:/some-namespace", "argocd.argoproj.io/sync-options": "ServerSideApply=true"}, + un: createFakeNamespace("something", "1", map[string]string{}, map[string]string{}), + syncPolicy: &v1alpha1.SyncPolicy{ + ManagedNamespaceMetadata: &v1alpha1.ManagedNamespaceMetadata{ + Annotations: map[string]string{"my-cool-annotation": "some-value"}, + }, + }, + }, + { + name: "namespace exists with no labels or annotations and managedNamespaceMetadata has annotations and labels", + expected: true, + expectedLabels: map[string]string{"my-cool-label": "some-value"}, + expectedAnnotations: map[string]string{"my-cool-annotation": "some-value", "argocd.argoproj.io/tracking-id": "some-app:/Namespace:/some-namespace", "argocd.argoproj.io/sync-options": "ServerSideApply=true"}, + un: createFakeNamespace("something", "1", map[string]string{}, map[string]string{}), + syncPolicy: &v1alpha1.SyncPolicy{ + ManagedNamespaceMetadata: &v1alpha1.ManagedNamespaceMetadata{ + Labels: map[string]string{"my-cool-label": "some-value"}, + Annotations: map[string]string{"my-cool-annotation": "some-value"}, + }, + }, + }, + { + name: "namespace exists with labels and managedNamespaceMetadata has mismatching labels", + expected: true, + expectedAnnotations: map[string]string{"argocd.argoproj.io/tracking-id": "some-app:/Namespace:/some-namespace", "argocd.argoproj.io/sync-options": "ServerSideApply=true"}, + expectedLabels: map[string]string{"my-cool-label": "some-value", "my-other-label": "some-other-value"}, + un: createFakeNamespace("something", "1", map[string]string{"my-cool-label": "some-value"}, map[string]string{}), + syncPolicy: &v1alpha1.SyncPolicy{ + ManagedNamespaceMetadata: &v1alpha1.ManagedNamespaceMetadata{ + Labels: map[string]string{"my-cool-label": "some-value", "my-other-label": "some-other-value"}, + Annotations: map[string]string{}, + }, + }, + }, + { + name: "namespace exists with annotations and managedNamespaceMetadata has mismatching annotations", + expected: true, + expectedLabels: map[string]string{}, + expectedAnnotations: map[string]string{"my-cool-annotation": "some-value", "argocd.argoproj.io/tracking-id": "some-app:/Namespace:/some-namespace", "argocd.argoproj.io/sync-options": "ServerSideApply=true"}, + un: createFakeNamespace("something", "1", map[string]string{}, map[string]string{"my-cool-annotation": "some-value", "my-other-annotation": "some-other-value"}), + syncPolicy: &v1alpha1.SyncPolicy{ + ManagedNamespaceMetadata: &v1alpha1.ManagedNamespaceMetadata{ + Labels: map[string]string{}, + Annotations: map[string]string{"my-cool-annotation": "some-value"}, + }, + }, + }, + { + name: "namespace exists with annotations and labels managedNamespaceMetadata has mismatching annotations and labels", + expected: true, + expectedLabels: map[string]string{"my-cool-label": "some-value", "my-other-label": "some-other-value"}, + expectedAnnotations: map[string]string{"my-cool-annotation": "some-value", "my-other-annotation": "some-other-value", "argocd.argoproj.io/tracking-id": "some-app:/Namespace:/some-namespace", "argocd.argoproj.io/sync-options": "ServerSideApply=true"}, + un: createFakeNamespace("something", "1", map[string]string{"my-cool-label": "some-value"}, map[string]string{"my-cool-annotation": "some-value"}), + syncPolicy: &v1alpha1.SyncPolicy{ + ManagedNamespaceMetadata: &v1alpha1.ManagedNamespaceMetadata{ + Labels: map[string]string{"my-cool-label": "some-value", "my-other-label": "some-other-value"}, + Annotations: map[string]string{"my-cool-annotation": "some-value", "my-other-annotation": "some-other-value"}, + }, + }, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + actual, err := syncNamespace(argo.NewResourceTracking(), common.LabelKeyAppInstance, argo.TrackingMethodAnnotation, "some-app", tt.syncPolicy)(tt.un) + assert.NoError(t, err) + + if tt.un != nil { + assert.Equal(t, tt.expectedLabels, tt.un.GetLabels()) + assert.Equal(t, tt.expectedAnnotations, tt.un.GetAnnotations()) + } + + assert.Equalf(t, tt.expected, actual, "syncNamespace(%v)", tt.syncPolicy) + }) + } +} + +func Test_shouldNamespaceSync_Failure(t *testing.T) { + fake := fakeResourceTracking{} + _, err := syncNamespace(fake, common.LabelKeyAppInstance, argo.TrackingMethodAnnotation, "some-app", &v1alpha1.SyncPolicy{ + ManagedNamespaceMetadata: &v1alpha1.ManagedNamespaceMetadata{ + Labels: map[string]string{"my-cool-label": "some-value"}, + Annotations: map[string]string{"my-cool-annotation": "some-value"}, + }, + })(createFakeNamespace("something", "1", map[string]string{}, map[string]string{})) + assert.Error(t, err, "Expected error") + assert.Equal(t, "failed to set app instance tracking on the namespace some-namespace: some error", err.Error()) +} diff --git a/docs/operator-manual/application.yaml b/docs/operator-manual/application.yaml index 6bc0278b2ea6e..366d237716ea1 100644 --- a/docs/operator-manual/application.yaml +++ b/docs/operator-manual/application.yaml @@ -134,6 +134,15 @@ spec: - CreateNamespace=true # Namespace Auto-Creation ensures that namespace specified as the application destination exists in the destination cluster. - PrunePropagationPolicy=foreground # Supported policies are background, foreground and orphan. - PruneLast=true # Allow the ability for resource pruning to happen as a final, implicit wave of a sync operation + managedNamespaceMetadata: # Sets the metadata for the application namespace. Only valid if CreateNamespace=true (see above), otherwise it's a no-op. + labels: # The labels to set on the application namespace + any: label + you: like + annotations: # The annotations to set on the application namespace + the: same + applies: for + annotations: on-the-namespace + # The retry feature is available since v1.7 retry: limit: 5 # number of failed sync attempt retries; unlimited number of attempts if less than 0 diff --git a/docs/user-guide/sync-options.md b/docs/user-guide/sync-options.md index 387ce85341ab3..32501b27340af 100644 --- a/docs/user-guide/sync-options.md +++ b/docs/user-guide/sync-options.md @@ -268,4 +268,134 @@ spec: syncOptions: - CreateNamespace=true ``` -The example above shows how an Argo CD Application can be configured so it will create namespaces for the Application resources if the namespaces don't exist already. Without this either declared in the Application manifest or passed in the cli via `--sync-option CreateNamespace=true`, the Application will fail to sync if the resources' namespaces do not exist. +The example above shows how an Argo CD Application can be configured, so it will create namespaces for the Application resources if the namespaces don't exist already. Without this either declared in the Application manifest or passed in the cli via `--sync-option CreateNamespace=true`, the Application will fail to sync if the resources' namespaces do not exist. + +### Namespace Metadata + +We can also add labels and annotations to the namespace through `managedNamespaceMetadata`. If we extend the example above +we could potentially do something like below: + +```yaml +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + namespace: test +spec: + syncPolicy: + managedNamespaceMetadata: + labels: # The labels to set on the application namespace + any: label + you: like + annotations: # The annotations to set on the application namespace + the: same + applies: for + annotations: on-the-namespace + syncOptions: + - CreateNamespace=true +``` + +In order for ArgoCD to manage the labels and annotations on the namespace, `CreateNamespace=true` needs to be set as a +sync option, otherwise nothing will happen. If the namespace doesn't already exist, or if it already exists and doesn't +already have labels and/or annotations set on it, you're good to go. Using `managedNamespaceMetadata` will also set the +resource tracking label (or annotation) on the namespace, so you can easily track which namespaces are managed by ArgoCD. + +In the case you do not have any custom annotations or labels but would nonetheless want to have resource tracking set on +your namespace, that can be done by setting `managedNamespaceMetadata` with an empty `labels` and/or `annotations` map, +like the example below: + +```yaml +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + namespace: test +spec: + syncPolicy: + managedNamespaceMetadata: + labels: # The labels to set on the application namespace + annotations: # The annotations to set on the application namespace + syncOptions: + - CreateNamespace=true +``` + +In the case where ArgoCD is "adopting" an existing namespace which already has metadata set on it, we rely on using +Server Side Apply in order not to lose metadata which has already been set. The main implication here is that it takes +a few extra steps to get rid of an already preexisting field. + +Imagine we have a pre-existing namespace as below: + +```yaml +apiVersion: v1 +kind: Namespace +metadata: + name: foobar + annotations: + foo: bar + abc: "123" +``` + +If we want to manage the `foobar` namespace with ArgoCD and to then also remove the `foo: bar` annotation, in +`managedNamespaceMetadata` we'd need to first rename the `foo` value: + +```yaml +apiVersion: argoproj.io/v1alpha1 +kind: Application +spec: + syncPolicy: + managedNamespaceMetadata: + annotations: + abc: 123 # adding this is informational with SSA; this would be sticking around in any case until we set a new value + foo: remove-me + syncOptions: + - CreateNamespace=true +``` + +Once that has been synced, we're ok to remove `foo` + +```yaml +apiVersion: argoproj.io/v1alpha1 +kind: Application +spec: + syncPolicy: + managedNamespaceMetadata: + annotations: + abc: 123 # adding this is informational with SSA; this would be sticking around in any case until we set a new value + syncOptions: + - CreateNamespace=true +``` + +Another thing to keep mind of is that if you have a k8s manifest for the same namespace in your ArgoCD application, that +will take precedence and *overwrite whatever values that have been set in `managedNamespaceMetadata`*. In other words, if +you have an application that sets `managedNamespaceMetadata` + +```yaml +apiVersion: argoproj.io/v1alpha1 +kind: Application +spec: + syncPolicy: + managedNamespaceMetadata: + annotations: + abc: 123 + syncOptions: + - CreateNamespace=true +``` + +But you also have a k8s manifest with a matching name + +```yaml +apiVersion: v1 +kind: Namespace +metadata: + name: foobar + annotations: + foo: bar + something: completely-different +``` + +The resulting namespace will have its annotations set to + +```yaml + annotations: + foo: bar + something: completely-different +``` + diff --git a/go.mod b/go.mod index 809d6744d7e4c..b69337f56080e 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( github.com/Masterminds/semver/v3 v3.1.1 github.com/TomOnTime/utfutil v0.0.0-20180511104225-09c41003ee1d github.com/alicebob/miniredis/v2 v2.14.2 - github.com/argoproj/gitops-engine v0.7.1-0.20221004132320-98ccd3d43fd9 + github.com/argoproj/gitops-engine v0.7.1-0.20221103192913-b371e3bfc5e9 github.com/argoproj/notifications-engine v0.3.1-0.20220812180936-4d8552b0775f github.com/argoproj/pkg v0.11.1-0.20211203175135-36c59d8fafe0 github.com/aws/aws-sdk-go v1.38.49 diff --git a/go.sum b/go.sum index 407357315ca57..0da05d81e462a 100644 --- a/go.sum +++ b/go.sum @@ -142,8 +142,8 @@ github.com/antonmedv/expr v1.8.9/go.mod h1:5qsM3oLGDND7sDmQGDXHkYfkjYMUX14qsgqmH github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= github.com/apache/thrift v0.13.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= github.com/appscode/go v0.0.0-20190808133642-1d4ef1f1c1e0/go.mod h1:iy07dV61Z7QQdCKJCIvUoDL21u6AIceRhZzyleh2ymc= -github.com/argoproj/gitops-engine v0.7.1-0.20221004132320-98ccd3d43fd9 h1:pXN64mJfrg8qx4mgWDnJ9E2T5ikZupvVRSXYMoe39Y8= -github.com/argoproj/gitops-engine v0.7.1-0.20221004132320-98ccd3d43fd9/go.mod h1:WpA/B7tgwfz+sdNE3LqrTrb7ArEY1FOPI2pAGI0hfPc= +github.com/argoproj/gitops-engine v0.7.1-0.20221103192913-b371e3bfc5e9 h1:qk4O1fw6ZtWwm0vNM1HFACSAJYnhuKweLNP6XzDJchE= +github.com/argoproj/gitops-engine v0.7.1-0.20221103192913-b371e3bfc5e9/go.mod h1:WpA/B7tgwfz+sdNE3LqrTrb7ArEY1FOPI2pAGI0hfPc= github.com/argoproj/notifications-engine v0.3.1-0.20220812180936-4d8552b0775f h1:xTts6TJ/SBbY9zV8qpueokUd3+SlJN6Abt4W6lAjOKM= github.com/argoproj/notifications-engine v0.3.1-0.20220812180936-4d8552b0775f/go.mod h1:R3zlopt+/juYlebQc9Jarn9vBQ2xZruWOWjUNkfGY9M= github.com/argoproj/pkg v0.11.1-0.20211203175135-36c59d8fafe0 h1:Cfp7rO/HpVxnwlRqJe0jHiBbZ77ZgXhB6HWlYD02Xdc= diff --git a/hack/generate-proto.sh b/hack/generate-proto.sh index c93f8bb473c2d..3627a297fd879 100755 --- a/hack/generate-proto.sh +++ b/hack/generate-proto.sh @@ -9,7 +9,8 @@ set -o errexit set -o nounset set -o pipefail -PROJECT_ROOT=$(cd $(dirname ${BASH_SOURCE})/..; pwd) +# shellcheck disable=SC2128 +PROJECT_ROOT=$(cd "$(dirname "${BASH_SOURCE}")"/..; pwd) PATH="${PROJECT_ROOT}/dist:${PATH}" GOPATH=$(go env GOPATH) @@ -51,11 +52,11 @@ else fi go-to-protobuf \ - --go-header-file=${PROJECT_ROOT}/hack/custom-boilerplate.go.txt \ - --packages=$(IFS=, ; echo "${PACKAGES[*]}") \ - --apimachinery-packages=$(IFS=, ; echo "${APIMACHINERY_PKGS[*]}") \ + --go-header-file="${PROJECT_ROOT}"/hack/custom-boilerplate.go.txt \ + --packages="$(IFS=, ; echo "${PACKAGES[*]}")" \ + --apimachinery-packages="$(IFS=, ; echo "${APIMACHINERY_PKGS[*]}")" \ --proto-import=./vendor \ - --proto-import=${protoc_include} + --proto-import="${protoc_include}" # Either protoc-gen-go, protoc-gen-gofast, or protoc-gen-gogofast can be used to build # server/*/.pb.go from .proto files. golang/protobuf and gogo/protobuf can be used @@ -73,17 +74,17 @@ MOD_ROOT=${GOPATH}/pkg/mod grpc_gateway_version=$(go list -m github.com/grpc-ecosystem/grpc-gateway | awk '{print $NF}' | head -1) GOOGLE_PROTO_API_PATH=${MOD_ROOT}/github.com/grpc-ecosystem/grpc-gateway@${grpc_gateway_version}/third_party/googleapis GOGO_PROTOBUF_PATH=${PROJECT_ROOT}/vendor/github.com/gogo/protobuf -PROTO_FILES=$(find $PROJECT_ROOT \( -name "*.proto" -and -path '*/server/*' -or -path '*/reposerver/*' -and -name "*.proto" -or -path '*/cmpserver/*' -and -name "*.proto" \) | sort) +PROTO_FILES=$(find "$PROJECT_ROOT" \( -name "*.proto" -and -path '*/server/*' -or -path '*/reposerver/*' -and -name "*.proto" -or -path '*/cmpserver/*' -and -name "*.proto" \) | sort) for i in ${PROTO_FILES}; do protoc \ - -I${PROJECT_ROOT} \ - -I${protoc_include} \ + -I"${PROJECT_ROOT}" \ + -I"${protoc_include}" \ -I./vendor \ - -I$GOPATH/src \ - -I${GOOGLE_PROTO_API_PATH} \ - -I${GOGO_PROTOBUF_PATH} \ - --${GOPROTOBINARY}_out=plugins=grpc:$GOPATH/src \ - --grpc-gateway_out=logtostderr=true:$GOPATH/src \ + -I"$GOPATH"/src \ + -I"${GOOGLE_PROTO_API_PATH}" \ + -I"${GOGO_PROTOBUF_PATH}" \ + --${GOPROTOBINARY}_out=plugins=grpc:"$GOPATH"/src \ + --grpc-gateway_out=logtostderr=true:"$GOPATH"/src \ --swagger_out=logtostderr=true:. \ $i done @@ -94,8 +95,8 @@ collect_swagger() { SWAGGER_ROOT="$1" EXPECTED_COLLISIONS="$2" SWAGGER_OUT="${PROJECT_ROOT}/assets/swagger.json" - PRIMARY_SWAGGER=`mktemp` - COMBINED_SWAGGER=`mktemp` + PRIMARY_SWAGGER=$(mktemp) + COMBINED_SWAGGER=$(mktemp) cat < "${PRIMARY_SWAGGER}" { @@ -124,7 +125,7 @@ clean_swagger() { } echo "If additional types are added, the number of expected collisions may need to be increased" -EXPECTED_COLLISION_COUNT=90 +EXPECTED_COLLISION_COUNT=91 collect_swagger server ${EXPECTED_COLLISION_COUNT} clean_swagger server clean_swagger reposerver diff --git a/manifests/core-install.yaml b/manifests/core-install.yaml index 959582d68c4b2..15a9666f307d4 100644 --- a/manifests/core-install.yaml +++ b/manifests/core-install.yaml @@ -740,6 +740,19 @@ spec: (default: false)' type: boolean type: object + managedNamespaceMetadata: + description: ManagedNamespaceMetadata controls metadata in the + given namespace (if CreateNamespace=true) + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: description: Retry controls failed sync retry behavior properties: @@ -2447,6 +2460,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -2734,6 +2758,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -3023,6 +3058,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -3288,6 +3334,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -3583,6 +3640,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -3870,6 +3938,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -4159,6 +4238,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -4424,6 +4514,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -4807,6 +4908,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -5237,6 +5349,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -5518,6 +5641,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -5813,6 +5947,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -6100,6 +6245,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -6389,6 +6545,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -6654,6 +6821,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -7037,6 +7215,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -7467,6 +7656,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -7752,6 +7952,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -8132,6 +8343,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -8562,6 +8784,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -8850,6 +9083,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: diff --git a/manifests/crds/application-crd.yaml b/manifests/crds/application-crd.yaml index 911fbc01e249d..175ec3ea82998 100644 --- a/manifests/crds/application-crd.yaml +++ b/manifests/crds/application-crd.yaml @@ -739,6 +739,19 @@ spec: (default: false)' type: boolean type: object + managedNamespaceMetadata: + description: ManagedNamespaceMetadata controls metadata in the + given namespace (if CreateNamespace=true) + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: description: Retry controls failed sync retry behavior properties: diff --git a/manifests/crds/applicationset-crd.yaml b/manifests/crds/applicationset-crd.yaml index 5e654ad2e7a4e..726bafc2afda5 100644 --- a/manifests/crds/applicationset-crd.yaml +++ b/manifests/crds/applicationset-crd.yaml @@ -289,6 +289,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -576,6 +587,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -865,6 +887,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -1130,6 +1163,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -1425,6 +1469,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -1712,6 +1767,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -2001,6 +2067,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -2266,6 +2343,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -2649,6 +2737,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -3079,6 +3178,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -3360,6 +3470,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -3655,6 +3776,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -3942,6 +4074,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -4231,6 +4374,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -4496,6 +4650,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -4879,6 +5044,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -5309,6 +5485,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -5594,6 +5781,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -5974,6 +6172,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -6404,6 +6613,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -6692,6 +6912,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: diff --git a/manifests/ha/install.yaml b/manifests/ha/install.yaml index 1cdac6f264cd2..36fbf572602f2 100644 --- a/manifests/ha/install.yaml +++ b/manifests/ha/install.yaml @@ -740,6 +740,19 @@ spec: (default: false)' type: boolean type: object + managedNamespaceMetadata: + description: ManagedNamespaceMetadata controls metadata in the + given namespace (if CreateNamespace=true) + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: description: Retry controls failed sync retry behavior properties: @@ -2447,6 +2460,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -2734,6 +2758,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -3023,6 +3058,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -3288,6 +3334,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -3583,6 +3640,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -3870,6 +3938,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -4159,6 +4238,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -4424,6 +4514,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -4807,6 +4908,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -5237,6 +5349,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -5518,6 +5641,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -5813,6 +5947,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -6100,6 +6245,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -6389,6 +6545,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -6654,6 +6821,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -7037,6 +7215,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -7467,6 +7656,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -7752,6 +7952,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -8132,6 +8343,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -8562,6 +8784,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -8850,6 +9083,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: diff --git a/manifests/install.yaml b/manifests/install.yaml index 32b793b23213c..b7f51dda9fc3d 100644 --- a/manifests/install.yaml +++ b/manifests/install.yaml @@ -740,6 +740,19 @@ spec: (default: false)' type: boolean type: object + managedNamespaceMetadata: + description: ManagedNamespaceMetadata controls metadata in the + given namespace (if CreateNamespace=true) + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: description: Retry controls failed sync retry behavior properties: @@ -2447,6 +2460,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -2734,6 +2758,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -3023,6 +3058,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -3288,6 +3334,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -3583,6 +3640,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -3870,6 +3938,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -4159,6 +4238,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -4424,6 +4514,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -4807,6 +4908,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -5237,6 +5349,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -5518,6 +5641,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -5813,6 +5947,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -6100,6 +6245,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -6389,6 +6545,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -6654,6 +6821,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -7037,6 +7215,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -7467,6 +7656,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -7752,6 +7952,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -8132,6 +8343,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -8562,6 +8784,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -8850,6 +9083,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: diff --git a/pkg/apis/application/v1alpha1/generated.pb.go b/pkg/apis/application/v1alpha1/generated.pb.go index 4ea2d24f9c18f..85b3ed8504857 100644 --- a/pkg/apis/application/v1alpha1/generated.pb.go +++ b/pkg/apis/application/v1alpha1/generated.pb.go @@ -1885,10 +1885,38 @@ func (m *ListGenerator) XXX_DiscardUnknown() { var xxx_messageInfo_ListGenerator proto.InternalMessageInfo +func (m *ManagedNamespaceMetadata) Reset() { *m = ManagedNamespaceMetadata{} } +func (*ManagedNamespaceMetadata) ProtoMessage() {} +func (*ManagedNamespaceMetadata) Descriptor() ([]byte, []int) { + return fileDescriptor_030104ce3b95bcac, []int{66} +} +func (m *ManagedNamespaceMetadata) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *ManagedNamespaceMetadata) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *ManagedNamespaceMetadata) XXX_Merge(src proto.Message) { + xxx_messageInfo_ManagedNamespaceMetadata.Merge(m, src) +} +func (m *ManagedNamespaceMetadata) XXX_Size() int { + return m.Size() +} +func (m *ManagedNamespaceMetadata) XXX_DiscardUnknown() { + xxx_messageInfo_ManagedNamespaceMetadata.DiscardUnknown(m) +} + +var xxx_messageInfo_ManagedNamespaceMetadata proto.InternalMessageInfo + func (m *MatrixGenerator) Reset() { *m = MatrixGenerator{} } func (*MatrixGenerator) ProtoMessage() {} func (*MatrixGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{66} + return fileDescriptor_030104ce3b95bcac, []int{67} } func (m *MatrixGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1916,7 +1944,7 @@ var xxx_messageInfo_MatrixGenerator proto.InternalMessageInfo func (m *MergeGenerator) Reset() { *m = MergeGenerator{} } func (*MergeGenerator) ProtoMessage() {} func (*MergeGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{67} + return fileDescriptor_030104ce3b95bcac, []int{68} } func (m *MergeGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1944,7 +1972,7 @@ var xxx_messageInfo_MergeGenerator proto.InternalMessageInfo func (m *NestedMatrixGenerator) Reset() { *m = NestedMatrixGenerator{} } func (*NestedMatrixGenerator) ProtoMessage() {} func (*NestedMatrixGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{68} + return fileDescriptor_030104ce3b95bcac, []int{69} } func (m *NestedMatrixGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1972,7 +2000,7 @@ var xxx_messageInfo_NestedMatrixGenerator proto.InternalMessageInfo func (m *NestedMergeGenerator) Reset() { *m = NestedMergeGenerator{} } func (*NestedMergeGenerator) ProtoMessage() {} func (*NestedMergeGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{69} + return fileDescriptor_030104ce3b95bcac, []int{70} } func (m *NestedMergeGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2000,7 +2028,7 @@ var xxx_messageInfo_NestedMergeGenerator proto.InternalMessageInfo func (m *Operation) Reset() { *m = Operation{} } func (*Operation) ProtoMessage() {} func (*Operation) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{70} + return fileDescriptor_030104ce3b95bcac, []int{71} } func (m *Operation) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2028,7 +2056,7 @@ var xxx_messageInfo_Operation proto.InternalMessageInfo func (m *OperationInitiator) Reset() { *m = OperationInitiator{} } func (*OperationInitiator) ProtoMessage() {} func (*OperationInitiator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{71} + return fileDescriptor_030104ce3b95bcac, []int{72} } func (m *OperationInitiator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2056,7 +2084,7 @@ var xxx_messageInfo_OperationInitiator proto.InternalMessageInfo func (m *OperationState) Reset() { *m = OperationState{} } func (*OperationState) ProtoMessage() {} func (*OperationState) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{72} + return fileDescriptor_030104ce3b95bcac, []int{73} } func (m *OperationState) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2084,7 +2112,7 @@ var xxx_messageInfo_OperationState proto.InternalMessageInfo func (m *OrphanedResourceKey) Reset() { *m = OrphanedResourceKey{} } func (*OrphanedResourceKey) ProtoMessage() {} func (*OrphanedResourceKey) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{73} + return fileDescriptor_030104ce3b95bcac, []int{74} } func (m *OrphanedResourceKey) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2112,7 +2140,7 @@ var xxx_messageInfo_OrphanedResourceKey proto.InternalMessageInfo func (m *OrphanedResourcesMonitorSettings) Reset() { *m = OrphanedResourcesMonitorSettings{} } func (*OrphanedResourcesMonitorSettings) ProtoMessage() {} func (*OrphanedResourcesMonitorSettings) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{74} + return fileDescriptor_030104ce3b95bcac, []int{75} } func (m *OrphanedResourcesMonitorSettings) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2140,7 +2168,7 @@ var xxx_messageInfo_OrphanedResourcesMonitorSettings proto.InternalMessageInfo func (m *OverrideIgnoreDiff) Reset() { *m = OverrideIgnoreDiff{} } func (*OverrideIgnoreDiff) ProtoMessage() {} func (*OverrideIgnoreDiff) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{75} + return fileDescriptor_030104ce3b95bcac, []int{76} } func (m *OverrideIgnoreDiff) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2168,7 +2196,7 @@ var xxx_messageInfo_OverrideIgnoreDiff proto.InternalMessageInfo func (m *ProjectRole) Reset() { *m = ProjectRole{} } func (*ProjectRole) ProtoMessage() {} func (*ProjectRole) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{76} + return fileDescriptor_030104ce3b95bcac, []int{77} } func (m *ProjectRole) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2196,7 +2224,7 @@ var xxx_messageInfo_ProjectRole proto.InternalMessageInfo func (m *PullRequestGenerator) Reset() { *m = PullRequestGenerator{} } func (*PullRequestGenerator) ProtoMessage() {} func (*PullRequestGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{77} + return fileDescriptor_030104ce3b95bcac, []int{78} } func (m *PullRequestGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2224,7 +2252,7 @@ var xxx_messageInfo_PullRequestGenerator proto.InternalMessageInfo func (m *PullRequestGeneratorBitbucketServer) Reset() { *m = PullRequestGeneratorBitbucketServer{} } func (*PullRequestGeneratorBitbucketServer) ProtoMessage() {} func (*PullRequestGeneratorBitbucketServer) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{78} + return fileDescriptor_030104ce3b95bcac, []int{79} } func (m *PullRequestGeneratorBitbucketServer) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2252,7 +2280,7 @@ var xxx_messageInfo_PullRequestGeneratorBitbucketServer proto.InternalMessageInf func (m *PullRequestGeneratorFilter) Reset() { *m = PullRequestGeneratorFilter{} } func (*PullRequestGeneratorFilter) ProtoMessage() {} func (*PullRequestGeneratorFilter) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{79} + return fileDescriptor_030104ce3b95bcac, []int{80} } func (m *PullRequestGeneratorFilter) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2280,7 +2308,7 @@ var xxx_messageInfo_PullRequestGeneratorFilter proto.InternalMessageInfo func (m *PullRequestGeneratorGitLab) Reset() { *m = PullRequestGeneratorGitLab{} } func (*PullRequestGeneratorGitLab) ProtoMessage() {} func (*PullRequestGeneratorGitLab) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{80} + return fileDescriptor_030104ce3b95bcac, []int{81} } func (m *PullRequestGeneratorGitLab) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2308,7 +2336,7 @@ var xxx_messageInfo_PullRequestGeneratorGitLab proto.InternalMessageInfo func (m *PullRequestGeneratorGitea) Reset() { *m = PullRequestGeneratorGitea{} } func (*PullRequestGeneratorGitea) ProtoMessage() {} func (*PullRequestGeneratorGitea) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{81} + return fileDescriptor_030104ce3b95bcac, []int{82} } func (m *PullRequestGeneratorGitea) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2336,7 +2364,7 @@ var xxx_messageInfo_PullRequestGeneratorGitea proto.InternalMessageInfo func (m *PullRequestGeneratorGithub) Reset() { *m = PullRequestGeneratorGithub{} } func (*PullRequestGeneratorGithub) ProtoMessage() {} func (*PullRequestGeneratorGithub) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{82} + return fileDescriptor_030104ce3b95bcac, []int{83} } func (m *PullRequestGeneratorGithub) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2364,7 +2392,7 @@ var xxx_messageInfo_PullRequestGeneratorGithub proto.InternalMessageInfo func (m *RepoCreds) Reset() { *m = RepoCreds{} } func (*RepoCreds) ProtoMessage() {} func (*RepoCreds) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{83} + return fileDescriptor_030104ce3b95bcac, []int{84} } func (m *RepoCreds) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2392,7 +2420,7 @@ var xxx_messageInfo_RepoCreds proto.InternalMessageInfo func (m *RepoCredsList) Reset() { *m = RepoCredsList{} } func (*RepoCredsList) ProtoMessage() {} func (*RepoCredsList) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{84} + return fileDescriptor_030104ce3b95bcac, []int{85} } func (m *RepoCredsList) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2420,7 +2448,7 @@ var xxx_messageInfo_RepoCredsList proto.InternalMessageInfo func (m *Repository) Reset() { *m = Repository{} } func (*Repository) ProtoMessage() {} func (*Repository) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{85} + return fileDescriptor_030104ce3b95bcac, []int{86} } func (m *Repository) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2448,7 +2476,7 @@ var xxx_messageInfo_Repository proto.InternalMessageInfo func (m *RepositoryCertificate) Reset() { *m = RepositoryCertificate{} } func (*RepositoryCertificate) ProtoMessage() {} func (*RepositoryCertificate) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{86} + return fileDescriptor_030104ce3b95bcac, []int{87} } func (m *RepositoryCertificate) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2476,7 +2504,7 @@ var xxx_messageInfo_RepositoryCertificate proto.InternalMessageInfo func (m *RepositoryCertificateList) Reset() { *m = RepositoryCertificateList{} } func (*RepositoryCertificateList) ProtoMessage() {} func (*RepositoryCertificateList) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{87} + return fileDescriptor_030104ce3b95bcac, []int{88} } func (m *RepositoryCertificateList) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2504,7 +2532,7 @@ var xxx_messageInfo_RepositoryCertificateList proto.InternalMessageInfo func (m *RepositoryList) Reset() { *m = RepositoryList{} } func (*RepositoryList) ProtoMessage() {} func (*RepositoryList) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{88} + return fileDescriptor_030104ce3b95bcac, []int{89} } func (m *RepositoryList) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2532,7 +2560,7 @@ var xxx_messageInfo_RepositoryList proto.InternalMessageInfo func (m *ResourceAction) Reset() { *m = ResourceAction{} } func (*ResourceAction) ProtoMessage() {} func (*ResourceAction) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{89} + return fileDescriptor_030104ce3b95bcac, []int{90} } func (m *ResourceAction) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2560,7 +2588,7 @@ var xxx_messageInfo_ResourceAction proto.InternalMessageInfo func (m *ResourceActionDefinition) Reset() { *m = ResourceActionDefinition{} } func (*ResourceActionDefinition) ProtoMessage() {} func (*ResourceActionDefinition) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{90} + return fileDescriptor_030104ce3b95bcac, []int{91} } func (m *ResourceActionDefinition) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2588,7 +2616,7 @@ var xxx_messageInfo_ResourceActionDefinition proto.InternalMessageInfo func (m *ResourceActionParam) Reset() { *m = ResourceActionParam{} } func (*ResourceActionParam) ProtoMessage() {} func (*ResourceActionParam) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{91} + return fileDescriptor_030104ce3b95bcac, []int{92} } func (m *ResourceActionParam) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2616,7 +2644,7 @@ var xxx_messageInfo_ResourceActionParam proto.InternalMessageInfo func (m *ResourceActions) Reset() { *m = ResourceActions{} } func (*ResourceActions) ProtoMessage() {} func (*ResourceActions) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{92} + return fileDescriptor_030104ce3b95bcac, []int{93} } func (m *ResourceActions) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2644,7 +2672,7 @@ var xxx_messageInfo_ResourceActions proto.InternalMessageInfo func (m *ResourceDiff) Reset() { *m = ResourceDiff{} } func (*ResourceDiff) ProtoMessage() {} func (*ResourceDiff) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{93} + return fileDescriptor_030104ce3b95bcac, []int{94} } func (m *ResourceDiff) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2672,7 +2700,7 @@ var xxx_messageInfo_ResourceDiff proto.InternalMessageInfo func (m *ResourceIgnoreDifferences) Reset() { *m = ResourceIgnoreDifferences{} } func (*ResourceIgnoreDifferences) ProtoMessage() {} func (*ResourceIgnoreDifferences) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{94} + return fileDescriptor_030104ce3b95bcac, []int{95} } func (m *ResourceIgnoreDifferences) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2700,7 +2728,7 @@ var xxx_messageInfo_ResourceIgnoreDifferences proto.InternalMessageInfo func (m *ResourceNetworkingInfo) Reset() { *m = ResourceNetworkingInfo{} } func (*ResourceNetworkingInfo) ProtoMessage() {} func (*ResourceNetworkingInfo) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{95} + return fileDescriptor_030104ce3b95bcac, []int{96} } func (m *ResourceNetworkingInfo) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2728,7 +2756,7 @@ var xxx_messageInfo_ResourceNetworkingInfo proto.InternalMessageInfo func (m *ResourceNode) Reset() { *m = ResourceNode{} } func (*ResourceNode) ProtoMessage() {} func (*ResourceNode) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{96} + return fileDescriptor_030104ce3b95bcac, []int{97} } func (m *ResourceNode) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2756,7 +2784,7 @@ var xxx_messageInfo_ResourceNode proto.InternalMessageInfo func (m *ResourceOverride) Reset() { *m = ResourceOverride{} } func (*ResourceOverride) ProtoMessage() {} func (*ResourceOverride) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{97} + return fileDescriptor_030104ce3b95bcac, []int{98} } func (m *ResourceOverride) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2784,7 +2812,7 @@ var xxx_messageInfo_ResourceOverride proto.InternalMessageInfo func (m *ResourceRef) Reset() { *m = ResourceRef{} } func (*ResourceRef) ProtoMessage() {} func (*ResourceRef) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{98} + return fileDescriptor_030104ce3b95bcac, []int{99} } func (m *ResourceRef) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2812,7 +2840,7 @@ var xxx_messageInfo_ResourceRef proto.InternalMessageInfo func (m *ResourceResult) Reset() { *m = ResourceResult{} } func (*ResourceResult) ProtoMessage() {} func (*ResourceResult) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{99} + return fileDescriptor_030104ce3b95bcac, []int{100} } func (m *ResourceResult) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2840,7 +2868,7 @@ var xxx_messageInfo_ResourceResult proto.InternalMessageInfo func (m *ResourceStatus) Reset() { *m = ResourceStatus{} } func (*ResourceStatus) ProtoMessage() {} func (*ResourceStatus) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{100} + return fileDescriptor_030104ce3b95bcac, []int{101} } func (m *ResourceStatus) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2868,7 +2896,7 @@ var xxx_messageInfo_ResourceStatus proto.InternalMessageInfo func (m *RetryStrategy) Reset() { *m = RetryStrategy{} } func (*RetryStrategy) ProtoMessage() {} func (*RetryStrategy) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{101} + return fileDescriptor_030104ce3b95bcac, []int{102} } func (m *RetryStrategy) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2896,7 +2924,7 @@ var xxx_messageInfo_RetryStrategy proto.InternalMessageInfo func (m *RevisionHistory) Reset() { *m = RevisionHistory{} } func (*RevisionHistory) ProtoMessage() {} func (*RevisionHistory) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{102} + return fileDescriptor_030104ce3b95bcac, []int{103} } func (m *RevisionHistory) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2924,7 +2952,7 @@ var xxx_messageInfo_RevisionHistory proto.InternalMessageInfo func (m *RevisionMetadata) Reset() { *m = RevisionMetadata{} } func (*RevisionMetadata) ProtoMessage() {} func (*RevisionMetadata) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{103} + return fileDescriptor_030104ce3b95bcac, []int{104} } func (m *RevisionMetadata) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2952,7 +2980,7 @@ var xxx_messageInfo_RevisionMetadata proto.InternalMessageInfo func (m *SCMProviderGenerator) Reset() { *m = SCMProviderGenerator{} } func (*SCMProviderGenerator) ProtoMessage() {} func (*SCMProviderGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{104} + return fileDescriptor_030104ce3b95bcac, []int{105} } func (m *SCMProviderGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2980,7 +3008,7 @@ var xxx_messageInfo_SCMProviderGenerator proto.InternalMessageInfo func (m *SCMProviderGeneratorAzureDevOps) Reset() { *m = SCMProviderGeneratorAzureDevOps{} } func (*SCMProviderGeneratorAzureDevOps) ProtoMessage() {} func (*SCMProviderGeneratorAzureDevOps) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{105} + return fileDescriptor_030104ce3b95bcac, []int{106} } func (m *SCMProviderGeneratorAzureDevOps) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3008,7 +3036,7 @@ var xxx_messageInfo_SCMProviderGeneratorAzureDevOps proto.InternalMessageInfo func (m *SCMProviderGeneratorBitbucket) Reset() { *m = SCMProviderGeneratorBitbucket{} } func (*SCMProviderGeneratorBitbucket) ProtoMessage() {} func (*SCMProviderGeneratorBitbucket) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{106} + return fileDescriptor_030104ce3b95bcac, []int{107} } func (m *SCMProviderGeneratorBitbucket) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3036,7 +3064,7 @@ var xxx_messageInfo_SCMProviderGeneratorBitbucket proto.InternalMessageInfo func (m *SCMProviderGeneratorBitbucketServer) Reset() { *m = SCMProviderGeneratorBitbucketServer{} } func (*SCMProviderGeneratorBitbucketServer) ProtoMessage() {} func (*SCMProviderGeneratorBitbucketServer) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{107} + return fileDescriptor_030104ce3b95bcac, []int{108} } func (m *SCMProviderGeneratorBitbucketServer) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3064,7 +3092,7 @@ var xxx_messageInfo_SCMProviderGeneratorBitbucketServer proto.InternalMessageInf func (m *SCMProviderGeneratorFilter) Reset() { *m = SCMProviderGeneratorFilter{} } func (*SCMProviderGeneratorFilter) ProtoMessage() {} func (*SCMProviderGeneratorFilter) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{108} + return fileDescriptor_030104ce3b95bcac, []int{109} } func (m *SCMProviderGeneratorFilter) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3092,7 +3120,7 @@ var xxx_messageInfo_SCMProviderGeneratorFilter proto.InternalMessageInfo func (m *SCMProviderGeneratorGitea) Reset() { *m = SCMProviderGeneratorGitea{} } func (*SCMProviderGeneratorGitea) ProtoMessage() {} func (*SCMProviderGeneratorGitea) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{109} + return fileDescriptor_030104ce3b95bcac, []int{110} } func (m *SCMProviderGeneratorGitea) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3120,7 +3148,7 @@ var xxx_messageInfo_SCMProviderGeneratorGitea proto.InternalMessageInfo func (m *SCMProviderGeneratorGithub) Reset() { *m = SCMProviderGeneratorGithub{} } func (*SCMProviderGeneratorGithub) ProtoMessage() {} func (*SCMProviderGeneratorGithub) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{110} + return fileDescriptor_030104ce3b95bcac, []int{111} } func (m *SCMProviderGeneratorGithub) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3148,7 +3176,7 @@ var xxx_messageInfo_SCMProviderGeneratorGithub proto.InternalMessageInfo func (m *SCMProviderGeneratorGitlab) Reset() { *m = SCMProviderGeneratorGitlab{} } func (*SCMProviderGeneratorGitlab) ProtoMessage() {} func (*SCMProviderGeneratorGitlab) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{111} + return fileDescriptor_030104ce3b95bcac, []int{112} } func (m *SCMProviderGeneratorGitlab) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3176,7 +3204,7 @@ var xxx_messageInfo_SCMProviderGeneratorGitlab proto.InternalMessageInfo func (m *SecretRef) Reset() { *m = SecretRef{} } func (*SecretRef) ProtoMessage() {} func (*SecretRef) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{112} + return fileDescriptor_030104ce3b95bcac, []int{113} } func (m *SecretRef) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3204,7 +3232,7 @@ var xxx_messageInfo_SecretRef proto.InternalMessageInfo func (m *SignatureKey) Reset() { *m = SignatureKey{} } func (*SignatureKey) ProtoMessage() {} func (*SignatureKey) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{113} + return fileDescriptor_030104ce3b95bcac, []int{114} } func (m *SignatureKey) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3232,7 +3260,7 @@ var xxx_messageInfo_SignatureKey proto.InternalMessageInfo func (m *SyncOperation) Reset() { *m = SyncOperation{} } func (*SyncOperation) ProtoMessage() {} func (*SyncOperation) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{114} + return fileDescriptor_030104ce3b95bcac, []int{115} } func (m *SyncOperation) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3260,7 +3288,7 @@ var xxx_messageInfo_SyncOperation proto.InternalMessageInfo func (m *SyncOperationResource) Reset() { *m = SyncOperationResource{} } func (*SyncOperationResource) ProtoMessage() {} func (*SyncOperationResource) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{115} + return fileDescriptor_030104ce3b95bcac, []int{116} } func (m *SyncOperationResource) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3288,7 +3316,7 @@ var xxx_messageInfo_SyncOperationResource proto.InternalMessageInfo func (m *SyncOperationResult) Reset() { *m = SyncOperationResult{} } func (*SyncOperationResult) ProtoMessage() {} func (*SyncOperationResult) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{116} + return fileDescriptor_030104ce3b95bcac, []int{117} } func (m *SyncOperationResult) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3316,7 +3344,7 @@ var xxx_messageInfo_SyncOperationResult proto.InternalMessageInfo func (m *SyncPolicy) Reset() { *m = SyncPolicy{} } func (*SyncPolicy) ProtoMessage() {} func (*SyncPolicy) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{117} + return fileDescriptor_030104ce3b95bcac, []int{118} } func (m *SyncPolicy) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3344,7 +3372,7 @@ var xxx_messageInfo_SyncPolicy proto.InternalMessageInfo func (m *SyncPolicyAutomated) Reset() { *m = SyncPolicyAutomated{} } func (*SyncPolicyAutomated) ProtoMessage() {} func (*SyncPolicyAutomated) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{118} + return fileDescriptor_030104ce3b95bcac, []int{119} } func (m *SyncPolicyAutomated) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3372,7 +3400,7 @@ var xxx_messageInfo_SyncPolicyAutomated proto.InternalMessageInfo func (m *SyncStatus) Reset() { *m = SyncStatus{} } func (*SyncStatus) ProtoMessage() {} func (*SyncStatus) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{119} + return fileDescriptor_030104ce3b95bcac, []int{120} } func (m *SyncStatus) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3400,7 +3428,7 @@ var xxx_messageInfo_SyncStatus proto.InternalMessageInfo func (m *SyncStrategy) Reset() { *m = SyncStrategy{} } func (*SyncStrategy) ProtoMessage() {} func (*SyncStrategy) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{120} + return fileDescriptor_030104ce3b95bcac, []int{121} } func (m *SyncStrategy) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3428,7 +3456,7 @@ var xxx_messageInfo_SyncStrategy proto.InternalMessageInfo func (m *SyncStrategyApply) Reset() { *m = SyncStrategyApply{} } func (*SyncStrategyApply) ProtoMessage() {} func (*SyncStrategyApply) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{121} + return fileDescriptor_030104ce3b95bcac, []int{122} } func (m *SyncStrategyApply) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3456,7 +3484,7 @@ var xxx_messageInfo_SyncStrategyApply proto.InternalMessageInfo func (m *SyncStrategyHook) Reset() { *m = SyncStrategyHook{} } func (*SyncStrategyHook) ProtoMessage() {} func (*SyncStrategyHook) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{122} + return fileDescriptor_030104ce3b95bcac, []int{123} } func (m *SyncStrategyHook) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3484,7 +3512,7 @@ var xxx_messageInfo_SyncStrategyHook proto.InternalMessageInfo func (m *SyncWindow) Reset() { *m = SyncWindow{} } func (*SyncWindow) ProtoMessage() {} func (*SyncWindow) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{123} + return fileDescriptor_030104ce3b95bcac, []int{124} } func (m *SyncWindow) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3512,7 +3540,7 @@ var xxx_messageInfo_SyncWindow proto.InternalMessageInfo func (m *TLSClientConfig) Reset() { *m = TLSClientConfig{} } func (*TLSClientConfig) ProtoMessage() {} func (*TLSClientConfig) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{124} + return fileDescriptor_030104ce3b95bcac, []int{125} } func (m *TLSClientConfig) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3614,6 +3642,9 @@ func init() { proto.RegisterType((*KnownTypeField)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.KnownTypeField") proto.RegisterType((*KustomizeOptions)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.KustomizeOptions") proto.RegisterType((*ListGenerator)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.ListGenerator") + proto.RegisterType((*ManagedNamespaceMetadata)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.ManagedNamespaceMetadata") + proto.RegisterMapType((map[string]string)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.ManagedNamespaceMetadata.AnnotationsEntry") + proto.RegisterMapType((map[string]string)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.ManagedNamespaceMetadata.LabelsEntry") proto.RegisterType((*MatrixGenerator)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.MatrixGenerator") proto.RegisterType((*MergeGenerator)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.MergeGenerator") proto.RegisterType((*NestedMatrixGenerator)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.NestedMatrixGenerator") @@ -3682,567 +3713,572 @@ func init() { } var fileDescriptor_030104ce3b95bcac = []byte{ - // 8955 bytes of a gzipped FileDescriptorProto + // 9025 bytes of a gzipped FileDescriptorProto 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x7d, 0x6d, 0x6c, 0x24, 0xc9, - 0x75, 0xd8, 0xf5, 0x0c, 0x87, 0x9c, 0x79, 0xfc, 0xd8, 0x65, 0xed, 0xee, 0x1d, 0x6f, 0xef, 0x6e, - 0xb9, 0xe8, 0x83, 0xa5, 0x73, 0x74, 0x47, 0xe6, 0xd6, 0x27, 0xe5, 0xe2, 0xb3, 0x4f, 0xe6, 0x90, - 0xbb, 0x5c, 0xee, 0xf2, 0xeb, 0x8a, 0xdc, 0x5d, 0xeb, 0x64, 0x7d, 0x34, 0x7b, 0x6a, 0x86, 0xbd, - 0xec, 0xe9, 0x9e, 0xed, 0xee, 0xe1, 0x72, 0xce, 0x5f, 0x92, 0x6c, 0xc7, 0x0a, 0xf4, 0x19, 0x29, - 0x40, 0x64, 0x20, 0x48, 0x14, 0xd9, 0x30, 0x62, 0x24, 0x42, 0x92, 0x5f, 0xf9, 0x42, 0x7e, 0xd8, - 0xce, 0x0f, 0x05, 0x09, 0x10, 0x01, 0x31, 0x2c, 0x27, 0x4e, 0x68, 0x89, 0x41, 0xe0, 0xc4, 0x40, - 0x1c, 0xc4, 0xf1, 0x9f, 0x2c, 0xf2, 0x23, 0xa8, 0xef, 0xea, 0x9e, 0x99, 0xe5, 0xcc, 0xb2, 0xb9, - 0xbb, 0x16, 0xee, 0xdf, 0xcc, 0x7b, 0xaf, 0xdf, 0x7b, 0x5d, 0x5d, 0xf5, 0xea, 0x55, 0xbd, 0x57, + 0x75, 0x98, 0x7a, 0x86, 0x43, 0xce, 0x3c, 0x7e, 0xec, 0xb2, 0x76, 0xf7, 0x8e, 0xb7, 0x77, 0xb7, + 0x5c, 0xf4, 0xc1, 0xd2, 0x39, 0xba, 0x23, 0x73, 0xeb, 0x93, 0x72, 0xf1, 0xd9, 0x27, 0x73, 0xc8, + 0x5d, 0x2e, 0x77, 0xf9, 0x75, 0x45, 0xee, 0xae, 0x75, 0xb2, 0x3e, 0x9a, 0x3d, 0x35, 0xc3, 0x5e, + 0xf6, 0x74, 0xcf, 0x75, 0xf7, 0x70, 0x39, 0xe7, 0x2f, 0x49, 0xb6, 0x63, 0x25, 0xfa, 0x8c, 0x14, + 0x20, 0x32, 0x10, 0x38, 0x8a, 0x6c, 0x18, 0x31, 0x12, 0x21, 0xce, 0xaf, 0x7c, 0x21, 0x3f, 0x6c, + 0xe5, 0x87, 0x82, 0x04, 0x88, 0x80, 0x18, 0x96, 0x13, 0x27, 0xf4, 0x89, 0x41, 0xe0, 0xc4, 0x40, + 0x1c, 0xc4, 0xf1, 0x9f, 0x2c, 0xf2, 0xc3, 0xa8, 0xef, 0xea, 0x9e, 0x99, 0xe5, 0xcc, 0xb2, 0xb9, + 0xbb, 0x12, 0xee, 0xdf, 0xcc, 0x7b, 0xaf, 0xdf, 0x7b, 0x5d, 0x5d, 0xf5, 0xea, 0x55, 0xd5, 0x7b, 0xaf, 0x60, 0xb5, 0xe1, 0x25, 0xbb, 0xed, 0x9d, 0x39, 0x37, 0x6c, 0xce, 0x3b, 0x51, 0x23, 0x6c, - 0x45, 0xe1, 0x5d, 0xf6, 0xe3, 0x35, 0xb7, 0x36, 0xbf, 0x7f, 0x65, 0xbe, 0xb5, 0xd7, 0x98, 0x77, - 0x5a, 0x5e, 0x3c, 0xef, 0xb4, 0x5a, 0xbe, 0xe7, 0x3a, 0x89, 0x17, 0x06, 0xf3, 0xfb, 0xaf, 0x3b, - 0x7e, 0x6b, 0xd7, 0x79, 0x7d, 0xbe, 0x41, 0x02, 0x12, 0x39, 0x09, 0xa9, 0xcd, 0xb5, 0xa2, 0x30, - 0x09, 0xd1, 0x4f, 0x68, 0x6e, 0x73, 0x92, 0x1b, 0xfb, 0xf1, 0x29, 0xb7, 0x36, 0xb7, 0x7f, 0x65, - 0xae, 0xb5, 0xd7, 0x98, 0xa3, 0xdc, 0xe6, 0x0c, 0x6e, 0x73, 0x92, 0xdb, 0xc5, 0xd7, 0x0c, 0x5d, + 0x45, 0xe1, 0x5d, 0xf6, 0xe3, 0x65, 0xb7, 0x36, 0xbf, 0x7f, 0x65, 0xbe, 0xb5, 0xd7, 0x98, 0x77, + 0x5a, 0x5e, 0x3c, 0xef, 0xb4, 0x5a, 0xbe, 0xe7, 0x3a, 0x89, 0x17, 0x06, 0xf3, 0xfb, 0xaf, 0x38, + 0x7e, 0x6b, 0xd7, 0x79, 0x65, 0xbe, 0x41, 0x02, 0x12, 0x39, 0x09, 0xa9, 0xcd, 0xb5, 0xa2, 0x30, + 0x09, 0xd1, 0x4f, 0x68, 0x6e, 0x73, 0x92, 0x1b, 0xfb, 0xf1, 0x49, 0xb7, 0x36, 0xb7, 0x7f, 0x65, + 0xae, 0xb5, 0xd7, 0x98, 0xa3, 0xdc, 0xe6, 0x0c, 0x6e, 0x73, 0x92, 0xdb, 0xc5, 0x97, 0x0d, 0x5d, 0x1a, 0x61, 0x23, 0x9c, 0x67, 0x4c, 0x77, 0xda, 0x75, 0xf6, 0x8f, 0xfd, 0x61, 0xbf, 0xb8, 0xb0, - 0x8b, 0xf6, 0xde, 0x9b, 0xf1, 0x9c, 0x17, 0x52, 0xf5, 0xe6, 0xdd, 0x30, 0x22, 0xf3, 0xfb, 0x5d, - 0x0a, 0x5d, 0xbc, 0xae, 0x69, 0xc8, 0x41, 0x42, 0x82, 0xd8, 0x0b, 0x83, 0xf8, 0x35, 0xaa, 0x02, - 0x89, 0xf6, 0x49, 0x64, 0xbe, 0x9e, 0x41, 0xd0, 0x8b, 0xd3, 0x1b, 0x9a, 0x53, 0xd3, 0x71, 0x77, + 0x8b, 0xf6, 0xde, 0x6b, 0xf1, 0x9c, 0x17, 0x52, 0xf5, 0xe6, 0xdd, 0x30, 0x22, 0xf3, 0xfb, 0x5d, + 0x0a, 0x5d, 0xbc, 0xae, 0x69, 0xc8, 0x41, 0x42, 0x82, 0xd8, 0x0b, 0x83, 0xf8, 0x65, 0xaa, 0x02, + 0x89, 0xf6, 0x49, 0x64, 0xbe, 0x9e, 0x41, 0xd0, 0x8b, 0xd3, 0xab, 0x9a, 0x53, 0xd3, 0x71, 0x77, 0xbd, 0x80, 0x44, 0x1d, 0xfd, 0x78, 0x93, 0x24, 0x4e, 0xaf, 0xa7, 0xe6, 0xfb, 0x3d, 0x15, 0xb5, - 0x83, 0xc4, 0x6b, 0x92, 0xae, 0x07, 0x3e, 0x72, 0xdc, 0x03, 0xb1, 0xbb, 0x4b, 0x9a, 0x4e, 0xf6, - 0x39, 0xfb, 0x1e, 0x4c, 0x2e, 0xdc, 0xd9, 0x5a, 0x68, 0x27, 0xbb, 0x8b, 0x61, 0x50, 0xf7, 0x1a, - 0xe8, 0xc3, 0x30, 0xee, 0xfa, 0xed, 0x38, 0x21, 0xd1, 0xba, 0xd3, 0x24, 0x33, 0xd6, 0x65, 0xeb, - 0x95, 0x4a, 0xf5, 0xdc, 0x77, 0x0e, 0x67, 0x9f, 0x39, 0x3a, 0x9c, 0x1d, 0x5f, 0xd4, 0x28, 0x6c, - 0xd2, 0xa1, 0x1f, 0x85, 0xb1, 0x28, 0xf4, 0xc9, 0x02, 0x5e, 0x9f, 0x29, 0xb0, 0x47, 0xce, 0x88, - 0x47, 0xc6, 0x30, 0x07, 0x63, 0x89, 0xb7, 0x7f, 0xbf, 0x00, 0xb0, 0xd0, 0x6a, 0x6d, 0x46, 0xe1, - 0x5d, 0xe2, 0x26, 0xe8, 0xd3, 0x50, 0xa6, 0xad, 0x50, 0x73, 0x12, 0x87, 0x49, 0x1b, 0xbf, 0xf2, - 0x97, 0xe7, 0xf8, 0xcb, 0xcc, 0x99, 0x2f, 0xa3, 0xfb, 0x00, 0xa5, 0x9e, 0xdb, 0x7f, 0x7d, 0x6e, - 0x63, 0x87, 0x3e, 0xbf, 0x46, 0x12, 0xa7, 0x8a, 0x84, 0x30, 0xd0, 0x30, 0xac, 0xb8, 0xa2, 0x00, - 0x46, 0xe2, 0x16, 0x71, 0x99, 0x62, 0xe3, 0x57, 0x56, 0xe7, 0x4e, 0xd2, 0xd9, 0xe6, 0xb4, 0xe6, - 0x5b, 0x2d, 0xe2, 0x56, 0x27, 0x84, 0xe4, 0x11, 0xfa, 0x0f, 0x33, 0x39, 0x68, 0x1f, 0x46, 0xe3, - 0xc4, 0x49, 0xda, 0xf1, 0x4c, 0x91, 0x49, 0x5c, 0xcf, 0x4d, 0x22, 0xe3, 0x5a, 0x9d, 0x12, 0x32, - 0x47, 0xf9, 0x7f, 0x2c, 0xa4, 0xd9, 0xff, 0xc5, 0x82, 0x29, 0x4d, 0xbc, 0xea, 0xc5, 0x09, 0xfa, - 0x99, 0xae, 0xc6, 0x9d, 0x1b, 0xac, 0x71, 0xe9, 0xd3, 0xac, 0x69, 0xcf, 0x0a, 0x61, 0x65, 0x09, - 0x31, 0x1a, 0xb6, 0x09, 0x25, 0x2f, 0x21, 0xcd, 0x78, 0xa6, 0x70, 0xb9, 0xf8, 0xca, 0xf8, 0x95, - 0xeb, 0x79, 0xbd, 0x67, 0x75, 0x52, 0x08, 0x2d, 0xad, 0x50, 0xf6, 0x98, 0x4b, 0xb1, 0x7f, 0x6b, - 0xc2, 0x7c, 0x3f, 0xda, 0xe0, 0xe8, 0x75, 0x18, 0x8f, 0xc3, 0x76, 0xe4, 0x12, 0x4c, 0x5a, 0x61, - 0x3c, 0x63, 0x5d, 0x2e, 0xd2, 0xae, 0x47, 0x7b, 0xea, 0x96, 0x06, 0x63, 0x93, 0x06, 0x7d, 0xd9, - 0x82, 0x89, 0x1a, 0x89, 0x13, 0x2f, 0x60, 0xf2, 0xa5, 0xf2, 0xdb, 0x27, 0x56, 0x5e, 0x02, 0x97, - 0x34, 0xf3, 0xea, 0x79, 0xf1, 0x22, 0x13, 0x06, 0x30, 0xc6, 0x29, 0xf9, 0x74, 0xc4, 0xd5, 0x48, - 0xec, 0x46, 0x5e, 0x8b, 0xfe, 0x67, 0x7d, 0xc6, 0x18, 0x71, 0x4b, 0x1a, 0x85, 0x4d, 0x3a, 0x14, - 0x40, 0x89, 0x8e, 0xa8, 0x78, 0x66, 0x84, 0xe9, 0xbf, 0x72, 0x32, 0xfd, 0x45, 0xa3, 0xd2, 0xc1, - 0xaa, 0x5b, 0x9f, 0xfe, 0x8b, 0x31, 0x17, 0x83, 0xbe, 0x64, 0xc1, 0x8c, 0x18, 0xf1, 0x98, 0xf0, - 0x06, 0xbd, 0xb3, 0xeb, 0x25, 0xc4, 0xf7, 0xe2, 0x64, 0xa6, 0xc4, 0x74, 0x98, 0x1f, 0xac, 0x6f, - 0x2d, 0x47, 0x61, 0xbb, 0x75, 0xd3, 0x0b, 0x6a, 0xd5, 0xcb, 0x42, 0xd2, 0xcc, 0x62, 0x1f, 0xc6, - 0xb8, 0xaf, 0x48, 0xf4, 0x75, 0x0b, 0x2e, 0x06, 0x4e, 0x93, 0xc4, 0x2d, 0x87, 0x7e, 0x5a, 0x8e, - 0xae, 0xfa, 0x8e, 0xbb, 0xc7, 0x34, 0x1a, 0x7d, 0x34, 0x8d, 0x6c, 0xa1, 0xd1, 0xc5, 0xf5, 0xbe, - 0xac, 0xf1, 0x43, 0xc4, 0xa2, 0x5f, 0xb7, 0x60, 0x3a, 0x8c, 0x5a, 0xbb, 0x4e, 0x40, 0x6a, 0x12, - 0x1b, 0xcf, 0x8c, 0xb1, 0xa1, 0xf7, 0xc9, 0x93, 0x7d, 0xa2, 0x8d, 0x2c, 0xdb, 0xb5, 0x30, 0xf0, - 0x92, 0x30, 0xda, 0x22, 0x49, 0xe2, 0x05, 0x8d, 0xb8, 0x7a, 0xe1, 0xe8, 0x70, 0x76, 0xba, 0x8b, - 0x0a, 0x77, 0xeb, 0x83, 0x7e, 0x16, 0xc6, 0xe3, 0x4e, 0xe0, 0xde, 0xf1, 0x82, 0x5a, 0x78, 0x3f, - 0x9e, 0x29, 0xe7, 0x31, 0x7c, 0xb7, 0x14, 0x43, 0x31, 0x00, 0xb5, 0x00, 0x6c, 0x4a, 0xeb, 0xfd, - 0xe1, 0x74, 0x57, 0xaa, 0xe4, 0xfd, 0xe1, 0x74, 0x67, 0x7a, 0x88, 0x58, 0xf4, 0xab, 0x16, 0x4c, - 0xc6, 0x5e, 0x23, 0x70, 0x92, 0x76, 0x44, 0x6e, 0x92, 0x4e, 0x3c, 0x03, 0x4c, 0x91, 0x1b, 0x27, - 0x6c, 0x15, 0x83, 0x65, 0xf5, 0x82, 0xd0, 0x71, 0xd2, 0x84, 0xc6, 0x38, 0x2d, 0xb7, 0xd7, 0x40, - 0xd3, 0xdd, 0x7a, 0x3c, 0xdf, 0x81, 0xa6, 0x3b, 0x75, 0x5f, 0x91, 0xe8, 0xa7, 0xe0, 0x2c, 0x07, - 0xa9, 0x96, 0x8d, 0x67, 0x26, 0x98, 0xa1, 0x3d, 0x7f, 0x74, 0x38, 0x7b, 0x76, 0x2b, 0x83, 0xc3, - 0x5d, 0xd4, 0xe8, 0x1e, 0xcc, 0xb6, 0x48, 0xd4, 0xf4, 0x92, 0x8d, 0xc0, 0xef, 0x48, 0xf3, 0xed, - 0x86, 0x2d, 0x52, 0x13, 0xea, 0xc4, 0x33, 0x93, 0x97, 0xad, 0x57, 0xca, 0xd5, 0x0f, 0x0a, 0x35, - 0x67, 0x37, 0x1f, 0x4e, 0x8e, 0x8f, 0xe3, 0x67, 0xff, 0x9b, 0x02, 0x9c, 0xcd, 0x4e, 0x9c, 0xe8, - 0x37, 0x2d, 0x38, 0x73, 0xf7, 0x7e, 0xb2, 0x1d, 0xee, 0x91, 0x20, 0xae, 0x76, 0xa8, 0x79, 0x63, - 0x53, 0xc6, 0xf8, 0x15, 0x37, 0xdf, 0x29, 0x7a, 0xee, 0x46, 0x5a, 0xca, 0xd5, 0x20, 0x89, 0x3a, - 0xd5, 0xe7, 0xc4, 0xdb, 0x9d, 0xb9, 0x71, 0x67, 0xdb, 0xc4, 0xe2, 0xac, 0x52, 0x17, 0xbf, 0x60, - 0xc1, 0xf9, 0x5e, 0x2c, 0xd0, 0x59, 0x28, 0xee, 0x91, 0x0e, 0xf7, 0xca, 0x30, 0xfd, 0x89, 0x3e, - 0x01, 0xa5, 0x7d, 0xc7, 0x6f, 0x13, 0xe1, 0xdd, 0x2c, 0x9f, 0xec, 0x45, 0x94, 0x66, 0x98, 0x73, - 0xfd, 0xf1, 0xc2, 0x9b, 0x96, 0xfd, 0xef, 0x8b, 0x30, 0x6e, 0xcc, 0x6f, 0x8f, 0xc1, 0x63, 0x0b, - 0x53, 0x1e, 0xdb, 0x5a, 0x6e, 0x53, 0x73, 0x5f, 0x97, 0xed, 0x7e, 0xc6, 0x65, 0xdb, 0xc8, 0x4f, - 0xe4, 0x43, 0x7d, 0x36, 0x94, 0x40, 0x25, 0x6c, 0x51, 0x8f, 0x9c, 0x4e, 0xfd, 0x23, 0x79, 0x7c, - 0xc2, 0x0d, 0xc9, 0xae, 0x3a, 0x79, 0x74, 0x38, 0x5b, 0x51, 0x7f, 0xb1, 0x16, 0x64, 0x7f, 0xcf, - 0x82, 0xf3, 0x86, 0x8e, 0x8b, 0x61, 0x50, 0xf3, 0xd8, 0xa7, 0xbd, 0x0c, 0x23, 0x49, 0xa7, 0x25, - 0xdd, 0x7e, 0xd5, 0x52, 0xdb, 0x9d, 0x16, 0xc1, 0x0c, 0x43, 0x1d, 0xfd, 0x26, 0x89, 0x63, 0xa7, - 0x41, 0xb2, 0x8e, 0xfe, 0x1a, 0x07, 0x63, 0x89, 0x47, 0x11, 0x20, 0xdf, 0x89, 0x93, 0xed, 0xc8, - 0x09, 0x62, 0xc6, 0x7e, 0xdb, 0x6b, 0x12, 0xd1, 0xc0, 0x7f, 0x69, 0xb0, 0x1e, 0x43, 0x9f, 0xa8, - 0x3e, 0x7b, 0x74, 0x38, 0x8b, 0x56, 0xbb, 0x38, 0xe1, 0x1e, 0xdc, 0xed, 0xaf, 0x5b, 0xf0, 0x6c, - 0x6f, 0x5f, 0x0c, 0x7d, 0x00, 0x46, 0xf9, 0xea, 0x4d, 0xbc, 0x9d, 0xfe, 0x24, 0x0c, 0x8a, 0x05, - 0x16, 0xcd, 0x43, 0x45, 0xcd, 0x13, 0xe2, 0x1d, 0xa7, 0x05, 0x69, 0x45, 0x4f, 0x2e, 0x9a, 0x86, - 0x36, 0x1a, 0xfd, 0x23, 0x3c, 0x37, 0xd5, 0x68, 0x6c, 0x91, 0xc4, 0x30, 0xf6, 0x1f, 0x59, 0x70, - 0xc6, 0xd0, 0xea, 0x31, 0xb8, 0xe6, 0x41, 0xda, 0x35, 0x5f, 0xc9, 0xad, 0x3f, 0xf7, 0xf1, 0xcd, - 0x8f, 0x0a, 0xcc, 0x37, 0x57, 0xbd, 0x9e, 0x3c, 0x8e, 0x85, 0x5d, 0x94, 0x32, 0x13, 0x9b, 0xf9, - 0x8d, 0x59, 0xd2, 0x7f, 0x71, 0xf7, 0x5e, 0xc6, 0x52, 0xe0, 0x5c, 0xa5, 0x3e, 0x7c, 0x81, 0xf7, - 0x27, 0x05, 0x78, 0x2e, 0xfd, 0x80, 0x1e, 0xb9, 0x1f, 0x4d, 0x8d, 0xdc, 0x0f, 0x99, 0x23, 0xf7, - 0xc1, 0xe1, 0xec, 0x0b, 0x7d, 0x1e, 0xfb, 0x0b, 0x33, 0xb0, 0xd1, 0xb2, 0x6a, 0xf7, 0x11, 0xa6, - 0xdd, 0x7c, 0xba, 0x8d, 0x1e, 0x1c, 0xce, 0xbe, 0xd4, 0xe7, 0x1d, 0x33, 0x16, 0xf7, 0x03, 0x30, - 0x1a, 0x11, 0x27, 0x0e, 0x83, 0x99, 0x52, 0xda, 0x0c, 0x60, 0x06, 0xc5, 0x02, 0x6b, 0xff, 0x51, - 0x39, 0xdb, 0xd8, 0xcb, 0x7c, 0xef, 0x24, 0x8c, 0x90, 0x07, 0x23, 0xcc, 0x1b, 0xe3, 0xdd, 0xfa, - 0xe6, 0xc9, 0xba, 0x00, 0x1d, 0xbd, 0x8a, 0x75, 0xb5, 0x4c, 0xbf, 0x1a, 0x05, 0x61, 0x26, 0x02, - 0x1d, 0x40, 0xd9, 0x95, 0x4e, 0x52, 0x21, 0x8f, 0xed, 0x04, 0xe1, 0x22, 0x69, 0x89, 0x13, 0xd4, - 0x84, 0x28, 0xcf, 0x4a, 0x49, 0x43, 0x04, 0x8a, 0x0d, 0x2f, 0x11, 0x9f, 0xf5, 0x84, 0x6e, 0xf0, - 0xb2, 0x67, 0xbc, 0xe2, 0xd8, 0xd1, 0xe1, 0x6c, 0x71, 0xd9, 0x4b, 0x30, 0xe5, 0x8f, 0x7e, 0xc5, - 0x82, 0xf1, 0xd8, 0x6d, 0x6e, 0x46, 0xe1, 0xbe, 0x57, 0x23, 0x91, 0x98, 0x04, 0x4f, 0x38, 0xac, - 0xb6, 0x16, 0xd7, 0x24, 0x43, 0x2d, 0x97, 0x2f, 0x4b, 0x34, 0x06, 0x9b, 0x72, 0xa9, 0x73, 0xf8, - 0x9c, 0x78, 0xf7, 0x25, 0xe2, 0x7a, 0x31, 0x9d, 0x32, 0x85, 0x2f, 0xcc, 0x7a, 0xca, 0x89, 0x9d, - 0x82, 0xa5, 0xb6, 0xbb, 0x47, 0xc7, 0x9b, 0x56, 0xe8, 0x85, 0xa3, 0xc3, 0xd9, 0xe7, 0x16, 0x7b, - 0xcb, 0xc4, 0xfd, 0x94, 0x61, 0x0d, 0xd6, 0x6a, 0xfb, 0x3e, 0x26, 0xf7, 0xda, 0x84, 0xad, 0x74, - 0x73, 0x68, 0xb0, 0x4d, 0xcd, 0x30, 0xd3, 0x60, 0x06, 0x06, 0x9b, 0x72, 0xd1, 0x3d, 0x18, 0x6d, - 0x3a, 0x49, 0xe4, 0x1d, 0x88, 0xe5, 0xed, 0x09, 0xdd, 0xb4, 0x35, 0xc6, 0x4b, 0x0b, 0x07, 0x3a, - 0x26, 0x39, 0x10, 0x0b, 0x41, 0xa8, 0x09, 0xa5, 0x26, 0x89, 0x1a, 0x64, 0xa6, 0x9c, 0xc7, 0x56, - 0xde, 0x1a, 0x65, 0xa5, 0x05, 0x56, 0xe8, 0xa4, 0xc6, 0x60, 0x98, 0x4b, 0x41, 0x9f, 0x80, 0x72, - 0x4c, 0x7c, 0xe2, 0x26, 0x61, 0x34, 0x53, 0x61, 0x12, 0x7f, 0x6c, 0xc0, 0x29, 0xda, 0xd9, 0x21, - 0xfe, 0x96, 0x78, 0x94, 0x0f, 0x30, 0xf9, 0x0f, 0x2b, 0x96, 0xf6, 0x7f, 0xb3, 0x00, 0xa5, 0x2d, - 0xcc, 0x63, 0x70, 0x0c, 0xee, 0xa5, 0x1d, 0x83, 0xd5, 0x3c, 0xa7, 0xaf, 0x3e, 0xbe, 0xc1, 0x77, - 0xca, 0x90, 0xb1, 0xcd, 0xeb, 0x24, 0x4e, 0x48, 0xed, 0x7d, 0x7b, 0xfa, 0xbe, 0x3d, 0x7d, 0xdf, - 0x9e, 0x2a, 0x7b, 0xba, 0x93, 0xb1, 0xa7, 0x6f, 0x1b, 0xa3, 0x5e, 0xc7, 0x98, 0x3e, 0xa5, 0x82, - 0x50, 0xa6, 0x06, 0x06, 0x01, 0xb5, 0x04, 0x37, 0xb6, 0x36, 0xd6, 0x7b, 0x1a, 0xd0, 0x4f, 0xa5, - 0x0d, 0xe8, 0x49, 0x45, 0x3c, 0x76, 0x93, 0x79, 0x54, 0xcc, 0x9a, 0x4c, 0x16, 0x06, 0xb8, 0x02, - 0xd0, 0x08, 0xb7, 0x49, 0xb3, 0xe5, 0x3b, 0x09, 0x77, 0x81, 0xcb, 0x7a, 0xe9, 0xb0, 0xac, 0x30, - 0xd8, 0xa0, 0x42, 0x7f, 0xdd, 0x02, 0x68, 0xc8, 0x4f, 0x23, 0xcd, 0xe1, 0xad, 0x3c, 0xcd, 0xa1, - 0xfe, 0xf0, 0x5a, 0x17, 0x25, 0x10, 0x1b, 0xc2, 0xd1, 0xe7, 0x2c, 0x28, 0x27, 0x52, 0x7d, 0x6e, - 0x20, 0xb6, 0xf3, 0xd4, 0x44, 0xbe, 0xb4, 0x9e, 0x19, 0x54, 0x93, 0x28, 0xb9, 0xe8, 0xaf, 0x59, - 0x00, 0x71, 0x27, 0x70, 0x37, 0x43, 0xdf, 0x73, 0x3b, 0xc2, 0x6e, 0xdc, 0xce, 0x75, 0x79, 0xa3, - 0xb8, 0x57, 0xa7, 0x68, 0x6b, 0xe8, 0xff, 0xd8, 0x90, 0x6c, 0x7f, 0x2b, 0xbd, 0x3b, 0xa1, 0xd6, - 0x45, 0xec, 0x93, 0xb9, 0xd2, 0xad, 0x8f, 0xc5, 0xd6, 0x5d, 0xae, 0x9f, 0x4c, 0x2d, 0x1a, 0xf4, - 0x27, 0x53, 0xa0, 0x18, 0x1b, 0xc2, 0xed, 0xcf, 0x5a, 0x30, 0xd3, 0xef, 0xed, 0x10, 0x81, 0x17, - 0x5a, 0x11, 0x61, 0x63, 0x48, 0x6d, 0xba, 0x6f, 0x04, 0x4b, 0xc4, 0x27, 0x6c, 0x9f, 0x87, 0x77, - 0xd0, 0x97, 0x85, 0x84, 0x17, 0x36, 0xfb, 0x93, 0xe2, 0x87, 0xf1, 0xb1, 0x7f, 0xa3, 0x90, 0xda, - 0xec, 0x30, 0x3e, 0x34, 0xfa, 0x86, 0xd5, 0xe5, 0x45, 0xfc, 0xf4, 0x69, 0xf4, 0x28, 0xe6, 0x6f, - 0xa8, 0xbd, 0xf7, 0xfe, 0x34, 0x4f, 0x70, 0x73, 0xcf, 0xfe, 0x77, 0x23, 0xf0, 0x10, 0xcd, 0xd4, - 0xf6, 0x8d, 0xd5, 0x6f, 0xfb, 0x66, 0xf8, 0x1d, 0xa1, 0x2f, 0x5a, 0x30, 0xea, 0x53, 0x83, 0x16, - 0xcf, 0x14, 0x59, 0x27, 0xad, 0x9d, 0x56, 0xdb, 0x73, 0xbb, 0x19, 0xf3, 0x0d, 0x66, 0xb5, 0x94, - 0xe5, 0x40, 0x2c, 0x74, 0x40, 0xdf, 0xb4, 0x60, 0xdc, 0x09, 0x82, 0x30, 0x11, 0x11, 0x4f, 0x1e, - 0x31, 0xf4, 0x4e, 0x4d, 0xa7, 0x05, 0x2d, 0x8b, 0x2b, 0xa6, 0xa2, 0x99, 0x06, 0x06, 0x9b, 0x2a, - 0xa1, 0x39, 0x80, 0xba, 0x17, 0x38, 0xbe, 0xf7, 0x1e, 0x75, 0xcc, 0x4a, 0x2c, 0xbc, 0xc0, 0x6c, - 0xc4, 0x35, 0x05, 0xc5, 0x06, 0xc5, 0xc5, 0xbf, 0x0a, 0xe3, 0xc6, 0x9b, 0xf7, 0xd8, 0x17, 0x3f, - 0x6f, 0xee, 0x8b, 0x57, 0x8c, 0xed, 0xec, 0x8b, 0x6f, 0xc3, 0xd9, 0xac, 0x82, 0xc3, 0x3c, 0x6f, - 0xff, 0xe6, 0x28, 0xcc, 0x66, 0x5f, 0x3e, 0x6a, 0x52, 0xd5, 0xde, 0x77, 0x68, 0xdf, 0x77, 0x68, - 0xdf, 0x77, 0x68, 0xe5, 0x1f, 0xfb, 0x77, 0x4b, 0x30, 0x6d, 0x0e, 0x14, 0xae, 0xdd, 0x8f, 0xc2, - 0x58, 0x44, 0x5a, 0xe1, 0x2d, 0xbc, 0x2a, 0x2c, 0xae, 0xce, 0x14, 0xe2, 0x60, 0x2c, 0xf1, 0xd4, - 0x32, 0xb7, 0x9c, 0x64, 0x57, 0x98, 0x5c, 0x65, 0x99, 0x37, 0x9d, 0x64, 0x17, 0x33, 0x0c, 0x7a, - 0x1b, 0xa6, 0x12, 0x27, 0x6a, 0x90, 0x04, 0x93, 0x7d, 0xd6, 0x08, 0x62, 0x77, 0xf0, 0x59, 0x41, - 0x3b, 0xb5, 0x9d, 0xc2, 0xe2, 0x0c, 0x35, 0xba, 0x07, 0x23, 0xbb, 0xc4, 0x6f, 0x0a, 0x8f, 0x7b, - 0x2b, 0x3f, 0x8b, 0xc8, 0xde, 0xf5, 0x3a, 0xf1, 0x9b, 0x7c, 0xbc, 0xd2, 0x5f, 0x98, 0x89, 0xa2, - 0x5f, 0xa7, 0xb2, 0xd7, 0x8e, 0x93, 0xb0, 0xe9, 0xbd, 0x27, 0xfd, 0xf0, 0x9f, 0xce, 0x59, 0xf0, - 0x4d, 0xc9, 0x9f, 0xc7, 0x80, 0xd4, 0x5f, 0xac, 0x25, 0x33, 0x3d, 0x6a, 0x5e, 0xc4, 0xfc, 0xea, - 0xce, 0x0c, 0x9c, 0x8a, 0x1e, 0x4b, 0x92, 0x3f, 0xd7, 0x43, 0xfd, 0xc5, 0x5a, 0x32, 0xea, 0xc0, - 0x68, 0xcb, 0x6f, 0x37, 0xbc, 0x60, 0x66, 0x9c, 0xe9, 0x70, 0x2b, 0x67, 0x1d, 0x36, 0x19, 0x73, - 0xbe, 0x1a, 0xe2, 0xbf, 0xb1, 0x10, 0x88, 0x5e, 0x86, 0x92, 0xbb, 0xeb, 0x44, 0xc9, 0xcc, 0x04, - 0xeb, 0x34, 0x6a, 0xf7, 0x62, 0x91, 0x02, 0x31, 0xc7, 0xd9, 0x7f, 0xaf, 0x90, 0xf6, 0x1e, 0xd2, - 0x2f, 0xc6, 0xbb, 0xb3, 0xdb, 0x8e, 0x62, 0xb9, 0xee, 0x30, 0xba, 0x33, 0x03, 0x63, 0x89, 0x47, - 0x9f, 0xb5, 0x60, 0xec, 0x6e, 0x1c, 0x06, 0x01, 0x49, 0x84, 0xa5, 0xbe, 0x9d, 0xf3, 0xbb, 0xde, - 0xe0, 0xdc, 0xb5, 0x0e, 0x02, 0x80, 0xa5, 0x5c, 0xaa, 0x2e, 0x39, 0x70, 0xfd, 0x76, 0x4d, 0x86, - 0xab, 0x14, 0xe9, 0x55, 0x0e, 0xc6, 0x12, 0x4f, 0x49, 0xbd, 0x80, 0x93, 0x8e, 0xa4, 0x49, 0x57, - 0x02, 0x41, 0x2a, 0xf0, 0xf6, 0x3f, 0x2e, 0xc1, 0x85, 0x9e, 0xbd, 0x9f, 0xce, 0xeb, 0x6c, 0xe6, - 0xbc, 0xe6, 0xf9, 0x44, 0xe6, 0x67, 0xb1, 0x79, 0xfd, 0xb6, 0x82, 0x62, 0x83, 0x02, 0xfd, 0x22, - 0x40, 0xcb, 0x89, 0x9c, 0x26, 0x11, 0xf3, 0x59, 0xf1, 0xe4, 0xd3, 0x27, 0xd5, 0x63, 0x53, 0xf2, - 0xd4, 0x7e, 0xbd, 0x02, 0xc5, 0xd8, 0x10, 0x89, 0x3e, 0x0c, 0xe3, 0x11, 0xf1, 0x89, 0x13, 0xb3, - 0x04, 0x86, 0x6c, 0x36, 0x16, 0xd6, 0x28, 0x6c, 0xd2, 0xa1, 0x0f, 0xc0, 0x28, 0x7b, 0x0b, 0x19, - 0x9e, 0x50, 0xae, 0x18, 0x7b, 0xcf, 0x18, 0x0b, 0x2c, 0xfa, 0x8a, 0x05, 0x53, 0x75, 0xcf, 0x27, - 0x5a, 0xba, 0xc8, 0x9d, 0xda, 0x38, 0xf9, 0x4b, 0x5e, 0x33, 0xf9, 0x6a, 0x13, 0x98, 0x02, 0xc7, - 0x38, 0x23, 0x9e, 0x7e, 0xe6, 0x7d, 0x12, 0x31, 0xdb, 0x39, 0x9a, 0xfe, 0xcc, 0xb7, 0x39, 0x18, - 0x4b, 0x3c, 0x5a, 0x80, 0x33, 0x2d, 0x27, 0x8e, 0x17, 0x23, 0x52, 0x23, 0x41, 0xe2, 0x39, 0x3e, - 0xcf, 0x6c, 0x2a, 0xeb, 0xcc, 0x86, 0xcd, 0x34, 0x1a, 0x67, 0xe9, 0xd1, 0xc7, 0xe0, 0x39, 0xaf, - 0x11, 0x84, 0x11, 0x59, 0xf3, 0xe2, 0xd8, 0x0b, 0x1a, 0xba, 0x1b, 0x30, 0x53, 0x58, 0xae, 0xce, - 0x0a, 0x56, 0xcf, 0xad, 0xf4, 0x26, 0xc3, 0xfd, 0x9e, 0x47, 0xaf, 0x42, 0x39, 0xde, 0xf3, 0x5a, - 0x8b, 0x51, 0x2d, 0x66, 0x5b, 0x0f, 0x65, 0xbd, 0xda, 0xdd, 0x12, 0x70, 0xac, 0x28, 0xec, 0x5f, - 0x2b, 0xa4, 0xd7, 0x6f, 0xe6, 0xf8, 0x41, 0x31, 0x1d, 0x25, 0xc9, 0x6d, 0x27, 0x92, 0x8b, 0xcc, - 0x13, 0xe6, 0x46, 0x09, 0xbe, 0xb7, 0x9d, 0xc8, 0x1c, 0x6f, 0x4c, 0x00, 0x96, 0x92, 0xd0, 0x5d, - 0x18, 0x49, 0x7c, 0x27, 0xa7, 0x64, 0x4a, 0x43, 0xa2, 0x8e, 0xe2, 0xaf, 0x2e, 0xc4, 0x98, 0xc9, - 0x40, 0x2f, 0x52, 0xff, 0x74, 0x87, 0xaf, 0x4e, 0x2a, 0xd2, 0xa5, 0xdc, 0x89, 0x31, 0x83, 0xda, - 0xff, 0x6b, 0xb4, 0x87, 0xc9, 0x53, 0x93, 0x08, 0xba, 0x02, 0x40, 0x97, 0x3a, 0x9b, 0x11, 0xa9, - 0x7b, 0x07, 0x62, 0x12, 0x57, 0xc3, 0x6a, 0x5d, 0x61, 0xb0, 0x41, 0x25, 0x9f, 0xd9, 0x6a, 0xd7, - 0xe9, 0x33, 0x85, 0xee, 0x67, 0x38, 0x06, 0x1b, 0x54, 0xe8, 0x0d, 0x18, 0xf5, 0x9a, 0x4e, 0x83, - 0x48, 0x35, 0x5f, 0xa4, 0xe3, 0x69, 0x85, 0x41, 0x1e, 0x1c, 0xce, 0x4e, 0x29, 0x85, 0x18, 0x08, - 0x0b, 0x5a, 0xf4, 0x1b, 0x16, 0x4c, 0xb8, 0x61, 0xb3, 0x19, 0x06, 0x7c, 0x81, 0x20, 0x56, 0x3b, - 0x77, 0x4f, 0x6b, 0x8a, 0x9d, 0x5b, 0x34, 0x84, 0xf1, 0xe5, 0x8e, 0xca, 0xfa, 0x34, 0x51, 0x38, - 0xa5, 0x95, 0x39, 0xec, 0x4a, 0xc7, 0x0c, 0xbb, 0x7f, 0x66, 0xc1, 0x34, 0x7f, 0xd6, 0x58, 0xb7, - 0x88, 0x04, 0xc7, 0xf0, 0x94, 0x5f, 0xab, 0x6b, 0x29, 0xf7, 0xbc, 0x50, 0x73, 0xba, 0x0b, 0x8f, - 0xbb, 0x95, 0x44, 0xcb, 0x30, 0x5d, 0x0f, 0x23, 0x97, 0x98, 0x0d, 0x21, 0x6c, 0x86, 0x62, 0x74, - 0x2d, 0x4b, 0x80, 0xbb, 0x9f, 0x41, 0xb7, 0xe1, 0x59, 0x03, 0x68, 0xb6, 0x03, 0x37, 0x1b, 0x97, - 0x04, 0xb7, 0x67, 0xaf, 0xf5, 0xa4, 0xc2, 0x7d, 0x9e, 0xbe, 0xf8, 0x51, 0x98, 0xee, 0xfa, 0x7e, - 0x43, 0xad, 0x26, 0x97, 0xe0, 0xd9, 0xde, 0x2d, 0x35, 0xd4, 0x9a, 0xf2, 0xef, 0x58, 0xe9, 0x60, - 0xb3, 0xe1, 0xb9, 0x0c, 0xb0, 0x3f, 0xe1, 0x40, 0x91, 0x04, 0xfb, 0xc2, 0x70, 0x5c, 0x3b, 0x59, - 0x8f, 0xb8, 0x1a, 0xec, 0xf3, 0x0f, 0xcd, 0x16, 0x61, 0x57, 0x83, 0x7d, 0x4c, 0x79, 0xdb, 0x7f, - 0x73, 0x34, 0x95, 0xc1, 0xb2, 0x25, 0x93, 0xa6, 0xf8, 0xf2, 0xc7, 0xca, 0x3b, 0x69, 0x8a, 0xa7, - 0x20, 0xea, 0x3c, 0x08, 0xbe, 0xe2, 0x11, 0xe2, 0xd0, 0x17, 0x2c, 0x96, 0x32, 0x2d, 0x33, 0x7b, - 0x84, 0x33, 0x75, 0x3a, 0x19, 0xdc, 0x66, 0x22, 0xb6, 0x04, 0x62, 0x53, 0x3a, 0x1d, 0xc9, 0x2d, - 0x9e, 0xfc, 0x97, 0x75, 0xa9, 0x64, 0x52, 0xb5, 0xc4, 0xa3, 0x83, 0x1e, 0x3b, 0xac, 0x39, 0xa4, - 0xdd, 0x1e, 0xbf, 0xa7, 0x8a, 0xbe, 0x69, 0xc1, 0x34, 0x9f, 0x38, 0x97, 0xbc, 0x7a, 0x9d, 0x44, - 0x24, 0x70, 0x89, 0x74, 0x3d, 0xee, 0x9c, 0x4c, 0x03, 0xb9, 0xee, 0x5c, 0xc9, 0xb2, 0xd7, 0x43, - 0xbc, 0x0b, 0x85, 0xbb, 0x95, 0x41, 0x35, 0x18, 0xf1, 0x82, 0x7a, 0x28, 0x0c, 0x5b, 0xf5, 0x64, - 0x4a, 0xad, 0x04, 0xf5, 0x50, 0x8f, 0x15, 0xfa, 0x0f, 0x33, 0xee, 0x68, 0x15, 0xce, 0x47, 0x62, - 0xf5, 0x77, 0xdd, 0x8b, 0xa9, 0x0b, 0xbf, 0xea, 0x35, 0xbd, 0x84, 0x19, 0xa5, 0x62, 0x75, 0xe6, - 0xe8, 0x70, 0xf6, 0x3c, 0xee, 0x81, 0xc7, 0x3d, 0x9f, 0xb2, 0xff, 0xbc, 0x92, 0x5e, 0xe2, 0xf2, - 0x7d, 0xea, 0x9f, 0x87, 0x4a, 0xa4, 0x72, 0xbf, 0xad, 0x3c, 0xe2, 0xac, 0xb2, 0x8d, 0x45, 0x82, - 0x90, 0xda, 0x7d, 0xd4, 0x59, 0xde, 0x5a, 0x22, 0x75, 0x24, 0xe8, 0x97, 0x17, 0xc3, 0x22, 0x87, - 0xfe, 0x25, 0xa4, 0xea, 0xbd, 0xd5, 0x4e, 0xe0, 0x62, 0x26, 0x03, 0x45, 0x30, 0xba, 0x4b, 0x1c, - 0x3f, 0xd9, 0xcd, 0x67, 0x1b, 0xe8, 0x3a, 0xe3, 0x95, 0x4d, 0x83, 0xe2, 0x50, 0x2c, 0x24, 0xa1, - 0x03, 0x18, 0xdb, 0xe5, 0x1f, 0x41, 0xcc, 0xed, 0x6b, 0x27, 0x6d, 0xdc, 0xd4, 0x97, 0xd5, 0xe3, - 0x57, 0x00, 0xb0, 0x14, 0xc7, 0x42, 0x24, 0x46, 0x00, 0x82, 0x0f, 0x9f, 0xfc, 0x32, 0xc0, 0x06, - 0x8e, 0x3e, 0xa0, 0x4f, 0xc3, 0x44, 0x44, 0xdc, 0x30, 0x70, 0x3d, 0x9f, 0xd4, 0x16, 0xe4, 0x16, - 0xcf, 0x30, 0xb9, 0x57, 0x67, 0xa9, 0x7f, 0x82, 0x0d, 0x1e, 0x38, 0xc5, 0x11, 0x7d, 0xde, 0x82, - 0x29, 0x95, 0x30, 0x4a, 0x3f, 0x08, 0x11, 0x9b, 0x24, 0xab, 0x39, 0xa5, 0xa7, 0x32, 0x9e, 0x55, - 0x44, 0x57, 0x28, 0x69, 0x18, 0xce, 0xc8, 0x45, 0xef, 0x02, 0x84, 0x3b, 0x2c, 0x08, 0x42, 0x5f, - 0xb5, 0x3c, 0xf4, 0xab, 0x4e, 0xf1, 0x04, 0x42, 0xc9, 0x01, 0x1b, 0xdc, 0xd0, 0x4d, 0x00, 0x3e, - 0x6c, 0xb6, 0x3b, 0x2d, 0xc2, 0x96, 0x0d, 0x3a, 0x79, 0x0e, 0xb6, 0x14, 0xe6, 0xc1, 0xe1, 0x6c, - 0xf7, 0x02, 0x97, 0x25, 0xcf, 0x19, 0x8f, 0xa3, 0x9f, 0x85, 0xb1, 0xb8, 0xdd, 0x6c, 0x3a, 0x6a, - 0x3f, 0x25, 0xc7, 0x94, 0x44, 0xce, 0x57, 0xf7, 0x4d, 0x01, 0xc0, 0x52, 0x22, 0xba, 0x4b, 0x0d, - 0x5b, 0x2c, 0x56, 0xde, 0x6c, 0x14, 0xf1, 0xb9, 0x79, 0x9c, 0xbd, 0xd3, 0x47, 0xc4, 0x73, 0xe7, - 0x71, 0x0f, 0x9a, 0x07, 0x87, 0xb3, 0xcf, 0xa6, 0xe1, 0xab, 0x21, 0x17, 0x8b, 0x7b, 0xf2, 0xb4, - 0x83, 0x74, 0x14, 0x56, 0x68, 0xf0, 0x06, 0x4c, 0x90, 0x83, 0x84, 0x44, 0x81, 0xe3, 0xdf, 0xc2, - 0xab, 0x72, 0xb5, 0xcf, 0x3a, 0xda, 0x55, 0x03, 0x8e, 0x53, 0x54, 0xc8, 0x56, 0x5e, 0x7e, 0x81, - 0xd1, 0x83, 0xf6, 0xf2, 0xa5, 0x4f, 0x6f, 0xff, 0xdf, 0x42, 0xca, 0xfb, 0xd8, 0x8e, 0x08, 0x41, - 0x21, 0x94, 0x82, 0xb0, 0xa6, 0x0c, 0xec, 0x8d, 0x7c, 0x0c, 0xec, 0x7a, 0x58, 0x33, 0x0e, 0x40, - 0xd1, 0x7f, 0x31, 0xe6, 0x72, 0xd8, 0x09, 0x11, 0x79, 0x94, 0x86, 0x21, 0x84, 0xc3, 0x95, 0xa7, - 0x64, 0x75, 0x42, 0x64, 0xc3, 0x14, 0x84, 0xd3, 0x72, 0xd1, 0x1e, 0x94, 0x76, 0xc3, 0x38, 0x91, - 0xc1, 0xa5, 0x13, 0x7a, 0x7c, 0xd7, 0xc3, 0x38, 0x61, 0xd3, 0xa5, 0x7a, 0x6d, 0x0a, 0x89, 0x31, - 0x97, 0x61, 0xff, 0xb1, 0x95, 0xda, 0xdb, 0xb9, 0xe3, 0x24, 0xee, 0xee, 0xd5, 0x7d, 0x12, 0xd0, - 0xb1, 0x63, 0xa6, 0x9c, 0xfe, 0x95, 0x4c, 0xca, 0xe9, 0x07, 0xfb, 0x9d, 0x48, 0xbd, 0x4f, 0x39, - 0xcc, 0x31, 0x16, 0x46, 0xfa, 0xe9, 0x67, 0x2c, 0x18, 0x37, 0xd4, 0x13, 0x93, 0x57, 0x8e, 0x79, - 0xcb, 0x3a, 0x06, 0xa5, 0x81, 0xd8, 0x14, 0x69, 0x7f, 0xcd, 0x82, 0xb1, 0xaa, 0xe3, 0xee, 0x85, - 0xf5, 0x3a, 0x7a, 0x15, 0xca, 0xb5, 0xb6, 0x48, 0xcb, 0xe7, 0xef, 0xa7, 0x36, 0x13, 0x96, 0x04, - 0x1c, 0x2b, 0x0a, 0xda, 0x87, 0xeb, 0x0e, 0xcb, 0x79, 0x28, 0x30, 0x37, 0x82, 0xf5, 0xe1, 0x6b, - 0x0c, 0x82, 0x05, 0x06, 0x7d, 0x18, 0xc6, 0x9b, 0xce, 0x81, 0x7c, 0x38, 0xbb, 0xb1, 0xb4, 0xa6, - 0x51, 0xd8, 0xa4, 0xb3, 0xff, 0xb5, 0x05, 0x33, 0x55, 0x27, 0xf6, 0xdc, 0x85, 0x76, 0xb2, 0x5b, - 0xf5, 0x92, 0x9d, 0xb6, 0xbb, 0x47, 0x12, 0x9e, 0xb2, 0x4e, 0xb5, 0x6c, 0xc7, 0x74, 0x28, 0xa9, - 0xe5, 0x81, 0xd2, 0xf2, 0x96, 0x80, 0x63, 0x45, 0x81, 0xde, 0x83, 0xf1, 0x96, 0x13, 0xc7, 0xf7, - 0xc3, 0xa8, 0x86, 0x49, 0x3d, 0x9f, 0x03, 0x23, 0x5b, 0xc4, 0x8d, 0x48, 0x82, 0x49, 0x5d, 0xc4, - 0x02, 0x34, 0x7f, 0x6c, 0x0a, 0xb3, 0x7f, 0xbb, 0x02, 0x63, 0x22, 0x90, 0x31, 0x70, 0x22, 0xbe, - 0x5c, 0xf8, 0x14, 0xfa, 0x2e, 0x7c, 0x62, 0x18, 0x75, 0xd9, 0xb1, 0x65, 0xe1, 0x7d, 0xdc, 0xcc, - 0x25, 0xf2, 0xc5, 0x4f, 0x42, 0x6b, 0xb5, 0xf8, 0x7f, 0x2c, 0x44, 0xa1, 0xaf, 0x5a, 0x70, 0xc6, - 0x0d, 0x83, 0x80, 0xb8, 0x7a, 0x6a, 0x1c, 0xc9, 0x23, 0x96, 0xbd, 0x98, 0x66, 0xaa, 0x77, 0xd5, - 0x32, 0x08, 0x9c, 0x15, 0x8f, 0xde, 0x82, 0x49, 0xde, 0x66, 0xb7, 0x53, 0x5b, 0x0a, 0xfa, 0xbc, - 0x99, 0x89, 0xc4, 0x69, 0x5a, 0x34, 0xc7, 0xb7, 0x66, 0xc4, 0xc9, 0xae, 0x51, 0xbd, 0x45, 0x6b, - 0x9c, 0xe9, 0x32, 0x28, 0x50, 0x04, 0x28, 0x22, 0xf5, 0x88, 0xc4, 0xbb, 0x22, 0xd0, 0xc3, 0xa6, - 0xe5, 0xb1, 0x47, 0xcb, 0xfe, 0xc6, 0x5d, 0x9c, 0x70, 0x0f, 0xee, 0x68, 0x4f, 0xac, 0x0d, 0xca, - 0x79, 0x58, 0x05, 0xf1, 0x99, 0xfb, 0x2e, 0x11, 0x66, 0xa1, 0x14, 0xef, 0x3a, 0x51, 0x8d, 0xb9, - 0x03, 0x45, 0x9e, 0xe4, 0xb4, 0x45, 0x01, 0x98, 0xc3, 0xd1, 0x12, 0x9c, 0xcd, 0x9c, 0x96, 0x8b, - 0xd9, 0x84, 0x5f, 0xae, 0xce, 0x08, 0x76, 0x67, 0x33, 0xe7, 0xec, 0x62, 0xdc, 0xf5, 0x84, 0xb9, - 0x6e, 0x1c, 0x3f, 0x66, 0xdd, 0xd8, 0x51, 0xe9, 0x04, 0x13, 0xcc, 0xe2, 0xbf, 0x93, 0x4b, 0x03, - 0x0c, 0x94, 0x3b, 0xf0, 0xa5, 0x4c, 0xee, 0xc0, 0x24, 0x53, 0xe0, 0x76, 0x3e, 0x0a, 0x0c, 0x9f, - 0x28, 0xf0, 0x24, 0x03, 0xff, 0x7f, 0x6e, 0x81, 0xfc, 0xae, 0x8b, 0x8e, 0xbb, 0x4b, 0x68, 0x97, - 0x41, 0x6f, 0xc3, 0x94, 0x5a, 0x79, 0x2d, 0x86, 0xed, 0x80, 0xc7, 0xfc, 0x8b, 0x7a, 0xfb, 0x1d, - 0xa7, 0xb0, 0x38, 0x43, 0x8d, 0xe6, 0xa1, 0x42, 0xdb, 0x89, 0x3f, 0xca, 0x67, 0x0f, 0xb5, 0xba, - 0x5b, 0xd8, 0x5c, 0x11, 0x4f, 0x69, 0x1a, 0x14, 0xc2, 0xb4, 0xef, 0xc4, 0x09, 0xd3, 0x80, 0x2e, - 0xc4, 0x1e, 0xf1, 0xec, 0x05, 0x3b, 0x2c, 0xbc, 0x9a, 0x65, 0x84, 0xbb, 0x79, 0xdb, 0xdf, 0x1b, - 0x81, 0xc9, 0x94, 0x65, 0x1c, 0x72, 0xda, 0x79, 0x15, 0xca, 0x72, 0x26, 0x10, 0xa6, 0x5c, 0x51, - 0xab, 0xe9, 0x42, 0x51, 0xd0, 0x69, 0x72, 0x87, 0x38, 0x11, 0x89, 0xd8, 0x39, 0xc4, 0xec, 0x34, - 0x59, 0xd5, 0x28, 0x6c, 0xd2, 0x31, 0xa3, 0x9c, 0xf8, 0xf1, 0xa2, 0xef, 0x91, 0x20, 0xe1, 0x6a, - 0xe6, 0x63, 0x94, 0xb7, 0x57, 0xb7, 0x4c, 0xa6, 0xda, 0x28, 0x67, 0x10, 0x38, 0x2b, 0x1e, 0xfd, - 0xb2, 0x05, 0x93, 0xce, 0xfd, 0x58, 0xd7, 0xd6, 0x10, 0x59, 0x02, 0x27, 0x9c, 0xa4, 0x52, 0xe5, - 0x3a, 0xaa, 0xd3, 0xd4, 0xbc, 0xa7, 0x40, 0x38, 0x2d, 0x14, 0x7d, 0xc3, 0x02, 0x44, 0x0e, 0x88, - 0x2b, 0xf3, 0x18, 0x84, 0x2e, 0xa3, 0x79, 0x2c, 0x50, 0xae, 0x76, 0xf1, 0xe5, 0x56, 0xbd, 0x1b, - 0x8e, 0x7b, 0xe8, 0x60, 0xff, 0x8b, 0xa2, 0x1a, 0x50, 0x3a, 0x75, 0xc6, 0x31, 0x32, 0x48, 0xad, - 0x47, 0xcf, 0x20, 0xd5, 0xb1, 0x9f, 0xae, 0x2c, 0xd2, 0x74, 0xba, 0x65, 0xe1, 0x09, 0xa5, 0x5b, - 0x7e, 0xce, 0x52, 0x21, 0x43, 0xee, 0xc6, 0xbf, 0x9b, 0x6f, 0xda, 0xce, 0x1c, 0x8f, 0x3c, 0x66, - 0xac, 0x7b, 0x3a, 0x1c, 0x49, 0xad, 0xa9, 0x41, 0x36, 0x94, 0x35, 0xfc, 0x4f, 0x45, 0x18, 0x37, - 0x66, 0xd2, 0x9e, 0x6e, 0x91, 0xf5, 0x94, 0xb9, 0x45, 0x85, 0x21, 0xdc, 0xa2, 0x5f, 0x84, 0x8a, - 0x2b, 0xad, 0x7c, 0x3e, 0x85, 0x5c, 0xb2, 0x73, 0x87, 0x36, 0xf4, 0x0a, 0x84, 0xb5, 0x4c, 0xb4, - 0x0c, 0xd3, 0x06, 0x1b, 0x31, 0x43, 0x8c, 0xb0, 0x19, 0x42, 0x6d, 0xac, 0x2e, 0x64, 0x09, 0x70, - 0xf7, 0x33, 0xe8, 0x75, 0xba, 0xb2, 0xf2, 0xc4, 0x7b, 0xc9, 0xe4, 0x3a, 0xe6, 0xae, 0x2f, 0x6c, - 0xae, 0x48, 0x30, 0x36, 0x69, 0xec, 0xef, 0x59, 0xea, 0xe3, 0x3e, 0x86, 0x33, 0x29, 0x77, 0xd3, - 0x67, 0x52, 0xae, 0xe6, 0xd2, 0xcc, 0x7d, 0x0e, 0xa3, 0xac, 0xc3, 0xd8, 0x62, 0xd8, 0x6c, 0x3a, - 0x41, 0x0d, 0xfd, 0x08, 0x8c, 0xb9, 0xfc, 0xa7, 0xd8, 0xaa, 0x18, 0xa7, 0xce, 0x97, 0xc0, 0x62, - 0x89, 0x43, 0x2f, 0xc2, 0x88, 0x13, 0x35, 0xe4, 0xf6, 0x04, 0x8b, 0x95, 0x2e, 0x44, 0x8d, 0x18, - 0x33, 0xa8, 0xfd, 0xf5, 0x02, 0xc0, 0x62, 0xd8, 0x6c, 0x39, 0x11, 0xa9, 0x6d, 0x87, 0xef, 0xc7, - 0x44, 0xf8, 0xaa, 0xf5, 0x8b, 0x16, 0x20, 0xda, 0x2a, 0x61, 0x40, 0x82, 0x44, 0x25, 0x1b, 0x50, - 0x67, 0xc7, 0x95, 0x50, 0xe1, 0x39, 0xe8, 0x31, 0x20, 0x11, 0x58, 0xd3, 0x0c, 0xb0, 0x04, 0x7c, - 0x59, 0x1a, 0xa8, 0x62, 0x3a, 0x87, 0x87, 0x99, 0x35, 0x61, 0xaf, 0xec, 0xdf, 0x29, 0xc0, 0xb3, - 0x7c, 0xce, 0x59, 0x73, 0x02, 0xa7, 0x41, 0x9a, 0x54, 0xab, 0x41, 0xa3, 0x6b, 0x2e, 0x5d, 0x7b, - 0x78, 0x32, 0x65, 0xe7, 0xa4, 0x9d, 0x93, 0x77, 0x2a, 0xde, 0x8d, 0x56, 0x02, 0x2f, 0xc1, 0x8c, - 0x39, 0x8a, 0xa1, 0x2c, 0x4b, 0x73, 0x09, 0x63, 0x93, 0x93, 0x20, 0x35, 0xee, 0xc4, 0xc4, 0x40, - 0xb0, 0x12, 0x44, 0x3d, 0x33, 0x3f, 0x74, 0xf7, 0x30, 0x69, 0x85, 0xcc, 0xb0, 0x18, 0x19, 0x13, - 0xab, 0x02, 0x8e, 0x15, 0x85, 0xfd, 0x3b, 0x16, 0x64, 0x4d, 0x2e, 0x5b, 0xca, 0xf3, 0x53, 0xb9, - 0xd9, 0xa5, 0x7c, 0xfa, 0xd0, 0xed, 0x10, 0x87, 0x8b, 0x7f, 0x06, 0xc6, 0x9d, 0x84, 0xce, 0x92, - 0x7c, 0x5d, 0x59, 0x7c, 0xb4, 0xed, 0xde, 0xb5, 0xb0, 0xe6, 0xd5, 0x3d, 0xb6, 0x9e, 0x34, 0xd9, - 0xd9, 0x7f, 0x36, 0x02, 0xd3, 0x5d, 0x79, 0x96, 0xe8, 0x4d, 0x98, 0x70, 0x45, 0xf7, 0x68, 0x61, - 0x52, 0x17, 0x2f, 0x63, 0x84, 0xf1, 0x35, 0x0e, 0xa7, 0x28, 0x07, 0xe8, 0xa0, 0x2b, 0x70, 0x2e, - 0xa2, 0x2b, 0xd9, 0x36, 0x59, 0xa8, 0x27, 0x24, 0xda, 0x22, 0x6e, 0x18, 0xd4, 0xf8, 0xe9, 0xf1, - 0x62, 0xf5, 0xb9, 0xa3, 0xc3, 0xd9, 0x73, 0xb8, 0x1b, 0x8d, 0x7b, 0x3d, 0x83, 0x5a, 0x30, 0xe9, - 0x9b, 0x4e, 0x8e, 0xf0, 0x70, 0x1f, 0xc9, 0x3f, 0x52, 0x93, 0x60, 0x0a, 0x8c, 0xd3, 0x02, 0xd2, - 0x9e, 0x52, 0xe9, 0x09, 0x79, 0x4a, 0xbf, 0xa4, 0x3d, 0x25, 0x1e, 0x1b, 0xfc, 0x78, 0xce, 0x79, - 0xb6, 0xa7, 0xed, 0x2a, 0xbd, 0x03, 0x65, 0x19, 0x56, 0x1f, 0xc0, 0xde, 0xbc, 0x9c, 0xe2, 0xd3, - 0xc7, 0xa2, 0x3d, 0x28, 0x40, 0x0f, 0x2f, 0x9b, 0x8e, 0x33, 0x3d, 0xa5, 0xa5, 0xc6, 0xd9, 0x70, - 0xd3, 0x1a, 0x3a, 0xe0, 0x29, 0x05, 0xdc, 0x33, 0xfd, 0x58, 0xde, 0xab, 0x04, 0x9d, 0x65, 0x30, - 0x2e, 0xf4, 0x53, 0x99, 0x06, 0xe8, 0x0a, 0x80, 0xf6, 0x44, 0x44, 0x36, 0x9d, 0x0a, 0x87, 0x69, - 0x87, 0x05, 0x1b, 0x54, 0x74, 0xd1, 0xe8, 0x05, 0x71, 0xe2, 0xf8, 0xfe, 0x75, 0x2f, 0x48, 0xc4, - 0xee, 0x97, 0x9a, 0xa5, 0x56, 0x34, 0x0a, 0x9b, 0x74, 0x17, 0x3f, 0x62, 0x7c, 0x97, 0x61, 0xbe, - 0xe7, 0x2e, 0x3c, 0xbf, 0xec, 0x25, 0x2a, 0x07, 0x54, 0xf5, 0x23, 0xea, 0x68, 0xa8, 0xa4, 0x65, - 0xab, 0x6f, 0xd2, 0xb2, 0x91, 0x83, 0x59, 0x48, 0xa7, 0x8c, 0x66, 0x73, 0x30, 0xed, 0x37, 0xe1, - 0xfc, 0xb2, 0x97, 0x5c, 0xf3, 0x7c, 0x32, 0xa4, 0x10, 0xfb, 0xb7, 0x47, 0x60, 0xc2, 0x4c, 0xaa, - 0x1f, 0x26, 0xef, 0xfa, 0xcb, 0xd4, 0x97, 0x10, 0x6f, 0xe7, 0xa9, 0x38, 0xc7, 0x9d, 0x13, 0x67, - 0xf8, 0xf7, 0x6e, 0x31, 0xc3, 0x9d, 0xd0, 0x32, 0xb1, 0xa9, 0x00, 0xba, 0x0f, 0xa5, 0x3a, 0xcb, - 0x11, 0x2c, 0xe6, 0x11, 0x71, 0xed, 0xd5, 0xa2, 0x7a, 0x98, 0xf1, 0x2c, 0x43, 0x2e, 0x8f, 0xce, - 0x90, 0x51, 0x3a, 0xb3, 0x5c, 0x19, 0x2a, 0x95, 0x53, 0xae, 0x28, 0xfa, 0x99, 0xfa, 0xd2, 0x23, - 0x98, 0xfa, 0x94, 0xe1, 0x1d, 0x7d, 0x32, 0x86, 0xd7, 0xfe, 0x62, 0x01, 0xa6, 0x96, 0x83, 0xf6, - 0xe6, 0xf2, 0x66, 0x7b, 0xc7, 0xf7, 0xdc, 0x9b, 0xa4, 0x43, 0x8d, 0xd3, 0x1e, 0xe9, 0xac, 0x2c, - 0x89, 0x3e, 0xa4, 0x5a, 0xed, 0x26, 0x05, 0x62, 0x8e, 0xa3, 0xc3, 0xb1, 0xee, 0x05, 0x0d, 0x12, - 0xb5, 0x22, 0x4f, 0xec, 0x6a, 0x19, 0xc3, 0xf1, 0x9a, 0x46, 0x61, 0x93, 0x8e, 0xf2, 0x0e, 0xef, - 0x07, 0x24, 0xca, 0xba, 0x72, 0x1b, 0x14, 0x88, 0x39, 0x8e, 0x12, 0x25, 0x51, 0x3b, 0x4e, 0xc4, - 0xe7, 0x50, 0x44, 0xdb, 0x14, 0x88, 0x39, 0x8e, 0xf6, 0xf5, 0xb8, 0xbd, 0xc3, 0x42, 0xba, 0x99, - 0xe4, 0xba, 0x2d, 0x0e, 0xc6, 0x12, 0x4f, 0x49, 0xf7, 0x48, 0x67, 0x89, 0x2e, 0x6c, 0x32, 0xe9, - 0xaf, 0x37, 0x39, 0x18, 0x4b, 0x3c, 0x3b, 0xaf, 0x9f, 0x6e, 0x8e, 0xbf, 0x70, 0xe7, 0xf5, 0xd3, - 0xea, 0xf7, 0x59, 0x22, 0x7d, 0xcb, 0x82, 0x09, 0x33, 0x11, 0x03, 0x35, 0x32, 0x5e, 0xde, 0x46, - 0x57, 0xed, 0x95, 0x9f, 0xec, 0x55, 0x0e, 0xb8, 0xe1, 0x25, 0x61, 0x2b, 0x7e, 0x8d, 0x04, 0x0d, - 0x2f, 0x20, 0x2c, 0xf4, 0xc7, 0x13, 0x38, 0x52, 0x59, 0x1e, 0x8b, 0x61, 0x8d, 0x3c, 0x82, 0x9b, - 0x68, 0xdf, 0x81, 0xe9, 0xae, 0x9c, 0xe7, 0x01, 0x26, 0xd7, 0x63, 0x8f, 0x94, 0xd8, 0x18, 0xc6, - 0x29, 0xe3, 0x8d, 0x16, 0xcf, 0xb4, 0x58, 0x84, 0x69, 0xee, 0x00, 0x50, 0x49, 0x5b, 0xee, 0x2e, - 0x69, 0xaa, 0x3c, 0x76, 0xb6, 0x85, 0x7a, 0x3b, 0x8b, 0xc4, 0xdd, 0xf4, 0xf6, 0x97, 0x2c, 0x98, - 0x4c, 0xa5, 0xa1, 0xe7, 0xe4, 0x06, 0xb0, 0x91, 0x16, 0xb2, 0xbc, 0xa0, 0xc8, 0x0b, 0x78, 0x14, - 0xac, 0x6c, 0x8c, 0x34, 0x8d, 0xc2, 0x26, 0x9d, 0xfd, 0xb5, 0x02, 0x94, 0x65, 0xd8, 0x77, 0x00, - 0x55, 0xbe, 0x60, 0xc1, 0xa4, 0xda, 0xb6, 0x66, 0xfb, 0x21, 0xbc, 0x33, 0xae, 0x9f, 0x3c, 0xf0, - 0xac, 0x92, 0xc7, 0x82, 0x7a, 0xa8, 0x7d, 0x52, 0x6c, 0x0a, 0xc3, 0x69, 0xd9, 0xe8, 0x36, 0x40, - 0xdc, 0x89, 0x13, 0xd2, 0x34, 0x76, 0x66, 0x6c, 0x63, 0xc4, 0xcd, 0xb9, 0x61, 0x44, 0xe8, 0xf8, - 0x5a, 0x0f, 0x6b, 0x64, 0x4b, 0x51, 0x6a, 0x27, 0x42, 0xc3, 0xb0, 0xc1, 0xc9, 0xfe, 0x47, 0x05, - 0x38, 0x9b, 0x55, 0x09, 0x7d, 0x1c, 0x26, 0xa4, 0x74, 0xa3, 0x1e, 0xb2, 0x8c, 0x75, 0x4f, 0x60, - 0x03, 0xf7, 0xe0, 0x70, 0x76, 0xb6, 0xbb, 0xb4, 0xf4, 0x9c, 0x49, 0x82, 0x53, 0xcc, 0x78, 0xec, - 0x40, 0x04, 0xb9, 0xaa, 0x9d, 0x85, 0x56, 0x4b, 0x04, 0x00, 0x8c, 0xd8, 0x81, 0x89, 0xc5, 0x19, - 0x6a, 0xb4, 0x09, 0xe7, 0x0d, 0xc8, 0x3a, 0xf1, 0x1a, 0xbb, 0x3b, 0x61, 0x24, 0xd7, 0x16, 0x2f, - 0xea, 0x94, 0x8f, 0x6e, 0x1a, 0xdc, 0xf3, 0x49, 0x3a, 0xdf, 0xb9, 0x4e, 0xcb, 0x71, 0xbd, 0xa4, - 0x23, 0xb6, 0x9a, 0x94, 0x6d, 0x5a, 0x14, 0x70, 0xac, 0x28, 0xec, 0x35, 0x18, 0x19, 0xb0, 0x07, - 0x0d, 0xe4, 0xd3, 0xbe, 0x03, 0x65, 0xca, 0x4e, 0x3a, 0x38, 0x79, 0xb0, 0x0c, 0xa1, 0x2c, 0x4b, - 0x1a, 0x22, 0x1b, 0x8a, 0x9e, 0x23, 0xc3, 0x33, 0xea, 0xb5, 0x56, 0xe2, 0xb8, 0xcd, 0x96, 0x89, - 0x14, 0x89, 0x5e, 0x86, 0x22, 0x39, 0x68, 0x65, 0xe3, 0x30, 0x57, 0x0f, 0x5a, 0x5e, 0x44, 0x62, - 0x4a, 0x44, 0x0e, 0x5a, 0xe8, 0x22, 0x14, 0xbc, 0x9a, 0x98, 0xa4, 0x40, 0xd0, 0x14, 0x56, 0x96, - 0x70, 0xc1, 0xab, 0xd9, 0x07, 0x50, 0x51, 0x35, 0x14, 0xd1, 0x9e, 0xb4, 0xdd, 0x56, 0x1e, 0x79, - 0x1a, 0x92, 0x6f, 0x1f, 0xab, 0xdd, 0x06, 0xd0, 0x49, 0xff, 0x79, 0xd9, 0x97, 0xcb, 0x30, 0xe2, - 0x86, 0xe2, 0xac, 0x50, 0x59, 0xb3, 0x61, 0x46, 0x9b, 0x61, 0xec, 0x3b, 0x30, 0x75, 0x33, 0x08, - 0xef, 0xb3, 0x4a, 0x62, 0xd7, 0x3c, 0xe2, 0xd7, 0x28, 0xe3, 0x3a, 0xfd, 0x91, 0x75, 0x11, 0x18, - 0x16, 0x73, 0x9c, 0x2a, 0x34, 0x58, 0xe8, 0x57, 0x68, 0xd0, 0xfe, 0x8c, 0x05, 0x67, 0x55, 0x36, - 0xba, 0xb4, 0xc6, 0x6f, 0xc2, 0xc4, 0x4e, 0xdb, 0xf3, 0x6b, 0xe2, 0x7f, 0x76, 0xa1, 0x5e, 0x35, - 0x70, 0x38, 0x45, 0x49, 0x97, 0x15, 0x3b, 0x5e, 0xe0, 0x44, 0x9d, 0x4d, 0x6d, 0xfe, 0x95, 0x45, - 0xa8, 0x2a, 0x0c, 0x36, 0xa8, 0xec, 0xcf, 0x15, 0x60, 0x32, 0x75, 0xf8, 0x16, 0xf9, 0x50, 0x26, - 0x3e, 0xdb, 0x3e, 0x92, 0x1f, 0xf5, 0xa4, 0x25, 0x34, 0x54, 0x47, 0xbc, 0x2a, 0xf8, 0x62, 0x25, - 0xe1, 0xa9, 0x88, 0x53, 0xd8, 0x7f, 0xbf, 0x00, 0x67, 0x32, 0xb5, 0x99, 0xd0, 0x57, 0xd2, 0xb5, - 0x33, 0xac, 0x3c, 0x56, 0xe5, 0x0f, 0xad, 0x10, 0x34, 0x5c, 0x05, 0x8d, 0x27, 0xd5, 0x54, 0xbf, - 0x57, 0x80, 0xa9, 0x74, 0x51, 0xa9, 0xa7, 0xb0, 0xa5, 0x3e, 0x04, 0x15, 0x56, 0xaa, 0x85, 0xd5, - 0x38, 0xe6, 0x8b, 0x7f, 0x76, 0x38, 0x73, 0x4d, 0x02, 0xb1, 0xc6, 0x3f, 0x15, 0x85, 0x49, 0xec, - 0x7f, 0x60, 0xc1, 0x05, 0xfe, 0x96, 0xd9, 0x7e, 0xf8, 0x37, 0x7a, 0xb5, 0xee, 0x27, 0xf2, 0x55, - 0x30, 0x73, 0xb4, 0xff, 0xb8, 0xf6, 0x65, 0xb5, 0x55, 0x85, 0xb6, 0xe9, 0xae, 0xf0, 0x14, 0x2a, - 0x3b, 0x54, 0x67, 0xb0, 0x7f, 0xaf, 0x08, 0xba, 0x9c, 0x2c, 0xf2, 0x44, 0x96, 0x79, 0x2e, 0x25, - 0x0e, 0xb6, 0x3a, 0x81, 0xab, 0x0b, 0xd7, 0x96, 0x33, 0x49, 0xe6, 0xbf, 0x6a, 0xc1, 0xb8, 0x17, - 0x78, 0x89, 0xe7, 0x30, 0x77, 0x25, 0x9f, 0x7a, 0x9f, 0x4a, 0xdc, 0x0a, 0xe7, 0x1c, 0x46, 0xe6, - 0x8e, 0x91, 0x12, 0x86, 0x4d, 0xc9, 0xe8, 0xd3, 0x22, 0x0f, 0xa9, 0x98, 0xdb, 0x19, 0x85, 0x72, - 0x26, 0xf9, 0xa8, 0x05, 0xa5, 0x88, 0x24, 0x91, 0x3c, 0x1d, 0x72, 0xf3, 0xa4, 0xc9, 0xa5, 0x49, - 0xd4, 0xd9, 0x4a, 0x22, 0x27, 0x21, 0x0d, 0x63, 0xb9, 0xc7, 0xc0, 0x98, 0x0b, 0xb2, 0x63, 0x40, - 0xdd, 0x6d, 0x31, 0x64, 0x8e, 0xc7, 0x3c, 0x54, 0x9c, 0x76, 0x12, 0x36, 0x69, 0x33, 0x89, 0x4d, - 0x2d, 0x9d, 0xc5, 0x22, 0x11, 0x58, 0xd3, 0xd8, 0x5f, 0x29, 0x41, 0x26, 0xed, 0x1b, 0x1d, 0x98, - 0xa5, 0x90, 0xad, 0x7c, 0x4b, 0x21, 0x2b, 0x65, 0x7a, 0x95, 0x43, 0x46, 0x0d, 0x28, 0xb5, 0x76, - 0x9d, 0x58, 0x7a, 0x23, 0xef, 0xc8, 0x66, 0xda, 0xa4, 0xc0, 0x07, 0x87, 0xb3, 0x3f, 0x35, 0xd8, - 0xea, 0x96, 0xf6, 0xd5, 0x79, 0x7e, 0x06, 0x4e, 0x8b, 0x66, 0x3c, 0x30, 0xe7, 0x6f, 0xae, 0x6f, - 0x8b, 0xc7, 0x84, 0x41, 0x3e, 0x2b, 0xaa, 0x31, 0x61, 0x12, 0xb7, 0xfd, 0x44, 0xf4, 0x86, 0x77, - 0x72, 0x1c, 0x65, 0x9c, 0xb1, 0x3e, 0x34, 0xc4, 0xff, 0x63, 0x43, 0x28, 0xfa, 0x38, 0x54, 0xe2, - 0xc4, 0x89, 0x92, 0x47, 0x3c, 0x62, 0xa0, 0x1a, 0x7d, 0x4b, 0x32, 0xc1, 0x9a, 0x1f, 0x7a, 0x97, - 0x55, 0x7c, 0xf1, 0xe2, 0xdd, 0x47, 0x4c, 0x1f, 0x94, 0xd5, 0x61, 0x04, 0x07, 0x6c, 0x70, 0xa3, - 0xce, 0x1e, 0xeb, 0xdb, 0x3c, 0x66, 0x5e, 0x66, 0xde, 0xbc, 0x32, 0x85, 0x58, 0x61, 0xb0, 0x41, - 0x65, 0xff, 0x02, 0x9c, 0xcb, 0xde, 0x9d, 0x20, 0x36, 0xbc, 0x1a, 0x51, 0xd8, 0x6e, 0x65, 0xbd, - 0x59, 0x56, 0x5b, 0x1f, 0x73, 0x1c, 0xf5, 0x66, 0xf7, 0xbc, 0xa0, 0x96, 0xf5, 0x66, 0x6f, 0x7a, - 0x41, 0x0d, 0x33, 0xcc, 0x00, 0x35, 0xa2, 0xff, 0xa5, 0x05, 0x97, 0x8f, 0xbb, 0xe2, 0x01, 0xbd, - 0x08, 0x23, 0xf7, 0x9d, 0x48, 0x56, 0x90, 0x62, 0xb6, 0xe3, 0x8e, 0x13, 0x05, 0x98, 0x41, 0x51, - 0x07, 0x46, 0xf9, 0xb1, 0x2a, 0xb1, 0x3e, 0x7f, 0x27, 0xdf, 0x0b, 0x27, 0x6e, 0x12, 0x23, 0x3a, - 0xc2, 0x8f, 0x74, 0x61, 0x21, 0xd0, 0xfe, 0xbe, 0x05, 0x68, 0x63, 0x9f, 0x44, 0x91, 0x57, 0x33, - 0x0e, 0x82, 0xa1, 0x37, 0x60, 0xe2, 0xee, 0xd6, 0xc6, 0xfa, 0x66, 0xe8, 0x05, 0xec, 0xac, 0xbb, - 0x71, 0x24, 0xe0, 0x86, 0x01, 0xc7, 0x29, 0x2a, 0xb4, 0x08, 0xd3, 0x77, 0xef, 0x51, 0x0f, 0xfc, - 0xea, 0x41, 0x2b, 0x22, 0x71, 0xac, 0xae, 0x69, 0x11, 0x7b, 0x2e, 0x37, 0xde, 0xc9, 0x20, 0x71, - 0x37, 0x3d, 0xda, 0x80, 0x0b, 0x4d, 0x16, 0xec, 0xad, 0xb1, 0x85, 0x47, 0xcc, 0x23, 0xbf, 0x91, - 0x3c, 0x4c, 0xfc, 0xfc, 0xd1, 0xe1, 0xec, 0x85, 0xb5, 0x5e, 0x04, 0xb8, 0xf7, 0x73, 0xf6, 0xb7, - 0x0b, 0x30, 0x6e, 0x5c, 0x93, 0x32, 0xc0, 0x12, 0x2b, 0x73, 0xb3, 0x4b, 0x61, 0xc0, 0x9b, 0x5d, - 0x5e, 0x81, 0x72, 0x2b, 0xf4, 0x3d, 0xd7, 0x53, 0x27, 0x9f, 0x59, 0x05, 0x9e, 0x4d, 0x01, 0xc3, - 0x0a, 0x8b, 0xee, 0x43, 0x45, 0x5d, 0x1d, 0x20, 0xce, 0x42, 0xe5, 0xb5, 0xc8, 0x54, 0x83, 0x57, - 0x5f, 0x09, 0xa0, 0x65, 0x21, 0x1b, 0x46, 0x59, 0xcf, 0x97, 0xd9, 0x24, 0x2c, 0xe1, 0x9d, 0x0d, - 0x89, 0x18, 0x0b, 0x8c, 0xfd, 0x2b, 0x63, 0x70, 0xbe, 0x57, 0xd5, 0x18, 0xf4, 0x73, 0x30, 0xca, - 0x75, 0xcc, 0xa7, 0x30, 0x59, 0x2f, 0x19, 0xcb, 0x8c, 0xa1, 0x50, 0x8b, 0xfd, 0xc6, 0x42, 0xa6, - 0x90, 0xee, 0x3b, 0x3b, 0xc2, 0x8d, 0x38, 0x1d, 0xe9, 0xab, 0x8e, 0x96, 0xbe, 0xea, 0x70, 0xe9, - 0xbe, 0xb3, 0x83, 0x0e, 0xa0, 0xd4, 0xf0, 0x12, 0xe2, 0x08, 0x67, 0xfa, 0xce, 0xa9, 0x08, 0x27, - 0x0e, 0x4f, 0x5a, 0x66, 0x3f, 0x31, 0x17, 0x88, 0xbe, 0x69, 0xc1, 0x99, 0x9d, 0xf4, 0xf9, 0x01, - 0x31, 0xab, 0x38, 0xa7, 0x50, 0x19, 0x28, 0x2d, 0xa8, 0x7a, 0xee, 0xe8, 0x70, 0xf6, 0x4c, 0x06, - 0x88, 0xb3, 0xea, 0xa0, 0x5f, 0xb2, 0x60, 0xac, 0xee, 0xf9, 0x46, 0x55, 0x8c, 0x53, 0xf8, 0x38, - 0xd7, 0x98, 0x00, 0x3d, 0xf3, 0xf2, 0xff, 0x31, 0x96, 0x92, 0xfb, 0x45, 0x71, 0x46, 0x4f, 0x1a, - 0xc5, 0x19, 0x7b, 0x42, 0xcb, 0xa7, 0xbf, 0x55, 0x80, 0x97, 0x07, 0xf8, 0x46, 0x66, 0x3e, 0xba, - 0x75, 0x4c, 0x3e, 0xfa, 0x65, 0x18, 0x89, 0x48, 0x2b, 0xcc, 0xce, 0x77, 0x2c, 0x61, 0x84, 0x61, - 0xd0, 0x4b, 0x50, 0x74, 0x5a, 0x9e, 0x98, 0xee, 0x54, 0x90, 0x77, 0x61, 0x73, 0x05, 0x53, 0x38, - 0xfd, 0xd2, 0x95, 0x1d, 0x79, 0xaa, 0x25, 0x9f, 0x52, 0x93, 0xfd, 0x0e, 0xc9, 0xf0, 0x05, 0x8d, - 0xc2, 0x62, 0x2d, 0xd7, 0xde, 0x80, 0x8b, 0xfd, 0x7b, 0x08, 0x7a, 0x1d, 0xc6, 0x77, 0x22, 0x27, - 0x70, 0x77, 0xd7, 0x9c, 0xc4, 0x95, 0xa1, 0x56, 0x96, 0x36, 0x57, 0xd5, 0x60, 0x6c, 0xd2, 0xd8, - 0xbf, 0x5b, 0xe8, 0xcd, 0x91, 0x1b, 0x81, 0x61, 0x5a, 0x58, 0xb4, 0x5f, 0xa1, 0x4f, 0xfb, 0xdd, - 0x83, 0x72, 0xc2, 0x92, 0xa0, 0x49, 0x5d, 0x58, 0x92, 0xdc, 0xce, 0xf1, 0xb0, 0xb9, 0x66, 0x5b, - 0x30, 0xc7, 0x4a, 0x0c, 0x35, 0xf9, 0xbe, 0x2e, 0xa8, 0x21, 0x4c, 0x7e, 0xe6, 0xb0, 0xc0, 0x12, - 0x9c, 0x35, 0x0a, 0x80, 0xf1, 0x1c, 0x50, 0x1e, 0x80, 0x53, 0x07, 0x23, 0x36, 0x33, 0x78, 0xdc, - 0xf5, 0x84, 0xfd, 0xad, 0x02, 0x3c, 0xdf, 0xd7, 0xb2, 0xe9, 0x28, 0xa1, 0xf5, 0x90, 0x28, 0xe1, - 0x89, 0x3b, 0xa8, 0xd9, 0xc0, 0x23, 0x8f, 0xa7, 0x81, 0x5f, 0x85, 0xb2, 0x17, 0xc4, 0xc4, 0x6d, - 0x47, 0xbc, 0xd1, 0x8c, 0x6c, 0xac, 0x15, 0x01, 0xc7, 0x8a, 0xc2, 0xfe, 0xfd, 0xfe, 0x5d, 0x8d, - 0xce, 0x72, 0x3f, 0xb4, 0xad, 0xf4, 0x16, 0x4c, 0x3a, 0xad, 0x16, 0xa7, 0x63, 0x11, 0x99, 0xcc, - 0x51, 0xa7, 0x05, 0x13, 0x89, 0xd3, 0xb4, 0x46, 0x1f, 0x1e, 0xed, 0xd7, 0x87, 0xed, 0x3f, 0x29, - 0x41, 0x85, 0xb6, 0xc0, 0x62, 0x44, 0x6a, 0x31, 0x6d, 0x80, 0x76, 0xe4, 0x8b, 0x56, 0x54, 0x0d, - 0x70, 0x0b, 0xaf, 0x62, 0x0a, 0x4f, 0xad, 0x92, 0x0b, 0x43, 0x9d, 0x84, 0x28, 0x1e, 0x7b, 0x12, - 0xe2, 0x2d, 0x98, 0x8c, 0xe3, 0xdd, 0xcd, 0xc8, 0xdb, 0x77, 0x12, 0xea, 0x7b, 0x8b, 0x88, 0xb7, - 0xce, 0x5e, 0xde, 0xba, 0xae, 0x91, 0x38, 0x4d, 0x8b, 0x96, 0x61, 0x5a, 0x9f, 0x47, 0x20, 0x51, - 0xc2, 0x02, 0xdc, 0xbc, 0xa9, 0x54, 0xf2, 0xb0, 0x3e, 0xc1, 0x20, 0x08, 0x70, 0xf7, 0x33, 0x74, - 0x48, 0xa7, 0x80, 0x54, 0x91, 0xd1, 0xf4, 0x90, 0x4e, 0xf1, 0xa1, 0xba, 0x74, 0x3d, 0x81, 0xd6, - 0xe0, 0x1c, 0xef, 0x17, 0xec, 0xa6, 0x2c, 0xf5, 0x46, 0x63, 0x8c, 0xd1, 0x0b, 0x82, 0xd1, 0xb9, - 0xe5, 0x6e, 0x12, 0xdc, 0xeb, 0x39, 0xea, 0x58, 0x2b, 0xf0, 0xca, 0x92, 0x58, 0xe0, 0x29, 0xc7, - 0x5a, 0xb1, 0x59, 0xa9, 0x61, 0x93, 0x0e, 0x7d, 0x0c, 0x9e, 0xd3, 0x7f, 0x79, 0x1e, 0x10, 0xdf, - 0xf5, 0x58, 0x12, 0x47, 0xbd, 0x54, 0xf1, 0xa9, 0xe5, 0x9e, 0x64, 0x35, 0xdc, 0xef, 0x79, 0xb4, - 0x03, 0x17, 0x15, 0xea, 0x2a, 0x5d, 0xc5, 0xb4, 0x22, 0x2f, 0x26, 0x55, 0x27, 0x26, 0xb7, 0x22, - 0x9f, 0x1d, 0x0e, 0xab, 0xe8, 0x32, 0xb9, 0xcb, 0x5e, 0x72, 0xbd, 0x17, 0x25, 0x5e, 0xc5, 0x0f, - 0xe1, 0x82, 0xe6, 0xa1, 0x42, 0x02, 0x67, 0xc7, 0x27, 0x1b, 0x8b, 0x2b, 0xec, 0xc8, 0x98, 0xb1, - 0xc9, 0x72, 0x55, 0x22, 0xb0, 0xa6, 0x51, 0x41, 0x96, 0x89, 0xbe, 0x41, 0x96, 0x3f, 0xb4, 0x60, - 0x52, 0x75, 0xf6, 0xc7, 0x90, 0xcd, 0xe0, 0xa7, 0xb3, 0x19, 0x96, 0x4f, 0xba, 0xbb, 0x25, 0x34, - 0xef, 0x13, 0x12, 0xfb, 0xe3, 0x0a, 0x00, 0xbb, 0xf4, 0xd3, 0x63, 0xd5, 0x1b, 0xa4, 0xb9, 0xb3, - 0xfa, 0x9a, 0xbb, 0xa7, 0x76, 0x38, 0xf7, 0x3a, 0x5c, 0x51, 0x7a, 0xb2, 0x87, 0x2b, 0xb6, 0xe0, - 0x82, 0x9c, 0x8c, 0xf8, 0x82, 0xff, 0x7a, 0x18, 0x2b, 0xeb, 0x50, 0xae, 0xbe, 0x24, 0x18, 0x5d, - 0x58, 0xe9, 0x45, 0x84, 0x7b, 0x3f, 0x9b, 0x9a, 0x03, 0xc7, 0x8e, 0x9b, 0x03, 0xf5, 0x80, 0x58, - 0xad, 0xcb, 0x3a, 0x50, 0x99, 0x01, 0xb1, 0x7a, 0x6d, 0x0b, 0x6b, 0x9a, 0xde, 0x56, 0xb1, 0x92, - 0x93, 0x55, 0x84, 0xa1, 0xad, 0xa2, 0x1c, 0x9f, 0xe3, 0x7d, 0x6f, 0x5b, 0x93, 0x7b, 0x0c, 0x13, - 0x7d, 0xf7, 0x18, 0xde, 0x86, 0x29, 0x2f, 0xd8, 0x25, 0x91, 0x97, 0x90, 0x1a, 0x1b, 0x0b, 0xe2, - 0x2a, 0x45, 0x95, 0x43, 0xb0, 0x92, 0xc2, 0xe2, 0x0c, 0x75, 0xda, 0xa8, 0x4c, 0x0d, 0x60, 0x54, - 0xfa, 0x98, 0xf2, 0x33, 0xf9, 0x98, 0xf2, 0xb3, 0x27, 0x37, 0xe5, 0xd3, 0xa7, 0x6a, 0xca, 0x51, - 0x2e, 0xa6, 0xfc, 0x65, 0x28, 0xb5, 0xa2, 0xf0, 0xa0, 0x33, 0x73, 0x2e, 0xed, 0x9e, 0x6d, 0x52, - 0x20, 0xe6, 0x38, 0x73, 0xb9, 0x70, 0xfe, 0xe1, 0xcb, 0x05, 0xfb, 0xf3, 0x05, 0xb8, 0xa0, 0x2d, - 0x1d, 0xed, 0x5f, 0x5e, 0x9d, 0x8e, 0x75, 0x56, 0xac, 0x8f, 0x07, 0xa2, 0x8d, 0xf4, 0x15, 0x9d, - 0x09, 0xa3, 0x30, 0xd8, 0xa0, 0x62, 0x59, 0x20, 0x24, 0x62, 0xd5, 0x19, 0xb2, 0x66, 0x70, 0x51, - 0xc0, 0xb1, 0xa2, 0x60, 0x37, 0x86, 0x93, 0x28, 0x11, 0x99, 0x75, 0xd9, 0x13, 0x9b, 0x8b, 0x1a, - 0x85, 0x4d, 0x3a, 0xf4, 0x0a, 0x17, 0xc2, 0x86, 0x20, 0x35, 0x85, 0x13, 0xa2, 0xce, 0xb4, 0x1c, - 0x75, 0x0a, 0x2b, 0xd5, 0x61, 0xe9, 0x3e, 0xa5, 0x6e, 0x75, 0x58, 0xf0, 0x44, 0x51, 0xd8, 0xff, - 0xc7, 0x82, 0xe7, 0x7b, 0x36, 0xc5, 0x63, 0x98, 0xde, 0x0e, 0xd2, 0xd3, 0xdb, 0xd6, 0xc9, 0xa7, - 0xb7, 0xae, 0xb7, 0xe8, 0x33, 0xd5, 0xfd, 0x47, 0x0b, 0xa6, 0x34, 0xfd, 0x63, 0x78, 0x55, 0x2f, - 0xd7, 0xbb, 0xbf, 0xb5, 0xea, 0x7c, 0xe7, 0x2a, 0xf5, 0x6e, 0x7f, 0xc8, 0xde, 0x8d, 0xef, 0x41, - 0x2f, 0xb8, 0xf2, 0x9e, 0xca, 0x63, 0xf6, 0x5e, 0x3b, 0x30, 0xca, 0xaa, 0xba, 0xc6, 0xf9, 0xec, - 0x85, 0xa7, 0xe5, 0xb3, 0x3c, 0x3e, 0xbd, 0x17, 0xce, 0xfe, 0xc6, 0x58, 0x08, 0x64, 0xb5, 0x43, - 0xbc, 0x98, 0xda, 0xcb, 0x9a, 0x48, 0x9c, 0xd1, 0xb5, 0x43, 0x04, 0x1c, 0x2b, 0x0a, 0xbb, 0x09, - 0x33, 0x69, 0xe6, 0x4b, 0xa4, 0xce, 0x42, 0x8e, 0x03, 0xbd, 0xe6, 0x3c, 0x54, 0x1c, 0xf6, 0xd4, - 0x6a, 0xdb, 0xc9, 0x5e, 0x4d, 0xb0, 0x20, 0x11, 0x58, 0xd3, 0xd8, 0xbf, 0x65, 0xc1, 0xb9, 0x1e, - 0x2f, 0x93, 0x63, 0xc2, 0x50, 0xa2, 0xad, 0x40, 0x9f, 0x0b, 0x44, 0x6b, 0xa4, 0xee, 0xc8, 0xa0, - 0x96, 0x61, 0xd5, 0x96, 0x38, 0x18, 0x4b, 0xbc, 0xfd, 0x3f, 0x2d, 0x38, 0x93, 0xd6, 0x35, 0x46, - 0x37, 0x00, 0xf1, 0x97, 0x59, 0xf2, 0x62, 0x37, 0xdc, 0x27, 0x51, 0x87, 0xbe, 0x39, 0xd7, 0xfa, - 0xa2, 0xe0, 0x84, 0x16, 0xba, 0x28, 0x70, 0x8f, 0xa7, 0x58, 0x6d, 0x83, 0x9a, 0x6a, 0x6d, 0xd9, - 0x53, 0x6e, 0xe7, 0xd9, 0x53, 0xf4, 0xc7, 0x34, 0x37, 0xfe, 0x95, 0x48, 0x6c, 0xca, 0xb7, 0xbf, - 0x3f, 0x02, 0x2a, 0xa3, 0x90, 0x85, 0x4f, 0x72, 0x0a, 0x3e, 0xa5, 0xee, 0xaf, 0x28, 0x0e, 0x71, - 0xa3, 0xe9, 0xc8, 0xc3, 0x42, 0x1b, 0xbc, 0x94, 0xba, 0xb9, 0xc9, 0xa3, 0xde, 0x70, 0x5b, 0xa3, - 0xb0, 0x49, 0x47, 0x35, 0xf1, 0xbd, 0x7d, 0xc2, 0x1f, 0x1a, 0x4d, 0x6b, 0xb2, 0x2a, 0x11, 0x58, - 0xd3, 0x50, 0x4d, 0x6a, 0x5e, 0xbd, 0x2e, 0x56, 0x8a, 0x4a, 0x13, 0xda, 0x3a, 0x98, 0x61, 0x28, - 0xc5, 0x6e, 0x18, 0xee, 0x09, 0xff, 0x4f, 0x51, 0x5c, 0x0f, 0xc3, 0x3d, 0xcc, 0x30, 0xd4, 0x63, - 0x09, 0xc2, 0xa8, 0xc9, 0xae, 0x8e, 0xa8, 0x29, 0x29, 0xc2, 0xef, 0x53, 0x1e, 0xcb, 0x7a, 0x37, - 0x09, 0xee, 0xf5, 0x1c, 0xed, 0x81, 0xad, 0x88, 0xd4, 0x3c, 0x37, 0x31, 0xb9, 0x41, 0xba, 0x07, - 0x6e, 0x76, 0x51, 0xe0, 0x1e, 0x4f, 0xa1, 0x05, 0x38, 0x23, 0x33, 0x42, 0xe5, 0x89, 0x17, 0xee, - 0x0c, 0x2a, 0x3f, 0x1c, 0xa7, 0xd1, 0x38, 0x4b, 0x4f, 0xad, 0x4d, 0x53, 0x1c, 0x76, 0x63, 0x6e, - 0xa2, 0x61, 0x6d, 0xe4, 0x21, 0x38, 0xac, 0x28, 0xec, 0xcf, 0x16, 0xe9, 0xec, 0xd8, 0xa7, 0x60, - 0xe3, 0x63, 0x0b, 0x76, 0xa6, 0x7b, 0xe4, 0xc8, 0x00, 0x3d, 0xf2, 0x0d, 0x98, 0xb8, 0x1b, 0x87, - 0x81, 0x0a, 0x24, 0x96, 0xfa, 0x06, 0x12, 0x0d, 0xaa, 0xde, 0x81, 0xc4, 0xd1, 0xbc, 0x02, 0x89, - 0x63, 0x8f, 0x18, 0x48, 0xfc, 0xb7, 0x25, 0x50, 0xe5, 0xd6, 0xd6, 0x49, 0x72, 0x3f, 0x8c, 0xf6, - 0xbc, 0xa0, 0xc1, 0x32, 0x69, 0xbf, 0x69, 0xc1, 0x04, 0x1f, 0x2f, 0xa2, 0x56, 0x2e, 0xcf, 0x12, - 0xaa, 0xe7, 0x54, 0x62, 0x2c, 0x25, 0x6c, 0x6e, 0xdb, 0x10, 0x94, 0x29, 0x5c, 0x6c, 0xa2, 0x70, - 0x4a, 0x23, 0xf4, 0xf3, 0x00, 0xf2, 0x12, 0x85, 0x7a, 0x4e, 0xd7, 0x0b, 0xab, 0x2b, 0x2d, 0x48, - 0x5d, 0xfb, 0xa6, 0xdb, 0x4a, 0x08, 0x36, 0x04, 0xa2, 0xcf, 0x67, 0xaf, 0xd6, 0xf9, 0xf4, 0xa9, - 0xb4, 0xcd, 0x20, 0xa5, 0x71, 0x30, 0x8c, 0x79, 0x41, 0x83, 0xf6, 0x13, 0x11, 0x7b, 0xfd, 0x60, - 0xaf, 0x2c, 0xf4, 0xd5, 0xd0, 0xa9, 0x55, 0x1d, 0xdf, 0x09, 0x5c, 0x12, 0xad, 0x70, 0x72, 0xb3, - 0x92, 0x3e, 0x03, 0x60, 0xc9, 0xa8, 0xab, 0x86, 0x5e, 0x69, 0x90, 0x1a, 0x7a, 0x17, 0x3f, 0x0a, - 0xd3, 0x5d, 0x1f, 0x73, 0xa8, 0xd2, 0x38, 0x8f, 0x5e, 0x55, 0xc7, 0xfe, 0x57, 0xa3, 0x7a, 0xd2, - 0x5a, 0x0f, 0x6b, 0xbc, 0x92, 0x5b, 0xa4, 0xbf, 0xa8, 0xf0, 0x3d, 0x73, 0xec, 0x22, 0x46, 0x35, - 0x7e, 0x05, 0xc4, 0xa6, 0x48, 0xda, 0x47, 0x5b, 0x4e, 0x44, 0x82, 0xd3, 0xee, 0xa3, 0x9b, 0x4a, - 0x08, 0x36, 0x04, 0xa2, 0xdd, 0x54, 0x96, 0xd8, 0xb5, 0x93, 0x67, 0x89, 0xb1, 0x13, 0x6a, 0xbd, - 0x4a, 0x55, 0x7d, 0xd5, 0x82, 0xa9, 0x20, 0xd5, 0x73, 0xc5, 0x3e, 0xfc, 0xf6, 0x69, 0x8c, 0x0a, - 0x5e, 0xad, 0x33, 0x0d, 0xc3, 0x19, 0xf9, 0xbd, 0xa6, 0xb4, 0xd2, 0x90, 0x53, 0x9a, 0x2e, 0x09, - 0x39, 0xda, 0xaf, 0x24, 0x24, 0x0a, 0x54, 0xe1, 0xd9, 0xb1, 0xdc, 0x0b, 0xcf, 0x42, 0x8f, 0xa2, - 0xb3, 0x77, 0xa0, 0xe2, 0x46, 0xc4, 0x49, 0x1e, 0xb1, 0x06, 0x29, 0x0b, 0x42, 0x2e, 0x4a, 0x06, - 0x58, 0xf3, 0xb2, 0xff, 0x43, 0x11, 0xce, 0xca, 0x16, 0x91, 0x19, 0x34, 0x74, 0x7e, 0xe4, 0x72, - 0xb5, 0x73, 0xab, 0xe6, 0xc7, 0xeb, 0x12, 0x81, 0x35, 0x0d, 0xf5, 0xc7, 0xda, 0x31, 0xd9, 0x68, - 0x91, 0x60, 0xd5, 0xdb, 0x89, 0x45, 0xfc, 0x48, 0x0d, 0x94, 0x5b, 0x1a, 0x85, 0x4d, 0x3a, 0xea, - 0x8c, 0x73, 0xbf, 0x38, 0xce, 0x26, 0xa4, 0x09, 0x7f, 0x1b, 0x4b, 0x3c, 0xfa, 0xb5, 0x9e, 0x15, - 0xa4, 0xf3, 0x49, 0xc5, 0xec, 0x4a, 0x1c, 0x1a, 0xb2, 0x74, 0xf4, 0x57, 0x2c, 0x38, 0xb3, 0x97, - 0x3a, 0x85, 0x20, 0x4d, 0xf2, 0x09, 0xcf, 0xcb, 0xa5, 0x8f, 0x36, 0xe8, 0x2e, 0x9c, 0x86, 0xc7, - 0x38, 0x2b, 0xdd, 0xfe, 0xdf, 0x16, 0x98, 0xe6, 0x69, 0x30, 0xcf, 0xca, 0xb8, 0x13, 0xa0, 0x70, - 0xcc, 0x9d, 0x00, 0xd2, 0x09, 0x2b, 0x0e, 0xe6, 0xf4, 0x8f, 0x0c, 0xe1, 0xf4, 0x97, 0xfa, 0x7a, - 0x6d, 0x2f, 0x41, 0xb1, 0xed, 0xd5, 0x84, 0xdf, 0xae, 0x83, 0x61, 0x2b, 0x4b, 0x98, 0xc2, 0xed, - 0x7f, 0x5e, 0xd2, 0xeb, 0x74, 0x91, 0x41, 0xf8, 0x43, 0xf1, 0xda, 0x75, 0x75, 0xfc, 0x91, 0xbf, - 0xf9, 0x7a, 0xd7, 0xf1, 0xc7, 0x9f, 0x18, 0x3e, 0x41, 0x94, 0x37, 0x50, 0xbf, 0xd3, 0x8f, 0x63, - 0xc7, 0x64, 0x87, 0xde, 0x85, 0x32, 0x5d, 0xda, 0xb0, 0x0d, 0xb7, 0x72, 0x4a, 0xa9, 0xf2, 0x75, - 0x01, 0x7f, 0x70, 0x38, 0xfb, 0xe3, 0xc3, 0xab, 0x25, 0x9f, 0xc6, 0x8a, 0x3f, 0x8a, 0xa1, 0x42, - 0x7f, 0xb3, 0x44, 0x56, 0xb1, 0x68, 0xba, 0xa5, 0x6c, 0x91, 0x44, 0xe4, 0x92, 0x25, 0xab, 0xe5, - 0xa0, 0x00, 0x2a, 0xac, 0x7a, 0x3d, 0x13, 0xca, 0xd7, 0x56, 0x9b, 0x2a, 0x9d, 0x54, 0x22, 0x1e, - 0x1c, 0xce, 0xbe, 0x35, 0xbc, 0x50, 0xf5, 0x38, 0xd6, 0x22, 0xec, 0xaf, 0x8d, 0xe8, 0xbe, 0x2b, - 0x4e, 0xbd, 0xfe, 0x50, 0xf4, 0xdd, 0x37, 0x33, 0x7d, 0xf7, 0x72, 0x57, 0xdf, 0x9d, 0xd2, 0x15, - 0xde, 0x53, 0xbd, 0xf1, 0x71, 0x4f, 0xb0, 0xc7, 0xaf, 0xe3, 0x99, 0x67, 0x71, 0xaf, 0xed, 0x45, - 0x24, 0xde, 0x8c, 0xda, 0x81, 0x17, 0x34, 0xc4, 0x3d, 0x3f, 0x86, 0x67, 0x91, 0x42, 0xe3, 0x2c, - 0x3d, 0xbb, 0x23, 0xa8, 0x13, 0xb8, 0x77, 0x9c, 0x7d, 0xde, 0xab, 0x8c, 0x83, 0x80, 0x5b, 0x02, - 0x8e, 0x15, 0x85, 0xfd, 0x6d, 0x16, 0x1d, 0x35, 0x32, 0xe8, 0x69, 0x9f, 0xf0, 0xd9, 0x75, 0x01, - 0xfc, 0x14, 0xa1, 0xea, 0x13, 0xfc, 0x8e, 0x00, 0x8e, 0x43, 0xf7, 0x61, 0x6c, 0x87, 0x97, 0x11, - 0xce, 0xa7, 0x66, 0x90, 0xa8, 0x49, 0xcc, 0x4a, 0xeb, 0xc9, 0x02, 0xc5, 0x0f, 0xf4, 0x4f, 0x2c, - 0xa5, 0xd9, 0x7f, 0xb7, 0x08, 0x67, 0x32, 0xc5, 0xec, 0x53, 0x15, 0x0c, 0x0a, 0xc7, 0x56, 0x30, - 0xf8, 0x24, 0x40, 0x8d, 0xb4, 0xfc, 0xb0, 0xc3, 0xdc, 0x9c, 0x91, 0xa1, 0xdd, 0x1c, 0xe5, 0x19, - 0x2f, 0x29, 0x2e, 0xd8, 0xe0, 0x28, 0x8e, 0x4e, 0xf2, 0x82, 0x08, 0x99, 0xa3, 0x93, 0x46, 0xe9, - 0xac, 0xd1, 0xc7, 0x5b, 0x3a, 0xcb, 0x83, 0x33, 0x5c, 0x45, 0x95, 0xa7, 0xfe, 0x08, 0xe9, 0xe8, - 0x2c, 0xc3, 0x71, 0x29, 0xcd, 0x06, 0x67, 0xf9, 0xda, 0x5f, 0x2e, 0x50, 0x67, 0x8f, 0x37, 0xf6, - 0x9a, 0xdc, 0x4a, 0xff, 0x00, 0x8c, 0x3a, 0xed, 0x64, 0x37, 0xec, 0xaa, 0x87, 0xbc, 0xc0, 0xa0, - 0x58, 0x60, 0xd1, 0x2a, 0x8c, 0xd4, 0xf4, 0xf1, 0xb6, 0x61, 0x94, 0xd3, 0xfb, 0x66, 0x4e, 0x42, - 0x30, 0xe3, 0x82, 0x5e, 0x84, 0x91, 0xc4, 0x69, 0xa4, 0xae, 0x80, 0xda, 0x76, 0x1a, 0x31, 0x66, - 0x50, 0x73, 0x2e, 0x1a, 0x39, 0x66, 0x2e, 0x7a, 0x0b, 0x26, 0x63, 0xaf, 0x11, 0x38, 0x49, 0x3b, - 0x22, 0x46, 0x8c, 0x46, 0x07, 0xb6, 0x4d, 0x24, 0x4e, 0xd3, 0xda, 0xdf, 0xaf, 0xc0, 0xf9, 0x5e, - 0x77, 0x71, 0xe6, 0x9d, 0x24, 0xdc, 0x4b, 0xc6, 0xe3, 0x4b, 0x12, 0xee, 0x23, 0xdd, 0x37, 0x92, - 0x84, 0x7d, 0x23, 0x49, 0xf8, 0xf3, 0x16, 0x54, 0x54, 0x6e, 0xac, 0xc8, 0xef, 0xfb, 0xf8, 0x29, - 0xdc, 0x77, 0x2a, 0x45, 0x88, 0x14, 0x49, 0xf9, 0x17, 0x6b, 0xe1, 0xa7, 0x97, 0x35, 0xfc, 0x50, - 0x85, 0x86, 0xca, 0x1a, 0x56, 0x29, 0xd5, 0xa5, 0x3c, 0x52, 0xaa, 0xfb, 0x7c, 0xaa, 0x9e, 0x29, - 0xd5, 0x5f, 0xb5, 0x60, 0xdc, 0x79, 0xaf, 0x1d, 0x91, 0x25, 0xb2, 0xbf, 0xd1, 0x8a, 0x85, 0xdd, - 0xfa, 0x44, 0xfe, 0x0a, 0x2c, 0x68, 0x21, 0xa2, 0x70, 0xa3, 0x06, 0x60, 0x53, 0x85, 0x54, 0x0a, - 0xf5, 0x58, 0x1e, 0x29, 0xd4, 0xbd, 0xd4, 0x39, 0x36, 0x85, 0xfa, 0x2d, 0x98, 0x74, 0xfd, 0x30, - 0x20, 0x9b, 0x51, 0x98, 0x84, 0x6e, 0xe8, 0x0b, 0x1f, 0x55, 0x99, 0x84, 0x45, 0x13, 0x89, 0xd3, - 0xb4, 0xfd, 0xf2, 0xaf, 0x2b, 0x27, 0xcd, 0xbf, 0x86, 0x27, 0x94, 0x7f, 0xfd, 0xa7, 0x05, 0x98, - 0x3d, 0xe6, 0xa3, 0xa2, 0x37, 0x61, 0x22, 0x8c, 0x1a, 0x4e, 0xe0, 0xbd, 0xc7, 0x8f, 0xbf, 0x95, - 0xd2, 0xe7, 0xda, 0x37, 0x0c, 0x1c, 0x4e, 0x51, 0xca, 0x0c, 0xcd, 0xd1, 0x3e, 0x19, 0x9a, 0x1f, - 0x86, 0xf1, 0x84, 0x38, 0x4d, 0x91, 0x30, 0x20, 0xd6, 0x15, 0x3a, 0x4e, 0xa3, 0x51, 0xd8, 0xa4, - 0xa3, 0xdd, 0x68, 0xca, 0x71, 0x5d, 0x12, 0xc7, 0x32, 0x05, 0x53, 0xec, 0x79, 0xe4, 0x96, 0xdf, - 0xc9, 0xb6, 0x92, 0x16, 0x52, 0x22, 0x70, 0x46, 0x24, 0x55, 0xde, 0xf1, 0x7d, 0x9e, 0x6d, 0x4d, - 0xe4, 0xa5, 0x8e, 0xba, 0x44, 0xb8, 0x46, 0x61, 0x93, 0xce, 0xfe, 0xf5, 0x02, 0xbc, 0xf4, 0x50, - 0xf3, 0x32, 0x70, 0x76, 0x6c, 0x3b, 0x26, 0x51, 0x36, 0xce, 0x71, 0x2b, 0x26, 0x11, 0x66, 0x18, - 0xde, 0x4a, 0xad, 0x96, 0x71, 0xe9, 0x41, 0xde, 0xc9, 0xd8, 0xbc, 0x95, 0x52, 0x22, 0x70, 0x46, - 0x64, 0xb6, 0x95, 0x46, 0x06, 0x6c, 0xa5, 0x7f, 0x58, 0x80, 0x97, 0x07, 0x30, 0xc2, 0x39, 0x26, - 0xad, 0xa7, 0x93, 0xfe, 0x8b, 0x4f, 0x26, 0xe9, 0xff, 0x51, 0x9b, 0xeb, 0xdb, 0x05, 0xb8, 0xd8, - 0xdf, 0x16, 0xa2, 0x9f, 0xa4, 0x6b, 0x13, 0x99, 0xc3, 0x60, 0x1e, 0x18, 0x38, 0xc7, 0xd7, 0x25, - 0x29, 0x14, 0xce, 0xd2, 0xa2, 0x39, 0x80, 0x96, 0x93, 0xec, 0xc6, 0x57, 0x0f, 0xbc, 0x38, 0x11, - 0x47, 0xdd, 0xa6, 0xf8, 0x0e, 0xb3, 0x84, 0x62, 0x83, 0x82, 0x8a, 0x63, 0xff, 0x96, 0xc2, 0xf5, - 0x30, 0xe1, 0x0f, 0x71, 0x3f, 0xee, 0x1c, 0xbf, 0x85, 0x35, 0x85, 0xc2, 0x59, 0x5a, 0x2a, 0x8e, - 0xc5, 0x30, 0xb8, 0xa2, 0xe2, 0xc6, 0x5a, 0x2a, 0x6e, 0x55, 0x41, 0xb1, 0x41, 0x91, 0x3d, 0x0a, - 0x51, 0x1a, 0xe0, 0x28, 0xc4, 0x3f, 0x2d, 0xc0, 0xf3, 0x7d, 0xe7, 0xd2, 0xc1, 0x06, 0xe0, 0xd3, - 0x77, 0x06, 0xe2, 0xd1, 0xfa, 0xce, 0x90, 0x99, 0xfd, 0xff, 0xb9, 0x4f, 0x4f, 0x13, 0x99, 0xfd, - 0xd9, 0xa9, 0xc2, 0x1a, 0x76, 0xaa, 0x78, 0x8a, 0xda, 0xb3, 0x2b, 0x99, 0x7f, 0x64, 0x88, 0x64, - 0xfe, 0xcc, 0xc7, 0x28, 0x0d, 0x38, 0x90, 0xbf, 0xdb, 0xbf, 0x79, 0xa9, 0xef, 0x3d, 0xd0, 0xae, - 0xcf, 0x12, 0x9c, 0x15, 0x57, 0x5f, 0x6f, 0xb5, 0x77, 0xc4, 0x41, 0xc8, 0x42, 0xfa, 0x02, 0x90, - 0x95, 0x0c, 0x1e, 0x77, 0x3d, 0xf1, 0x14, 0x1e, 0xae, 0x78, 0xc4, 0x26, 0xfd, 0x24, 0x54, 0x14, - 0x6f, 0x9e, 0x70, 0xa8, 0x3e, 0x68, 0x57, 0xc2, 0xa1, 0xfa, 0x9a, 0x06, 0x15, 0x6d, 0x89, 0x3d, - 0xd2, 0xc9, 0xf6, 0xcc, 0x9b, 0xa4, 0xc3, 0x82, 0x8f, 0xf6, 0x8f, 0xc1, 0x84, 0x5a, 0x44, 0x0e, - 0x5a, 0x84, 0xd0, 0xfe, 0x1f, 0x23, 0x30, 0x99, 0x3a, 0xf0, 0x9e, 0xda, 0x0a, 0xb1, 0x8e, 0xdd, - 0x0a, 0x61, 0x29, 0x9a, 0xed, 0x40, 0xd6, 0xe8, 0x34, 0x52, 0x34, 0xdb, 0x01, 0xc1, 0x1c, 0x47, - 0x97, 0xee, 0xb5, 0xa8, 0x83, 0xdb, 0x81, 0x48, 0xf4, 0x52, 0x4b, 0xf7, 0x25, 0x06, 0xc5, 0x02, - 0x8b, 0x3e, 0x63, 0xc1, 0x44, 0xcc, 0xf6, 0xd9, 0xf8, 0x46, 0x92, 0xf8, 0xa0, 0x37, 0xf2, 0xb8, - 0x9b, 0x51, 0x14, 0x77, 0x60, 0x31, 0x62, 0x13, 0x82, 0x53, 0x12, 0xd1, 0x2f, 0x5b, 0xe6, 0xad, - 0x94, 0xa3, 0x79, 0x24, 0x28, 0x66, 0xeb, 0x09, 0xf0, 0x6d, 0x96, 0x87, 0x5f, 0x4e, 0x19, 0xab, - 0x5d, 0x9e, 0xb1, 0xd3, 0xd9, 0xe5, 0x81, 0x1e, 0x3b, 0x3c, 0x1f, 0x82, 0x4a, 0xd3, 0x09, 0xbc, - 0x3a, 0x89, 0x93, 0x78, 0xa6, 0x6c, 0x94, 0x39, 0x91, 0x40, 0xac, 0xf1, 0x74, 0xb2, 0x8b, 0xd9, - 0x8b, 0xf1, 0xb8, 0x58, 0x45, 0x97, 0xcb, 0xdf, 0xd2, 0x60, 0x6c, 0xd2, 0xd8, 0xff, 0xc4, 0x82, - 0x0b, 0x3d, 0x1b, 0xe3, 0xe9, 0xcd, 0xa8, 0xa1, 0x13, 0xf4, 0xb9, 0x1e, 0x05, 0x21, 0x50, 0xe7, - 0xd4, 0x2e, 0x2f, 0x15, 0x15, 0x27, 0x26, 0xfb, 0xf6, 0x8d, 0xe1, 0xf6, 0x2a, 0xf5, 0x7e, 0x61, - 0xf1, 0xb1, 0xee, 0x17, 0x52, 0x57, 0xd0, 0xb8, 0x66, 0x17, 0xfd, 0x82, 0x59, 0xfb, 0xc4, 0xca, - 0xab, 0x4e, 0x07, 0x67, 0xae, 0x6a, 0xa7, 0xf0, 0x56, 0xeb, 0x55, 0x4a, 0x25, 0xdb, 0x5f, 0x0b, - 0xc7, 0xf7, 0x57, 0xe4, 0xcb, 0x22, 0x33, 0xc5, 0xfc, 0x8b, 0xcc, 0x54, 0xba, 0x0a, 0xcc, 0xfc, - 0x6d, 0x8b, 0xf7, 0xb4, 0xcc, 0x2b, 0x69, 0x0b, 0x6b, 0x3d, 0xc4, 0xc2, 0xbe, 0xca, 0xae, 0x83, - 0xa9, 0x5f, 0x27, 0x8e, 0x2f, 0x2c, 0xb1, 0x79, 0xb3, 0x0b, 0x83, 0x63, 0x45, 0xc1, 0x8a, 0x47, - 0xfb, 0x7e, 0x78, 0xff, 0x6a, 0xb3, 0x95, 0x74, 0x84, 0x4d, 0xd6, 0xc5, 0xa3, 0x15, 0x06, 0x1b, - 0x54, 0xf6, 0x9f, 0x59, 0xfc, 0x73, 0x8a, 0xb0, 0xcf, 0x9b, 0x99, 0x62, 0xa7, 0x83, 0x47, 0x4c, - 0x7e, 0x0e, 0xc0, 0x55, 0x37, 0x41, 0xe4, 0x73, 0xfb, 0xae, 0xbe, 0x59, 0xc2, 0xbc, 0x12, 0x56, - 0xc2, 0xb0, 0x21, 0x2f, 0x35, 0x78, 0x8a, 0xc7, 0x0d, 0x1e, 0xfb, 0x4f, 0x2d, 0x48, 0x4d, 0x16, - 0xa8, 0x05, 0x25, 0xaa, 0x41, 0x27, 0x9f, 0x7b, 0x2b, 0x4c, 0xd6, 0x74, 0x60, 0x89, 0x6e, 0xc1, - 0x7e, 0x62, 0x2e, 0x08, 0xf9, 0x22, 0xe0, 0x53, 0xc8, 0xe3, 0x6e, 0x15, 0x53, 0xe0, 0xf5, 0x30, - 0xdc, 0xe3, 0x1b, 0xda, 0x3a, 0x78, 0x64, 0xbf, 0x09, 0xd3, 0x5d, 0x4a, 0xb1, 0x52, 0x85, 0xa1, - 0xbc, 0xac, 0xc3, 0xe8, 0x81, 0xac, 0x70, 0x2a, 0xe6, 0x38, 0xfb, 0xdb, 0x16, 0x9c, 0xcd, 0xb2, - 0x47, 0xdf, 0xb0, 0x60, 0x3a, 0xce, 0xf2, 0x3b, 0xad, 0xb6, 0x53, 0xc9, 0x10, 0x5d, 0x28, 0xdc, - 0xad, 0x84, 0xfd, 0xff, 0x84, 0x79, 0xba, 0xe3, 0x05, 0xb5, 0xf0, 0xbe, 0x9a, 0x5c, 0xac, 0xbe, - 0x93, 0x0b, 0x1d, 0x62, 0xee, 0x2e, 0xa9, 0xb5, 0xfd, 0xae, 0xe3, 0x1e, 0x5b, 0x02, 0x8e, 0x15, - 0x45, 0xea, 0x66, 0xcc, 0xe2, 0xb1, 0x37, 0x63, 0xbe, 0x01, 0x13, 0xe6, 0x85, 0x34, 0xe2, 0xec, - 0x38, 0xf3, 0x55, 0xcc, 0xbb, 0x6b, 0x70, 0x8a, 0x2a, 0x73, 0x25, 0x61, 0xe9, 0xd8, 0x2b, 0x09, - 0x5f, 0x81, 0xb2, 0xb8, 0x5e, 0x4f, 0xa6, 0x0c, 0xf1, 0xb3, 0x24, 0x02, 0x86, 0x15, 0x96, 0x1a, - 0x88, 0xa6, 0x13, 0xb4, 0x1d, 0x9f, 0xb6, 0x90, 0x38, 0x62, 0xa6, 0x46, 0xd6, 0x9a, 0xc2, 0x60, - 0x83, 0x8a, 0xbe, 0x71, 0xe2, 0x35, 0xc9, 0xbb, 0x61, 0x20, 0x83, 0xed, 0x7a, 0xbb, 0x4f, 0xc0, - 0xb1, 0xa2, 0xb0, 0xff, 0xbb, 0x05, 0xd9, 0xbb, 0xc1, 0x52, 0x0b, 0x40, 0xeb, 0xd8, 0x63, 0x6d, - 0xe9, 0x23, 0x3b, 0x85, 0x81, 0x8e, 0xec, 0x98, 0xa7, 0x69, 0x8a, 0x0f, 0x3d, 0x4d, 0xf3, 0x23, - 0xba, 0xe0, 0x35, 0x3f, 0x76, 0x33, 0xde, 0xab, 0xd8, 0x35, 0xb2, 0x61, 0xd4, 0x75, 0xd4, 0xa9, - 0xe1, 0x09, 0xee, 0x56, 0x2d, 0x2e, 0x30, 0x22, 0x81, 0xa9, 0xee, 0x7c, 0xe7, 0x07, 0x97, 0x9e, - 0xf9, 0xee, 0x0f, 0x2e, 0x3d, 0xf3, 0x07, 0x3f, 0xb8, 0xf4, 0xcc, 0x67, 0x8e, 0x2e, 0x59, 0xdf, - 0x39, 0xba, 0x64, 0x7d, 0xf7, 0xe8, 0x92, 0xf5, 0x07, 0x47, 0x97, 0xac, 0xef, 0x1f, 0x5d, 0xb2, - 0xbe, 0xfa, 0x5f, 0x2f, 0x3d, 0xf3, 0x6e, 0xcf, 0xe4, 0x08, 0xfa, 0xe3, 0x35, 0xb7, 0x36, 0xbf, - 0x7f, 0x85, 0xc5, 0xe7, 0xe9, 0x68, 0x98, 0x37, 0xba, 0xc0, 0xbc, 0x1c, 0x0d, 0xff, 0x3f, 0x00, - 0x00, 0xff, 0xff, 0xf8, 0x50, 0x29, 0x0f, 0x69, 0xb2, 0x00, 0x00, + 0x83, 0xc4, 0x6b, 0x92, 0xae, 0x07, 0x3e, 0x7c, 0xdc, 0x03, 0xb1, 0xbb, 0x4b, 0x9a, 0x4e, 0xf6, + 0x39, 0xfb, 0x6d, 0x98, 0x5c, 0xb8, 0xb3, 0xb5, 0xd0, 0x4e, 0x76, 0x17, 0xc3, 0xa0, 0xee, 0x35, + 0xd0, 0x87, 0x60, 0xdc, 0xf5, 0xdb, 0x71, 0x42, 0xa2, 0x75, 0xa7, 0x49, 0x66, 0xac, 0xcb, 0xd6, + 0x8b, 0x95, 0xea, 0xb9, 0xef, 0x1c, 0xce, 0xbe, 0xef, 0xe8, 0x70, 0x76, 0x7c, 0x51, 0xa3, 0xb0, + 0x49, 0x87, 0x7e, 0x14, 0xc6, 0xa2, 0xd0, 0x27, 0x0b, 0x78, 0x7d, 0xa6, 0xc0, 0x1e, 0x39, 0x23, + 0x1e, 0x19, 0xc3, 0x1c, 0x8c, 0x25, 0xde, 0xfe, 0x83, 0x02, 0xc0, 0x42, 0xab, 0xb5, 0x19, 0x85, + 0x77, 0x89, 0x9b, 0xa0, 0x4f, 0x41, 0x99, 0xb6, 0x42, 0xcd, 0x49, 0x1c, 0x26, 0x6d, 0xfc, 0xca, + 0x5f, 0x9d, 0xe3, 0x2f, 0x33, 0x67, 0xbe, 0x8c, 0xee, 0x03, 0x94, 0x7a, 0x6e, 0xff, 0x95, 0xb9, + 0x8d, 0x1d, 0xfa, 0xfc, 0x1a, 0x49, 0x9c, 0x2a, 0x12, 0xc2, 0x40, 0xc3, 0xb0, 0xe2, 0x8a, 0x02, + 0x18, 0x89, 0x5b, 0xc4, 0x65, 0x8a, 0x8d, 0x5f, 0x59, 0x9d, 0x3b, 0x49, 0x67, 0x9b, 0xd3, 0x9a, + 0x6f, 0xb5, 0x88, 0x5b, 0x9d, 0x10, 0x92, 0x47, 0xe8, 0x3f, 0xcc, 0xe4, 0xa0, 0x7d, 0x18, 0x8d, + 0x13, 0x27, 0x69, 0xc7, 0x33, 0x45, 0x26, 0x71, 0x3d, 0x37, 0x89, 0x8c, 0x6b, 0x75, 0x4a, 0xc8, + 0x1c, 0xe5, 0xff, 0xb1, 0x90, 0x66, 0xff, 0x57, 0x0b, 0xa6, 0x34, 0xf1, 0xaa, 0x17, 0x27, 0xe8, + 0x67, 0xba, 0x1a, 0x77, 0x6e, 0xb0, 0xc6, 0xa5, 0x4f, 0xb3, 0xa6, 0x3d, 0x2b, 0x84, 0x95, 0x25, + 0xc4, 0x68, 0xd8, 0x26, 0x94, 0xbc, 0x84, 0x34, 0xe3, 0x99, 0xc2, 0xe5, 0xe2, 0x8b, 0xe3, 0x57, + 0xae, 0xe7, 0xf5, 0x9e, 0xd5, 0x49, 0x21, 0xb4, 0xb4, 0x42, 0xd9, 0x63, 0x2e, 0xc5, 0xfe, 0xed, + 0x09, 0xf3, 0xfd, 0x68, 0x83, 0xa3, 0x57, 0x60, 0x3c, 0x0e, 0xdb, 0x91, 0x4b, 0x30, 0x69, 0x85, + 0xf1, 0x8c, 0x75, 0xb9, 0x48, 0xbb, 0x1e, 0xed, 0xa9, 0x5b, 0x1a, 0x8c, 0x4d, 0x1a, 0xf4, 0x25, + 0x0b, 0x26, 0x6a, 0x24, 0x4e, 0xbc, 0x80, 0xc9, 0x97, 0xca, 0x6f, 0x9f, 0x58, 0x79, 0x09, 0x5c, + 0xd2, 0xcc, 0xab, 0xe7, 0xc5, 0x8b, 0x4c, 0x18, 0xc0, 0x18, 0xa7, 0xe4, 0xd3, 0x11, 0x57, 0x23, + 0xb1, 0x1b, 0x79, 0x2d, 0xfa, 0x9f, 0xf5, 0x19, 0x63, 0xc4, 0x2d, 0x69, 0x14, 0x36, 0xe9, 0x50, + 0x00, 0x25, 0x3a, 0xa2, 0xe2, 0x99, 0x11, 0xa6, 0xff, 0xca, 0xc9, 0xf4, 0x17, 0x8d, 0x4a, 0x07, + 0xab, 0x6e, 0x7d, 0xfa, 0x2f, 0xc6, 0x5c, 0x0c, 0xfa, 0xa2, 0x05, 0x33, 0x62, 0xc4, 0x63, 0xc2, + 0x1b, 0xf4, 0xce, 0xae, 0x97, 0x10, 0xdf, 0x8b, 0x93, 0x99, 0x12, 0xd3, 0x61, 0x7e, 0xb0, 0xbe, + 0xb5, 0x1c, 0x85, 0xed, 0xd6, 0x4d, 0x2f, 0xa8, 0x55, 0x2f, 0x0b, 0x49, 0x33, 0x8b, 0x7d, 0x18, + 0xe3, 0xbe, 0x22, 0xd1, 0xd7, 0x2c, 0xb8, 0x18, 0x38, 0x4d, 0x12, 0xb7, 0x1c, 0xfa, 0x69, 0x39, + 0xba, 0xea, 0x3b, 0xee, 0x1e, 0xd3, 0x68, 0xf4, 0xe1, 0x34, 0xb2, 0x85, 0x46, 0x17, 0xd7, 0xfb, + 0xb2, 0xc6, 0x0f, 0x10, 0x8b, 0x7e, 0xc3, 0x82, 0xe9, 0x30, 0x6a, 0xed, 0x3a, 0x01, 0xa9, 0x49, + 0x6c, 0x3c, 0x33, 0xc6, 0x86, 0xde, 0x27, 0x4e, 0xf6, 0x89, 0x36, 0xb2, 0x6c, 0xd7, 0xc2, 0xc0, + 0x4b, 0xc2, 0x68, 0x8b, 0x24, 0x89, 0x17, 0x34, 0xe2, 0xea, 0x85, 0xa3, 0xc3, 0xd9, 0xe9, 0x2e, + 0x2a, 0xdc, 0xad, 0x0f, 0xfa, 0x59, 0x18, 0x8f, 0x3b, 0x81, 0x7b, 0xc7, 0x0b, 0x6a, 0xe1, 0xbd, + 0x78, 0xa6, 0x9c, 0xc7, 0xf0, 0xdd, 0x52, 0x0c, 0xc5, 0x00, 0xd4, 0x02, 0xb0, 0x29, 0xad, 0xf7, + 0x87, 0xd3, 0x5d, 0xa9, 0x92, 0xf7, 0x87, 0xd3, 0x9d, 0xe9, 0x01, 0x62, 0xd1, 0xaf, 0x5a, 0x30, + 0x19, 0x7b, 0x8d, 0xc0, 0x49, 0xda, 0x11, 0xb9, 0x49, 0x3a, 0xf1, 0x0c, 0x30, 0x45, 0x6e, 0x9c, + 0xb0, 0x55, 0x0c, 0x96, 0xd5, 0x0b, 0x42, 0xc7, 0x49, 0x13, 0x1a, 0xe3, 0xb4, 0xdc, 0x5e, 0x03, + 0x4d, 0x77, 0xeb, 0xf1, 0x7c, 0x07, 0x9a, 0xee, 0xd4, 0x7d, 0x45, 0xa2, 0x9f, 0x82, 0xb3, 0x1c, + 0xa4, 0x5a, 0x36, 0x9e, 0x99, 0x60, 0x86, 0xf6, 0xfc, 0xd1, 0xe1, 0xec, 0xd9, 0xad, 0x0c, 0x0e, + 0x77, 0x51, 0xa3, 0xb7, 0x61, 0xb6, 0x45, 0xa2, 0xa6, 0x97, 0x6c, 0x04, 0x7e, 0x47, 0x9a, 0x6f, + 0x37, 0x6c, 0x91, 0x9a, 0x50, 0x27, 0x9e, 0x99, 0xbc, 0x6c, 0xbd, 0x58, 0xae, 0x7e, 0x40, 0xa8, + 0x39, 0xbb, 0xf9, 0x60, 0x72, 0x7c, 0x1c, 0x3f, 0xfb, 0xdf, 0x16, 0xe0, 0x6c, 0x76, 0xe2, 0x44, + 0xbf, 0x65, 0xc1, 0x99, 0xbb, 0xf7, 0x92, 0xed, 0x70, 0x8f, 0x04, 0x71, 0xb5, 0x43, 0xcd, 0x1b, + 0x9b, 0x32, 0xc6, 0xaf, 0xb8, 0xf9, 0x4e, 0xd1, 0x73, 0x37, 0xd2, 0x52, 0xae, 0x06, 0x49, 0xd4, + 0xa9, 0x3e, 0x2d, 0xde, 0xee, 0xcc, 0x8d, 0x3b, 0xdb, 0x26, 0x16, 0x67, 0x95, 0xba, 0xf8, 0x79, + 0x0b, 0xce, 0xf7, 0x62, 0x81, 0xce, 0x42, 0x71, 0x8f, 0x74, 0xb8, 0x57, 0x86, 0xe9, 0x4f, 0xf4, + 0x71, 0x28, 0xed, 0x3b, 0x7e, 0x9b, 0x08, 0xef, 0x66, 0xf9, 0x64, 0x2f, 0xa2, 0x34, 0xc3, 0x9c, + 0xeb, 0x8f, 0x17, 0x5e, 0xb3, 0xec, 0xff, 0x50, 0x84, 0x71, 0x63, 0x7e, 0x7b, 0x04, 0x1e, 0x5b, + 0x98, 0xf2, 0xd8, 0xd6, 0x72, 0x9b, 0x9a, 0xfb, 0xba, 0x6c, 0xf7, 0x32, 0x2e, 0xdb, 0x46, 0x7e, + 0x22, 0x1f, 0xe8, 0xb3, 0xa1, 0x04, 0x2a, 0x61, 0x8b, 0x7a, 0xe4, 0x74, 0xea, 0x1f, 0xc9, 0xe3, + 0x13, 0x6e, 0x48, 0x76, 0xd5, 0xc9, 0xa3, 0xc3, 0xd9, 0x8a, 0xfa, 0x8b, 0xb5, 0x20, 0xfb, 0x7b, + 0x16, 0x9c, 0x37, 0x74, 0x5c, 0x0c, 0x83, 0x9a, 0xc7, 0x3e, 0xed, 0x65, 0x18, 0x49, 0x3a, 0x2d, + 0xe9, 0xf6, 0xab, 0x96, 0xda, 0xee, 0xb4, 0x08, 0x66, 0x18, 0xea, 0xe8, 0x37, 0x49, 0x1c, 0x3b, + 0x0d, 0x92, 0x75, 0xf4, 0xd7, 0x38, 0x18, 0x4b, 0x3c, 0x8a, 0x00, 0xf9, 0x4e, 0x9c, 0x6c, 0x47, + 0x4e, 0x10, 0x33, 0xf6, 0xdb, 0x5e, 0x93, 0x88, 0x06, 0xfe, 0x2b, 0x83, 0xf5, 0x18, 0xfa, 0x44, + 0xf5, 0xa9, 0xa3, 0xc3, 0x59, 0xb4, 0xda, 0xc5, 0x09, 0xf7, 0xe0, 0x6e, 0x7f, 0xcd, 0x82, 0xa7, + 0x7a, 0xfb, 0x62, 0xe8, 0xfd, 0x30, 0xca, 0x57, 0x6f, 0xe2, 0xed, 0xf4, 0x27, 0x61, 0x50, 0x2c, + 0xb0, 0x68, 0x1e, 0x2a, 0x6a, 0x9e, 0x10, 0xef, 0x38, 0x2d, 0x48, 0x2b, 0x7a, 0x72, 0xd1, 0x34, + 0xb4, 0xd1, 0xe8, 0x1f, 0xe1, 0xb9, 0xa9, 0x46, 0x63, 0x8b, 0x24, 0x86, 0xb1, 0xff, 0xd8, 0x82, + 0x33, 0x86, 0x56, 0x8f, 0xc0, 0x35, 0x0f, 0xd2, 0xae, 0xf9, 0x4a, 0x6e, 0xfd, 0xb9, 0x8f, 0x6f, + 0x7e, 0x54, 0x60, 0xbe, 0xb9, 0xea, 0xf5, 0xe4, 0x51, 0x2c, 0xec, 0xa2, 0x94, 0x99, 0xd8, 0xcc, + 0x6f, 0xcc, 0x92, 0xfe, 0x8b, 0xbb, 0x77, 0x32, 0x96, 0x02, 0xe7, 0x2a, 0xf5, 0xc1, 0x0b, 0xbc, + 0x3f, 0x2d, 0xc0, 0xd3, 0xe9, 0x07, 0xf4, 0xc8, 0xfd, 0x48, 0x6a, 0xe4, 0x7e, 0xd0, 0x1c, 0xb9, + 0xf7, 0x0f, 0x67, 0x9f, 0xed, 0xf3, 0xd8, 0x0f, 0xcc, 0xc0, 0x46, 0xcb, 0xaa, 0xdd, 0x47, 0x98, + 0x76, 0xf3, 0xe9, 0x36, 0xba, 0x7f, 0x38, 0xfb, 0x7c, 0x9f, 0x77, 0xcc, 0x58, 0xdc, 0xf7, 0xc3, + 0x68, 0x44, 0x9c, 0x38, 0x0c, 0x66, 0x4a, 0x69, 0x33, 0x80, 0x19, 0x14, 0x0b, 0xac, 0xfd, 0xc7, + 0xe5, 0x6c, 0x63, 0x2f, 0xf3, 0xbd, 0x93, 0x30, 0x42, 0x1e, 0x8c, 0x30, 0x6f, 0x8c, 0x77, 0xeb, + 0x9b, 0x27, 0xeb, 0x02, 0x74, 0xf4, 0x2a, 0xd6, 0xd5, 0x32, 0xfd, 0x6a, 0x14, 0x84, 0x99, 0x08, + 0x74, 0x00, 0x65, 0x57, 0x3a, 0x49, 0x85, 0x3c, 0xb6, 0x13, 0x84, 0x8b, 0xa4, 0x25, 0x4e, 0x50, + 0x13, 0xa2, 0x3c, 0x2b, 0x25, 0x0d, 0x11, 0x28, 0x36, 0xbc, 0x44, 0x7c, 0xd6, 0x13, 0xba, 0xc1, + 0xcb, 0x9e, 0xf1, 0x8a, 0x63, 0x47, 0x87, 0xb3, 0xc5, 0x65, 0x2f, 0xc1, 0x94, 0x3f, 0xfa, 0x15, + 0x0b, 0xc6, 0x63, 0xb7, 0xb9, 0x19, 0x85, 0xfb, 0x5e, 0x8d, 0x44, 0x62, 0x12, 0x3c, 0xe1, 0xb0, + 0xda, 0x5a, 0x5c, 0x93, 0x0c, 0xb5, 0x5c, 0xbe, 0x2c, 0xd1, 0x18, 0x6c, 0xca, 0xa5, 0xce, 0xe1, + 0xd3, 0xe2, 0xdd, 0x97, 0x88, 0xeb, 0xc5, 0x74, 0xca, 0x14, 0xbe, 0x30, 0xeb, 0x29, 0x27, 0x76, + 0x0a, 0x96, 0xda, 0xee, 0x1e, 0x1d, 0x6f, 0x5a, 0xa1, 0x67, 0x8f, 0x0e, 0x67, 0x9f, 0x5e, 0xec, + 0x2d, 0x13, 0xf7, 0x53, 0x86, 0x35, 0x58, 0xab, 0xed, 0xfb, 0x98, 0xbc, 0xdd, 0x26, 0x6c, 0xa5, + 0x9b, 0x43, 0x83, 0x6d, 0x6a, 0x86, 0x99, 0x06, 0x33, 0x30, 0xd8, 0x94, 0x8b, 0xde, 0x86, 0xd1, + 0xa6, 0x93, 0x44, 0xde, 0x81, 0x58, 0xde, 0x9e, 0xd0, 0x4d, 0x5b, 0x63, 0xbc, 0xb4, 0x70, 0xa0, + 0x63, 0x92, 0x03, 0xb1, 0x10, 0x84, 0x9a, 0x50, 0x6a, 0x92, 0xa8, 0x41, 0x66, 0xca, 0x79, 0x6c, + 0xe5, 0xad, 0x51, 0x56, 0x5a, 0x60, 0x85, 0x4e, 0x6a, 0x0c, 0x86, 0xb9, 0x14, 0xf4, 0x71, 0x28, + 0xc7, 0xc4, 0x27, 0x6e, 0x12, 0x46, 0x33, 0x15, 0x26, 0xf1, 0xc7, 0x06, 0x9c, 0xa2, 0x9d, 0x1d, + 0xe2, 0x6f, 0x89, 0x47, 0xf9, 0x00, 0x93, 0xff, 0xb0, 0x62, 0x69, 0xff, 0x77, 0x0b, 0x50, 0xda, + 0xc2, 0x3c, 0x02, 0xc7, 0xe0, 0xed, 0xb4, 0x63, 0xb0, 0x9a, 0xe7, 0xf4, 0xd5, 0xc7, 0x37, 0xf8, + 0x4e, 0x19, 0x32, 0xb6, 0x79, 0x9d, 0xc4, 0x09, 0xa9, 0xbd, 0x67, 0x4f, 0xdf, 0xb3, 0xa7, 0xef, + 0xd9, 0x53, 0x65, 0x4f, 0x77, 0x32, 0xf6, 0xf4, 0x0d, 0x63, 0xd4, 0xeb, 0x33, 0xa6, 0x4f, 0xaa, + 0x43, 0x28, 0x53, 0x03, 0x83, 0x80, 0x5a, 0x82, 0x1b, 0x5b, 0x1b, 0xeb, 0x3d, 0x0d, 0xe8, 0x27, + 0xd3, 0x06, 0xf4, 0xa4, 0x22, 0x1e, 0xb9, 0xc9, 0x3c, 0x2a, 0x66, 0x4d, 0x26, 0x3b, 0x06, 0xb8, + 0x02, 0xd0, 0x08, 0xb7, 0x49, 0xb3, 0xe5, 0x3b, 0x09, 0x77, 0x81, 0xcb, 0x7a, 0xe9, 0xb0, 0xac, + 0x30, 0xd8, 0xa0, 0x42, 0x7f, 0xd3, 0x02, 0x68, 0xc8, 0x4f, 0x23, 0xcd, 0xe1, 0xad, 0x3c, 0xcd, + 0xa1, 0xfe, 0xf0, 0x5a, 0x17, 0x25, 0x10, 0x1b, 0xc2, 0xd1, 0x67, 0x2d, 0x28, 0x27, 0x52, 0x7d, + 0x6e, 0x20, 0xb6, 0xf3, 0xd4, 0x44, 0xbe, 0xb4, 0x9e, 0x19, 0x54, 0x93, 0x28, 0xb9, 0xe8, 0x6f, + 0x58, 0x00, 0x71, 0x27, 0x70, 0x37, 0x43, 0xdf, 0x73, 0x3b, 0xc2, 0x6e, 0xdc, 0xce, 0x75, 0x79, + 0xa3, 0xb8, 0x57, 0xa7, 0x68, 0x6b, 0xe8, 0xff, 0xd8, 0x90, 0x6c, 0x7f, 0x33, 0xbd, 0x3b, 0xa1, + 0xd6, 0x45, 0xec, 0x93, 0xb9, 0xd2, 0xad, 0x8f, 0xc5, 0xd6, 0x5d, 0xae, 0x9f, 0x4c, 0x2d, 0x1a, + 0xf4, 0x27, 0x53, 0xa0, 0x18, 0x1b, 0xc2, 0xed, 0xcf, 0x58, 0x30, 0xd3, 0xef, 0xed, 0x10, 0x81, + 0x67, 0x5b, 0x11, 0x61, 0x63, 0x48, 0x6d, 0xba, 0x6f, 0x04, 0x4b, 0xc4, 0x27, 0x6c, 0x9f, 0x87, + 0x77, 0xd0, 0x17, 0x84, 0x84, 0x67, 0x37, 0xfb, 0x93, 0xe2, 0x07, 0xf1, 0xb1, 0x7f, 0xb3, 0x90, + 0xda, 0xec, 0x30, 0x3e, 0x34, 0xfa, 0xba, 0xd5, 0xe5, 0x45, 0xfc, 0xf4, 0x69, 0xf4, 0x28, 0xe6, + 0x6f, 0xa8, 0xbd, 0xf7, 0xfe, 0x34, 0x8f, 0x71, 0x73, 0xcf, 0xfe, 0xf7, 0x23, 0xf0, 0x00, 0xcd, + 0xd4, 0xf6, 0x8d, 0xd5, 0x6f, 0xfb, 0x66, 0xf8, 0x1d, 0xa1, 0x2f, 0x58, 0x30, 0xea, 0x53, 0x83, + 0x16, 0xcf, 0x14, 0x59, 0x27, 0xad, 0x9d, 0x56, 0xdb, 0x73, 0xbb, 0x19, 0xf3, 0x0d, 0x66, 0xb5, + 0x94, 0xe5, 0x40, 0x2c, 0x74, 0x40, 0xdf, 0xb0, 0x60, 0xdc, 0x09, 0x82, 0x30, 0x11, 0x27, 0x9e, + 0xfc, 0xc4, 0xd0, 0x3b, 0x35, 0x9d, 0x16, 0xb4, 0x2c, 0xae, 0x98, 0x3a, 0xcd, 0x34, 0x30, 0xd8, + 0x54, 0x09, 0xcd, 0x01, 0xd4, 0xbd, 0xc0, 0xf1, 0xbd, 0x77, 0xa8, 0x63, 0x56, 0x62, 0xc7, 0x0b, + 0xcc, 0x46, 0x5c, 0x53, 0x50, 0x6c, 0x50, 0x5c, 0xfc, 0xeb, 0x30, 0x6e, 0xbc, 0x79, 0x8f, 0x7d, + 0xf1, 0xf3, 0xe6, 0xbe, 0x78, 0xc5, 0xd8, 0xce, 0xbe, 0xf8, 0x06, 0x9c, 0xcd, 0x2a, 0x38, 0xcc, + 0xf3, 0xf6, 0x6f, 0x8d, 0xc2, 0x6c, 0xf6, 0xe5, 0xa3, 0x26, 0x55, 0xed, 0x3d, 0x87, 0xf6, 0x3d, + 0x87, 0xf6, 0x3d, 0x87, 0x56, 0xfe, 0xb1, 0xbf, 0x5d, 0x82, 0x69, 0x73, 0xa0, 0x70, 0xed, 0x7e, + 0x14, 0xc6, 0x22, 0xd2, 0x0a, 0x6f, 0xe1, 0x55, 0x61, 0x71, 0x75, 0xa4, 0x10, 0x07, 0x63, 0x89, + 0xa7, 0x96, 0xb9, 0xe5, 0x24, 0xbb, 0xc2, 0xe4, 0x2a, 0xcb, 0xbc, 0xe9, 0x24, 0xbb, 0x98, 0x61, + 0xd0, 0x1b, 0x30, 0x95, 0x38, 0x51, 0x83, 0x24, 0x98, 0xec, 0xb3, 0x46, 0x10, 0xbb, 0x83, 0x4f, + 0x09, 0xda, 0xa9, 0xed, 0x14, 0x16, 0x67, 0xa8, 0xd1, 0xdb, 0x30, 0xb2, 0x4b, 0xfc, 0xa6, 0xf0, + 0xb8, 0xb7, 0xf2, 0xb3, 0x88, 0xec, 0x5d, 0xaf, 0x13, 0xbf, 0xc9, 0xc7, 0x2b, 0xfd, 0x85, 0x99, + 0x28, 0xfa, 0x75, 0x2a, 0x7b, 0xed, 0x38, 0x09, 0x9b, 0xde, 0x3b, 0xd2, 0x0f, 0xff, 0xe9, 0x9c, + 0x05, 0xdf, 0x94, 0xfc, 0xf9, 0x19, 0x90, 0xfa, 0x8b, 0xb5, 0x64, 0xa6, 0x47, 0xcd, 0x8b, 0x98, + 0x5f, 0xdd, 0x99, 0x81, 0x53, 0xd1, 0x63, 0x49, 0xf2, 0xe7, 0x7a, 0xa8, 0xbf, 0x58, 0x4b, 0x46, + 0x1d, 0x18, 0x6d, 0xf9, 0xed, 0x86, 0x17, 0xcc, 0x8c, 0x33, 0x1d, 0x6e, 0xe5, 0xac, 0xc3, 0x26, + 0x63, 0xce, 0x57, 0x43, 0xfc, 0x37, 0x16, 0x02, 0xd1, 0x0b, 0x50, 0x72, 0x77, 0x9d, 0x28, 0x99, + 0x99, 0x60, 0x9d, 0x46, 0xed, 0x5e, 0x2c, 0x52, 0x20, 0xe6, 0x38, 0xfb, 0x1f, 0x14, 0xd2, 0xde, + 0x43, 0xfa, 0xc5, 0x78, 0x77, 0x76, 0xdb, 0x51, 0x2c, 0xd7, 0x1d, 0x46, 0x77, 0x66, 0x60, 0x2c, + 0xf1, 0xe8, 0x33, 0x16, 0x8c, 0xdd, 0x8d, 0xc3, 0x20, 0x20, 0x89, 0xb0, 0xd4, 0xb7, 0x73, 0x7e, + 0xd7, 0x1b, 0x9c, 0xbb, 0xd6, 0x41, 0x00, 0xb0, 0x94, 0x4b, 0xd5, 0x25, 0x07, 0xae, 0xdf, 0xae, + 0xc9, 0xe3, 0x2a, 0x45, 0x7a, 0x95, 0x83, 0xb1, 0xc4, 0x53, 0x52, 0x2f, 0xe0, 0xa4, 0x23, 0x69, + 0xd2, 0x95, 0x40, 0x90, 0x0a, 0xbc, 0xfd, 0x3b, 0x25, 0xb8, 0xd0, 0xb3, 0xf7, 0xd3, 0x79, 0x9d, + 0xcd, 0x9c, 0xd7, 0x3c, 0x9f, 0xc8, 0xf8, 0x2c, 0x36, 0xaf, 0xdf, 0x56, 0x50, 0x6c, 0x50, 0xa0, + 0x5f, 0x04, 0x68, 0x39, 0x91, 0xd3, 0x24, 0x62, 0x3e, 0x2b, 0x9e, 0x7c, 0xfa, 0xa4, 0x7a, 0x6c, + 0x4a, 0x9e, 0xda, 0xaf, 0x57, 0xa0, 0x18, 0x1b, 0x22, 0xd1, 0x87, 0x60, 0x3c, 0x22, 0x3e, 0x71, + 0x62, 0x16, 0xc0, 0x90, 0x8d, 0xc6, 0xc2, 0x1a, 0x85, 0x4d, 0x3a, 0xf4, 0x7e, 0x18, 0x65, 0x6f, + 0x21, 0x8f, 0x27, 0x94, 0x2b, 0xc6, 0xde, 0x33, 0xc6, 0x02, 0x8b, 0xbe, 0x6c, 0xc1, 0x54, 0xdd, + 0xf3, 0x89, 0x96, 0x2e, 0x62, 0xa7, 0x36, 0x4e, 0xfe, 0x92, 0xd7, 0x4c, 0xbe, 0xda, 0x04, 0xa6, + 0xc0, 0x31, 0xce, 0x88, 0xa7, 0x9f, 0x79, 0x9f, 0x44, 0xcc, 0x76, 0x8e, 0xa6, 0x3f, 0xf3, 0x6d, + 0x0e, 0xc6, 0x12, 0x8f, 0x16, 0xe0, 0x4c, 0xcb, 0x89, 0xe3, 0xc5, 0x88, 0xd4, 0x48, 0x90, 0x78, + 0x8e, 0xcf, 0x23, 0x9b, 0xca, 0x3a, 0xb2, 0x61, 0x33, 0x8d, 0xc6, 0x59, 0x7a, 0xf4, 0x51, 0x78, + 0xda, 0x6b, 0x04, 0x61, 0x44, 0xd6, 0xbc, 0x38, 0xf6, 0x82, 0x86, 0xee, 0x06, 0xcc, 0x14, 0x96, + 0xab, 0xb3, 0x82, 0xd5, 0xd3, 0x2b, 0xbd, 0xc9, 0x70, 0xbf, 0xe7, 0xd1, 0x4b, 0x50, 0x8e, 0xf7, + 0xbc, 0xd6, 0x62, 0x54, 0x8b, 0xd9, 0xd6, 0x43, 0x59, 0xaf, 0x76, 0xb7, 0x04, 0x1c, 0x2b, 0x0a, + 0xfb, 0xd7, 0x0a, 0xe9, 0xf5, 0x9b, 0x39, 0x7e, 0x50, 0x4c, 0x47, 0x49, 0x72, 0xdb, 0x89, 0xe4, + 0x22, 0xf3, 0x84, 0xb1, 0x51, 0x82, 0xef, 0x6d, 0x27, 0x32, 0xc7, 0x1b, 0x13, 0x80, 0xa5, 0x24, + 0x74, 0x17, 0x46, 0x12, 0xdf, 0xc9, 0x29, 0x98, 0xd2, 0x90, 0xa8, 0x4f, 0xf1, 0x57, 0x17, 0x62, + 0xcc, 0x64, 0xa0, 0xe7, 0xa8, 0x7f, 0xba, 0xc3, 0x57, 0x27, 0x15, 0xe9, 0x52, 0xee, 0xc4, 0x98, + 0x41, 0xed, 0xff, 0x3d, 0xda, 0xc3, 0xe4, 0xa9, 0x49, 0x04, 0x5d, 0x01, 0xa0, 0x4b, 0x9d, 0xcd, + 0x88, 0xd4, 0xbd, 0x03, 0x31, 0x89, 0xab, 0x61, 0xb5, 0xae, 0x30, 0xd8, 0xa0, 0x92, 0xcf, 0x6c, + 0xb5, 0xeb, 0xf4, 0x99, 0x42, 0xf7, 0x33, 0x1c, 0x83, 0x0d, 0x2a, 0xf4, 0x2a, 0x8c, 0x7a, 0x4d, + 0xa7, 0x41, 0xa4, 0x9a, 0xcf, 0xd1, 0xf1, 0xb4, 0xc2, 0x20, 0xf7, 0x0f, 0x67, 0xa7, 0x94, 0x42, + 0x0c, 0x84, 0x05, 0x2d, 0xfa, 0x4d, 0x0b, 0x26, 0xdc, 0xb0, 0xd9, 0x0c, 0x03, 0xbe, 0x40, 0x10, + 0xab, 0x9d, 0xbb, 0xa7, 0x35, 0xc5, 0xce, 0x2d, 0x1a, 0xc2, 0xf8, 0x72, 0x47, 0x45, 0x7d, 0x9a, + 0x28, 0x9c, 0xd2, 0xca, 0x1c, 0x76, 0xa5, 0x63, 0x86, 0xdd, 0x3f, 0xb7, 0x60, 0x9a, 0x3f, 0x6b, + 0xac, 0x5b, 0x44, 0x80, 0x63, 0x78, 0xca, 0xaf, 0xd5, 0xb5, 0x94, 0x7b, 0x46, 0xa8, 0x39, 0xdd, + 0x85, 0xc7, 0xdd, 0x4a, 0xa2, 0x65, 0x98, 0xae, 0x87, 0x91, 0x4b, 0xcc, 0x86, 0x10, 0x36, 0x43, + 0x31, 0xba, 0x96, 0x25, 0xc0, 0xdd, 0xcf, 0xa0, 0xdb, 0xf0, 0x94, 0x01, 0x34, 0xdb, 0x81, 0x9b, + 0x8d, 0x4b, 0x82, 0xdb, 0x53, 0xd7, 0x7a, 0x52, 0xe1, 0x3e, 0x4f, 0x5f, 0xfc, 0x08, 0x4c, 0x77, + 0x7d, 0xbf, 0xa1, 0x56, 0x93, 0x4b, 0xf0, 0x54, 0xef, 0x96, 0x1a, 0x6a, 0x4d, 0xf9, 0xeb, 0x56, + 0xfa, 0xb0, 0xd9, 0xf0, 0x5c, 0x06, 0xd8, 0x9f, 0x70, 0xa0, 0x48, 0x82, 0x7d, 0x61, 0x38, 0xae, + 0x9d, 0xac, 0x47, 0x5c, 0x0d, 0xf6, 0xf9, 0x87, 0x66, 0x8b, 0xb0, 0xab, 0xc1, 0x3e, 0xa6, 0xbc, + 0xed, 0xbf, 0x33, 0x9a, 0x8a, 0x60, 0xd9, 0x92, 0x41, 0x53, 0x7c, 0xf9, 0x63, 0xe5, 0x1d, 0x34, + 0xc5, 0x43, 0x10, 0x75, 0x1c, 0x04, 0x5f, 0xf1, 0x08, 0x71, 0xe8, 0xf3, 0x16, 0x0b, 0x99, 0x96, + 0x91, 0x3d, 0xc2, 0x99, 0x3a, 0x9d, 0x08, 0x6e, 0x33, 0x10, 0x5b, 0x02, 0xb1, 0x29, 0x9d, 0x8e, + 0xe4, 0x16, 0x0f, 0xfe, 0xcb, 0xba, 0x54, 0x32, 0xa8, 0x5a, 0xe2, 0xd1, 0x41, 0x8f, 0x1d, 0xd6, + 0x1c, 0xc2, 0x6e, 0x8f, 0xdf, 0x53, 0x45, 0xdf, 0xb0, 0x60, 0x9a, 0x4f, 0x9c, 0x4b, 0x5e, 0xbd, + 0x4e, 0x22, 0x12, 0xb8, 0x44, 0xba, 0x1e, 0x77, 0x4e, 0xa6, 0x81, 0x5c, 0x77, 0xae, 0x64, 0xd9, + 0xeb, 0x21, 0xde, 0x85, 0xc2, 0xdd, 0xca, 0xa0, 0x1a, 0x8c, 0x78, 0x41, 0x3d, 0x14, 0x86, 0xad, + 0x7a, 0x32, 0xa5, 0x56, 0x82, 0x7a, 0xa8, 0xc7, 0x0a, 0xfd, 0x87, 0x19, 0x77, 0xb4, 0x0a, 0xe7, + 0x23, 0xb1, 0xfa, 0xbb, 0xee, 0xc5, 0xd4, 0x85, 0x5f, 0xf5, 0x9a, 0x5e, 0xc2, 0x8c, 0x52, 0xb1, + 0x3a, 0x73, 0x74, 0x38, 0x7b, 0x1e, 0xf7, 0xc0, 0xe3, 0x9e, 0x4f, 0xd9, 0x7f, 0x51, 0x49, 0x2f, + 0x71, 0xf9, 0x3e, 0xf5, 0xcf, 0x43, 0x25, 0x52, 0xb1, 0xdf, 0x56, 0x1e, 0xe7, 0xac, 0xb2, 0x8d, + 0x45, 0x80, 0x90, 0xda, 0x7d, 0xd4, 0x51, 0xde, 0x5a, 0x22, 0x75, 0x24, 0xe8, 0x97, 0x17, 0xc3, + 0x22, 0x87, 0xfe, 0x25, 0xa4, 0xea, 0xbd, 0xd5, 0x4e, 0xe0, 0x62, 0x26, 0x03, 0x45, 0x30, 0xba, + 0x4b, 0x1c, 0x3f, 0xd9, 0xcd, 0x67, 0x1b, 0xe8, 0x3a, 0xe3, 0x95, 0x0d, 0x83, 0xe2, 0x50, 0x2c, + 0x24, 0xa1, 0x03, 0x18, 0xdb, 0xe5, 0x1f, 0x41, 0xcc, 0xed, 0x6b, 0x27, 0x6d, 0xdc, 0xd4, 0x97, + 0xd5, 0xe3, 0x57, 0x00, 0xb0, 0x14, 0xc7, 0x8e, 0x48, 0x8c, 0x03, 0x08, 0x3e, 0x7c, 0xf2, 0x8b, + 0x00, 0x1b, 0xf8, 0xf4, 0x01, 0x7d, 0x0a, 0x26, 0x22, 0xe2, 0x86, 0x81, 0xeb, 0xf9, 0xa4, 0xb6, + 0x20, 0xb7, 0x78, 0x86, 0x89, 0xbd, 0x3a, 0x4b, 0xfd, 0x13, 0x6c, 0xf0, 0xc0, 0x29, 0x8e, 0xe8, + 0x73, 0x16, 0x4c, 0xa9, 0x80, 0x51, 0xfa, 0x41, 0x88, 0xd8, 0x24, 0x59, 0xcd, 0x29, 0x3c, 0x95, + 0xf1, 0xac, 0x22, 0xba, 0x42, 0x49, 0xc3, 0x70, 0x46, 0x2e, 0x7a, 0x0b, 0x20, 0xdc, 0x61, 0x87, + 0x20, 0xf4, 0x55, 0xcb, 0x43, 0xbf, 0xea, 0x14, 0x0f, 0x20, 0x94, 0x1c, 0xb0, 0xc1, 0x0d, 0xdd, + 0x04, 0xe0, 0xc3, 0x66, 0xbb, 0xd3, 0x22, 0x6c, 0xd9, 0xa0, 0x83, 0xe7, 0x60, 0x4b, 0x61, 0xee, + 0x1f, 0xce, 0x76, 0x2f, 0x70, 0x59, 0xf0, 0x9c, 0xf1, 0x38, 0xfa, 0x59, 0x18, 0x8b, 0xdb, 0xcd, + 0xa6, 0xa3, 0xf6, 0x53, 0x72, 0x0c, 0x49, 0xe4, 0x7c, 0x75, 0xdf, 0x14, 0x00, 0x2c, 0x25, 0xa2, + 0xbb, 0xd4, 0xb0, 0xc5, 0x62, 0xe5, 0xcd, 0x46, 0x11, 0x9f, 0x9b, 0xc7, 0xd9, 0x3b, 0x7d, 0x58, + 0x3c, 0x77, 0x1e, 0xf7, 0xa0, 0xb9, 0x7f, 0x38, 0xfb, 0x54, 0x1a, 0xbe, 0x1a, 0x72, 0xb1, 0xb8, + 0x27, 0x4f, 0x3b, 0x48, 0x9f, 0xc2, 0x0a, 0x0d, 0x5e, 0x85, 0x09, 0x72, 0x90, 0x90, 0x28, 0x70, + 0xfc, 0x5b, 0x78, 0x55, 0xae, 0xf6, 0x59, 0x47, 0xbb, 0x6a, 0xc0, 0x71, 0x8a, 0x0a, 0xd9, 0xca, + 0xcb, 0x2f, 0x30, 0x7a, 0xd0, 0x5e, 0xbe, 0xf4, 0xe9, 0xed, 0xff, 0x57, 0x48, 0x79, 0x1f, 0xdb, + 0x11, 0x21, 0x28, 0x84, 0x52, 0x10, 0xd6, 0x94, 0x81, 0xbd, 0x91, 0x8f, 0x81, 0x5d, 0x0f, 0x6b, + 0x46, 0x02, 0x14, 0xfd, 0x17, 0x63, 0x2e, 0x87, 0x65, 0x88, 0xc8, 0x54, 0x1a, 0x86, 0x10, 0x0e, + 0x57, 0x9e, 0x92, 0x55, 0x86, 0xc8, 0x86, 0x29, 0x08, 0xa7, 0xe5, 0xa2, 0x3d, 0x28, 0xed, 0x86, + 0x71, 0x22, 0x0f, 0x97, 0x4e, 0xe8, 0xf1, 0x5d, 0x0f, 0xe3, 0x84, 0x4d, 0x97, 0xea, 0xb5, 0x29, + 0x24, 0xc6, 0x5c, 0x86, 0xfd, 0x27, 0x56, 0x6a, 0x6f, 0xe7, 0x8e, 0x93, 0xb8, 0xbb, 0x57, 0xf7, + 0x49, 0x40, 0xc7, 0x8e, 0x19, 0x72, 0xfa, 0xd7, 0x32, 0x21, 0xa7, 0x1f, 0xe8, 0x97, 0x91, 0x7a, + 0x8f, 0x72, 0x98, 0x63, 0x2c, 0x8c, 0xf0, 0xd3, 0x4f, 0x5b, 0x30, 0x6e, 0xa8, 0x27, 0x26, 0xaf, + 0x1c, 0xe3, 0x96, 0xf5, 0x19, 0x94, 0x06, 0x62, 0x53, 0xa4, 0xfd, 0x55, 0x0b, 0xc6, 0xaa, 0x8e, + 0xbb, 0x17, 0xd6, 0xeb, 0xe8, 0x25, 0x28, 0xd7, 0xda, 0x22, 0x2c, 0x9f, 0xbf, 0x9f, 0xda, 0x4c, + 0x58, 0x12, 0x70, 0xac, 0x28, 0x68, 0x1f, 0xae, 0x3b, 0x2c, 0xe6, 0xa1, 0xc0, 0xdc, 0x08, 0xd6, + 0x87, 0xaf, 0x31, 0x08, 0x16, 0x18, 0xf4, 0x21, 0x18, 0x6f, 0x3a, 0x07, 0xf2, 0xe1, 0xec, 0xc6, + 0xd2, 0x9a, 0x46, 0x61, 0x93, 0xce, 0xfe, 0x37, 0x16, 0xcc, 0x54, 0x9d, 0xd8, 0x73, 0x17, 0xda, + 0xc9, 0x6e, 0xd5, 0x4b, 0x76, 0xda, 0xee, 0x1e, 0x49, 0x78, 0xc8, 0x3a, 0xd5, 0xb2, 0x1d, 0xd3, + 0xa1, 0xa4, 0x96, 0x07, 0x4a, 0xcb, 0x5b, 0x02, 0x8e, 0x15, 0x05, 0x7a, 0x07, 0xc6, 0x5b, 0x4e, + 0x1c, 0xdf, 0x0b, 0xa3, 0x1a, 0x26, 0xf5, 0x7c, 0x12, 0x46, 0xb6, 0x88, 0x1b, 0x91, 0x04, 0x93, + 0xba, 0x38, 0x0b, 0xd0, 0xfc, 0xb1, 0x29, 0xcc, 0xfe, 0xdd, 0x0a, 0x8c, 0x89, 0x83, 0x8c, 0x81, + 0x03, 0xf1, 0xe5, 0xc2, 0xa7, 0xd0, 0x77, 0xe1, 0x13, 0xc3, 0xa8, 0xcb, 0xd2, 0x96, 0x85, 0xf7, + 0x71, 0x33, 0x97, 0x93, 0x2f, 0x9e, 0x09, 0xad, 0xd5, 0xe2, 0xff, 0xb1, 0x10, 0x85, 0xbe, 0x62, + 0xc1, 0x19, 0x37, 0x0c, 0x02, 0xe2, 0xea, 0xa9, 0x71, 0x24, 0x8f, 0xb3, 0xec, 0xc5, 0x34, 0x53, + 0xbd, 0xab, 0x96, 0x41, 0xe0, 0xac, 0x78, 0xf4, 0x3a, 0x4c, 0xf2, 0x36, 0xbb, 0x9d, 0xda, 0x52, + 0xd0, 0xf9, 0x66, 0x26, 0x12, 0xa7, 0x69, 0xd1, 0x1c, 0xdf, 0x9a, 0x11, 0x99, 0x5d, 0xa3, 0x7a, + 0x8b, 0xd6, 0xc8, 0xe9, 0x32, 0x28, 0x50, 0x04, 0x28, 0x22, 0xf5, 0x88, 0xc4, 0xbb, 0xe2, 0xa0, + 0x87, 0x4d, 0xcb, 0x63, 0x0f, 0x17, 0xfd, 0x8d, 0xbb, 0x38, 0xe1, 0x1e, 0xdc, 0xd1, 0x9e, 0x58, + 0x1b, 0x94, 0xf3, 0xb0, 0x0a, 0xe2, 0x33, 0xf7, 0x5d, 0x22, 0xcc, 0x42, 0x29, 0xde, 0x75, 0xa2, + 0x1a, 0x73, 0x07, 0x8a, 0x3c, 0xc8, 0x69, 0x8b, 0x02, 0x30, 0x87, 0xa3, 0x25, 0x38, 0x9b, 0xc9, + 0x96, 0x8b, 0xd9, 0x84, 0x5f, 0xae, 0xce, 0x08, 0x76, 0x67, 0x33, 0x79, 0x76, 0x31, 0xee, 0x7a, + 0xc2, 0x5c, 0x37, 0x8e, 0x1f, 0xb3, 0x6e, 0xec, 0xa8, 0x70, 0x82, 0x09, 0x66, 0xf1, 0xdf, 0xcc, + 0xa5, 0x01, 0x06, 0x8a, 0x1d, 0xf8, 0x62, 0x26, 0x76, 0x60, 0x92, 0x29, 0x70, 0x3b, 0x1f, 0x05, + 0x86, 0x0f, 0x14, 0x78, 0x9c, 0x07, 0xff, 0x7f, 0x61, 0x81, 0xfc, 0xae, 0x8b, 0x8e, 0xbb, 0x4b, + 0x68, 0x97, 0x41, 0x6f, 0xc0, 0x94, 0x5a, 0x79, 0x2d, 0x86, 0xed, 0x80, 0x9f, 0xf9, 0x17, 0xf5, + 0xf6, 0x3b, 0x4e, 0x61, 0x71, 0x86, 0x1a, 0xcd, 0x43, 0x85, 0xb6, 0x13, 0x7f, 0x94, 0xcf, 0x1e, + 0x6a, 0x75, 0xb7, 0xb0, 0xb9, 0x22, 0x9e, 0xd2, 0x34, 0x28, 0x84, 0x69, 0xdf, 0x89, 0x13, 0xa6, + 0x01, 0x5d, 0x88, 0x3d, 0x64, 0xee, 0x05, 0x4b, 0x16, 0x5e, 0xcd, 0x32, 0xc2, 0xdd, 0xbc, 0xed, + 0xef, 0x8d, 0xc0, 0x64, 0xca, 0x32, 0x0e, 0x39, 0xed, 0xbc, 0x04, 0x65, 0x39, 0x13, 0x08, 0x53, + 0xae, 0xa8, 0xd5, 0x74, 0xa1, 0x28, 0xe8, 0x34, 0xb9, 0x43, 0x9c, 0x88, 0x44, 0x2c, 0x0f, 0x31, + 0x3b, 0x4d, 0x56, 0x35, 0x0a, 0x9b, 0x74, 0xcc, 0x28, 0x27, 0x7e, 0xbc, 0xe8, 0x7b, 0x24, 0x48, + 0xb8, 0x9a, 0xf9, 0x18, 0xe5, 0xed, 0xd5, 0x2d, 0x93, 0xa9, 0x36, 0xca, 0x19, 0x04, 0xce, 0x8a, + 0x47, 0xbf, 0x6c, 0xc1, 0xa4, 0x73, 0x2f, 0xd6, 0xb5, 0x35, 0x44, 0x94, 0xc0, 0x09, 0x27, 0xa9, + 0x54, 0xb9, 0x8e, 0xea, 0x34, 0x35, 0xef, 0x29, 0x10, 0x4e, 0x0b, 0x45, 0x5f, 0xb7, 0x00, 0x91, + 0x03, 0xe2, 0xca, 0x38, 0x06, 0xa1, 0xcb, 0x68, 0x1e, 0x0b, 0x94, 0xab, 0x5d, 0x7c, 0xb9, 0x55, + 0xef, 0x86, 0xe3, 0x1e, 0x3a, 0xd8, 0xff, 0xb2, 0xa8, 0x06, 0x94, 0x0e, 0x9d, 0x71, 0x8c, 0x08, + 0x52, 0xeb, 0xe1, 0x23, 0x48, 0xf5, 0xd9, 0x4f, 0x57, 0x14, 0x69, 0x3a, 0xdc, 0xb2, 0xf0, 0x98, + 0xc2, 0x2d, 0x3f, 0x6b, 0xa9, 0x23, 0x43, 0xee, 0xc6, 0xbf, 0x95, 0x6f, 0xd8, 0xce, 0x1c, 0x3f, + 0x79, 0xcc, 0x58, 0xf7, 0xf4, 0x71, 0x24, 0xb5, 0xa6, 0x06, 0xd9, 0x50, 0xd6, 0xf0, 0x3f, 0x17, + 0x61, 0xdc, 0x98, 0x49, 0x7b, 0xba, 0x45, 0xd6, 0x13, 0xe6, 0x16, 0x15, 0x86, 0x70, 0x8b, 0x7e, + 0x11, 0x2a, 0xae, 0xb4, 0xf2, 0xf9, 0x14, 0x72, 0xc9, 0xce, 0x1d, 0xda, 0xd0, 0x2b, 0x10, 0xd6, + 0x32, 0xd1, 0x32, 0x4c, 0x1b, 0x6c, 0xc4, 0x0c, 0x31, 0xc2, 0x66, 0x08, 0xb5, 0xb1, 0xba, 0x90, + 0x25, 0xc0, 0xdd, 0xcf, 0xa0, 0x57, 0xe8, 0xca, 0xca, 0x13, 0xef, 0x25, 0x83, 0xeb, 0x98, 0xbb, + 0xbe, 0xb0, 0xb9, 0x22, 0xc1, 0xd8, 0xa4, 0xb1, 0xbf, 0x67, 0xa9, 0x8f, 0xfb, 0x08, 0x72, 0x52, + 0xee, 0xa6, 0x73, 0x52, 0xae, 0xe6, 0xd2, 0xcc, 0x7d, 0x92, 0x51, 0xd6, 0x61, 0x6c, 0x31, 0x6c, + 0x36, 0x9d, 0xa0, 0x86, 0x7e, 0x04, 0xc6, 0x5c, 0xfe, 0x53, 0x6c, 0x55, 0x8c, 0x53, 0xe7, 0x4b, + 0x60, 0xb1, 0xc4, 0xa1, 0xe7, 0x60, 0xc4, 0x89, 0x1a, 0x72, 0x7b, 0x82, 0x9d, 0x95, 0x2e, 0x44, + 0x8d, 0x18, 0x33, 0xa8, 0xfd, 0xb5, 0x02, 0xc0, 0x62, 0xd8, 0x6c, 0x39, 0x11, 0xa9, 0x6d, 0x87, + 0xef, 0x9d, 0x89, 0xf0, 0x55, 0xeb, 0x17, 0x2c, 0x40, 0xb4, 0x55, 0xc2, 0x80, 0x04, 0x89, 0x0a, + 0x36, 0xa0, 0xce, 0x8e, 0x2b, 0xa1, 0xc2, 0x73, 0xd0, 0x63, 0x40, 0x22, 0xb0, 0xa6, 0x19, 0x60, + 0x09, 0xf8, 0x82, 0x34, 0x50, 0xc5, 0x74, 0x0c, 0x0f, 0x33, 0x6b, 0xc2, 0x5e, 0xd9, 0xbf, 0x57, + 0x80, 0xa7, 0xf8, 0x9c, 0xb3, 0xe6, 0x04, 0x4e, 0x83, 0x34, 0xa9, 0x56, 0x83, 0x9e, 0xae, 0xb9, + 0x74, 0xed, 0xe1, 0xc9, 0x90, 0x9d, 0x93, 0x76, 0x4e, 0xde, 0xa9, 0x78, 0x37, 0x5a, 0x09, 0xbc, + 0x04, 0x33, 0xe6, 0x28, 0x86, 0xb2, 0x2c, 0xcd, 0x25, 0x8c, 0x4d, 0x4e, 0x82, 0xd4, 0xb8, 0x13, + 0x13, 0x03, 0xc1, 0x4a, 0x10, 0xf5, 0xcc, 0xfc, 0xd0, 0xdd, 0xc3, 0xa4, 0x15, 0x32, 0xc3, 0x62, + 0x44, 0x4c, 0xac, 0x0a, 0x38, 0x56, 0x14, 0xf6, 0xef, 0x59, 0x90, 0x35, 0xb9, 0x6c, 0x29, 0xcf, + 0xb3, 0x72, 0xb3, 0x4b, 0xf9, 0x74, 0xd2, 0xed, 0x10, 0xc9, 0xc5, 0x3f, 0x03, 0xe3, 0x4e, 0x42, + 0x67, 0x49, 0xbe, 0xae, 0x2c, 0x3e, 0xdc, 0x76, 0xef, 0x5a, 0x58, 0xf3, 0xea, 0x1e, 0x5b, 0x4f, + 0x9a, 0xec, 0xec, 0x3f, 0x1f, 0x81, 0xe9, 0xae, 0x38, 0x4b, 0xf4, 0x1a, 0x4c, 0xb8, 0xa2, 0x7b, + 0xb4, 0x30, 0xa9, 0x8b, 0x97, 0x31, 0x8e, 0xf1, 0x35, 0x0e, 0xa7, 0x28, 0x07, 0xe8, 0xa0, 0x2b, + 0x70, 0x2e, 0xa2, 0x2b, 0xd9, 0x36, 0x59, 0xa8, 0x27, 0x24, 0xda, 0x22, 0x6e, 0x18, 0xd4, 0x78, + 0xf6, 0x78, 0xb1, 0xfa, 0xf4, 0xd1, 0xe1, 0xec, 0x39, 0xdc, 0x8d, 0xc6, 0xbd, 0x9e, 0x41, 0x2d, + 0x98, 0xf4, 0x4d, 0x27, 0x47, 0x78, 0xb8, 0x0f, 0xe5, 0x1f, 0xa9, 0x49, 0x30, 0x05, 0xc6, 0x69, + 0x01, 0x69, 0x4f, 0xa9, 0xf4, 0x98, 0x3c, 0xa5, 0x5f, 0xd2, 0x9e, 0x12, 0x3f, 0x1b, 0xfc, 0x58, + 0xce, 0x71, 0xb6, 0xa7, 0xed, 0x2a, 0xbd, 0x09, 0x65, 0x79, 0xac, 0x3e, 0x80, 0xbd, 0x79, 0x21, + 0xc5, 0xa7, 0x8f, 0x45, 0xbb, 0x5f, 0x80, 0x1e, 0x5e, 0x36, 0x1d, 0x67, 0x7a, 0x4a, 0x4b, 0x8d, + 0xb3, 0xe1, 0xa6, 0x35, 0x74, 0xc0, 0x43, 0x0a, 0xb8, 0x67, 0xfa, 0xd1, 0xbc, 0x57, 0x09, 0x3a, + 0xca, 0x60, 0x5c, 0xe8, 0xa7, 0x22, 0x0d, 0xd0, 0x15, 0x00, 0xed, 0x89, 0x88, 0x68, 0x3a, 0x75, + 0x1c, 0xa6, 0x1d, 0x16, 0x6c, 0x50, 0xd1, 0x45, 0xa3, 0x17, 0xc4, 0x89, 0xe3, 0xfb, 0xd7, 0xbd, + 0x20, 0x11, 0xbb, 0x5f, 0x6a, 0x96, 0x5a, 0xd1, 0x28, 0x6c, 0xd2, 0x5d, 0xfc, 0xb0, 0xf1, 0x5d, + 0x86, 0xf9, 0x9e, 0xbb, 0xf0, 0xcc, 0xb2, 0x97, 0xa8, 0x18, 0x50, 0xd5, 0x8f, 0xa8, 0xa3, 0xa1, + 0x82, 0x96, 0xad, 0xbe, 0x41, 0xcb, 0x46, 0x0c, 0x66, 0x21, 0x1d, 0x32, 0x9a, 0x8d, 0xc1, 0xb4, + 0x5f, 0x83, 0xf3, 0xcb, 0x5e, 0x72, 0xcd, 0xf3, 0xc9, 0x90, 0x42, 0xec, 0xdf, 0x1d, 0x81, 0x09, + 0x33, 0xa8, 0x7e, 0x98, 0xb8, 0xeb, 0x2f, 0x51, 0x5f, 0x42, 0xbc, 0x9d, 0xa7, 0xce, 0x39, 0xee, + 0x9c, 0x38, 0xc2, 0xbf, 0x77, 0x8b, 0x19, 0xee, 0x84, 0x96, 0x89, 0x4d, 0x05, 0xd0, 0x3d, 0x28, + 0xd5, 0x59, 0x8c, 0x60, 0x31, 0x8f, 0x13, 0xd7, 0x5e, 0x2d, 0xaa, 0x87, 0x19, 0x8f, 0x32, 0xe4, + 0xf2, 0xe8, 0x0c, 0x19, 0xa5, 0x23, 0xcb, 0x95, 0xa1, 0x52, 0x31, 0xe5, 0x8a, 0xa2, 0x9f, 0xa9, + 0x2f, 0x3d, 0x84, 0xa9, 0x4f, 0x19, 0xde, 0xd1, 0xc7, 0x63, 0x78, 0xed, 0x2f, 0x14, 0x60, 0x6a, + 0x39, 0x68, 0x6f, 0x2e, 0x6f, 0xb6, 0x77, 0x7c, 0xcf, 0xbd, 0x49, 0x3a, 0xd4, 0x38, 0xed, 0x91, + 0xce, 0xca, 0x92, 0xe8, 0x43, 0xaa, 0xd5, 0x6e, 0x52, 0x20, 0xe6, 0x38, 0x3a, 0x1c, 0xeb, 0x5e, + 0xd0, 0x20, 0x51, 0x2b, 0xf2, 0xc4, 0xae, 0x96, 0x31, 0x1c, 0xaf, 0x69, 0x14, 0x36, 0xe9, 0x28, + 0xef, 0xf0, 0x5e, 0x40, 0xa2, 0xac, 0x2b, 0xb7, 0x41, 0x81, 0x98, 0xe3, 0x28, 0x51, 0x12, 0xb5, + 0xe3, 0x44, 0x7c, 0x0e, 0x45, 0xb4, 0x4d, 0x81, 0x98, 0xe3, 0x68, 0x5f, 0x8f, 0xdb, 0x3b, 0xec, + 0x48, 0x37, 0x13, 0x5c, 0xb7, 0xc5, 0xc1, 0x58, 0xe2, 0x29, 0xe9, 0x1e, 0xe9, 0x2c, 0xd1, 0x85, + 0x4d, 0x26, 0xfc, 0xf5, 0x26, 0x07, 0x63, 0x89, 0x67, 0xf9, 0xfa, 0xe9, 0xe6, 0xf8, 0x81, 0xcb, + 0xd7, 0x4f, 0xab, 0xdf, 0x67, 0x89, 0xf4, 0x4d, 0x0b, 0x26, 0xcc, 0x40, 0x0c, 0xd4, 0xc8, 0x78, + 0x79, 0x1b, 0x5d, 0xb5, 0x57, 0x7e, 0xb2, 0x57, 0x39, 0xe0, 0x86, 0x97, 0x84, 0xad, 0xf8, 0x65, + 0x12, 0x34, 0xbc, 0x80, 0xb0, 0xa3, 0x3f, 0x1e, 0xc0, 0x91, 0x8a, 0xf2, 0x58, 0x0c, 0x6b, 0xe4, + 0x21, 0xdc, 0x44, 0xfb, 0x0e, 0x4c, 0x77, 0xc5, 0x3c, 0x0f, 0x30, 0xb9, 0x1e, 0x9b, 0x52, 0x62, + 0x63, 0x18, 0xa7, 0x8c, 0x37, 0x5a, 0x3c, 0xd2, 0x62, 0x11, 0xa6, 0xb9, 0x03, 0x40, 0x25, 0x6d, + 0xb9, 0xbb, 0xa4, 0xa9, 0xe2, 0xd8, 0xd9, 0x16, 0xea, 0xed, 0x2c, 0x12, 0x77, 0xd3, 0xdb, 0x5f, + 0xb4, 0x60, 0x32, 0x15, 0x86, 0x9e, 0x93, 0x1b, 0xc0, 0x46, 0x5a, 0xc8, 0xe2, 0x82, 0x22, 0x2f, + 0xe0, 0xa7, 0x60, 0x65, 0x63, 0xa4, 0x69, 0x14, 0x36, 0xe9, 0xec, 0xaf, 0x16, 0xa0, 0x2c, 0x8f, + 0x7d, 0x07, 0x50, 0xe5, 0xf3, 0x16, 0x4c, 0xaa, 0x6d, 0x6b, 0xb6, 0x1f, 0xc2, 0x3b, 0xe3, 0xfa, + 0xc9, 0x0f, 0x9e, 0x55, 0xf0, 0x58, 0x50, 0x0f, 0xb5, 0x4f, 0x8a, 0x4d, 0x61, 0x38, 0x2d, 0x1b, + 0xdd, 0x06, 0x88, 0x3b, 0x71, 0x42, 0x9a, 0xc6, 0xce, 0x8c, 0x6d, 0x8c, 0xb8, 0x39, 0x37, 0x8c, + 0x08, 0x1d, 0x5f, 0xeb, 0x61, 0x8d, 0x6c, 0x29, 0x4a, 0xed, 0x44, 0x68, 0x18, 0x36, 0x38, 0xd9, + 0xff, 0xa4, 0x00, 0x67, 0xb3, 0x2a, 0xa1, 0x8f, 0xc1, 0x84, 0x94, 0x6e, 0xd4, 0x43, 0x96, 0x67, + 0xdd, 0x13, 0xd8, 0xc0, 0xdd, 0x3f, 0x9c, 0x9d, 0xed, 0x2e, 0x2d, 0x3d, 0x67, 0x92, 0xe0, 0x14, + 0x33, 0x7e, 0x76, 0x20, 0x0e, 0xb9, 0xaa, 0x9d, 0x85, 0x56, 0x4b, 0x1c, 0x00, 0x18, 0x67, 0x07, + 0x26, 0x16, 0x67, 0xa8, 0xd1, 0x26, 0x9c, 0x37, 0x20, 0xeb, 0xc4, 0x6b, 0xec, 0xee, 0x84, 0x91, + 0x5c, 0x5b, 0x3c, 0xa7, 0x43, 0x3e, 0xba, 0x69, 0x70, 0xcf, 0x27, 0xe9, 0x7c, 0xe7, 0x3a, 0x2d, + 0xc7, 0xf5, 0x92, 0x8e, 0xd8, 0x6a, 0x52, 0xb6, 0x69, 0x51, 0xc0, 0xb1, 0xa2, 0xb0, 0xd7, 0x60, + 0x64, 0xc0, 0x1e, 0x34, 0x90, 0x4f, 0xfb, 0x26, 0x94, 0x29, 0x3b, 0xe9, 0xe0, 0xe4, 0xc1, 0x32, + 0x84, 0xb2, 0x2c, 0x69, 0x88, 0x6c, 0x28, 0x7a, 0x8e, 0x3c, 0x9e, 0x51, 0xaf, 0xb5, 0x12, 0xc7, + 0x6d, 0xb6, 0x4c, 0xa4, 0x48, 0xf4, 0x02, 0x14, 0xc9, 0x41, 0x2b, 0x7b, 0x0e, 0x73, 0xf5, 0xa0, + 0xe5, 0x45, 0x24, 0xa6, 0x44, 0xe4, 0xa0, 0x85, 0x2e, 0x42, 0xc1, 0xab, 0x89, 0x49, 0x0a, 0x04, + 0x4d, 0x61, 0x65, 0x09, 0x17, 0xbc, 0x9a, 0x7d, 0x00, 0x15, 0x55, 0x43, 0x11, 0xed, 0x49, 0xdb, + 0x6d, 0xe5, 0x11, 0xa7, 0x21, 0xf9, 0xf6, 0xb1, 0xda, 0x6d, 0x00, 0x1d, 0xf4, 0x9f, 0x97, 0x7d, + 0xb9, 0x0c, 0x23, 0x6e, 0x28, 0x72, 0x85, 0xca, 0x9a, 0x0d, 0x33, 0xda, 0x0c, 0x63, 0xdf, 0x81, + 0xa9, 0x9b, 0x41, 0x78, 0x8f, 0x55, 0x12, 0xbb, 0xe6, 0x11, 0xbf, 0x46, 0x19, 0xd7, 0xe9, 0x8f, + 0xac, 0x8b, 0xc0, 0xb0, 0x98, 0xe3, 0x54, 0xa1, 0xc1, 0x42, 0xbf, 0x42, 0x83, 0xf6, 0xa7, 0x2d, + 0x38, 0xab, 0xa2, 0xd1, 0xa5, 0x35, 0x7e, 0x0d, 0x26, 0x76, 0xda, 0x9e, 0x5f, 0x13, 0xff, 0xb3, + 0x0b, 0xf5, 0xaa, 0x81, 0xc3, 0x29, 0x4a, 0xba, 0xac, 0xd8, 0xf1, 0x02, 0x27, 0xea, 0x6c, 0x6a, + 0xf3, 0xaf, 0x2c, 0x42, 0x55, 0x61, 0xb0, 0x41, 0x65, 0x7f, 0xb6, 0x00, 0x93, 0xa9, 0xe4, 0x5b, + 0xe4, 0x43, 0x99, 0xf8, 0x6c, 0xfb, 0x48, 0x7e, 0xd4, 0x93, 0x96, 0xd0, 0x50, 0x1d, 0xf1, 0xaa, + 0xe0, 0x8b, 0x95, 0x84, 0x27, 0xe2, 0x9c, 0xc2, 0xfe, 0x76, 0x11, 0x66, 0xf8, 0xae, 0x59, 0x4d, + 0x05, 0x04, 0xac, 0x49, 0xef, 0xe4, 0x6f, 0xe9, 0x44, 0x77, 0xde, 0x1c, 0x3b, 0x27, 0x2d, 0x02, + 0xd5, 0x5b, 0xd0, 0x40, 0x47, 0xd5, 0xbf, 0x9e, 0x39, 0xaa, 0xe6, 0x93, 0x54, 0xe3, 0x94, 0x34, + 0xfa, 0xc1, 0x3a, 0xbb, 0xfe, 0x87, 0x05, 0x38, 0x93, 0xa9, 0xb0, 0x85, 0xbe, 0x9c, 0xae, 0x80, + 0x62, 0xe5, 0xb1, 0xb7, 0xf2, 0xc0, 0x3a, 0x4f, 0xc3, 0xd5, 0x41, 0x79, 0x5c, 0x1d, 0xfe, 0xf7, + 0x0b, 0x30, 0x95, 0x2e, 0x0d, 0xf6, 0x04, 0xb6, 0xd4, 0x07, 0xa1, 0xc2, 0x0a, 0xee, 0xb0, 0x4a, + 0xd5, 0x7c, 0x0b, 0x87, 0xa5, 0xd8, 0xae, 0x49, 0x20, 0xd6, 0xf8, 0x27, 0xa2, 0xbc, 0x8c, 0xfd, + 0x8f, 0x2c, 0xb8, 0xc0, 0xdf, 0x32, 0xdb, 0x0f, 0xff, 0x76, 0xaf, 0xd6, 0xfd, 0x78, 0xbe, 0x0a, + 0x66, 0x0a, 0x34, 0x1c, 0xd7, 0xbe, 0xac, 0x42, 0xae, 0xd0, 0x36, 0xdd, 0x15, 0x9e, 0x40, 0x65, + 0x87, 0xea, 0x0c, 0xf6, 0xef, 0x17, 0x41, 0x17, 0x05, 0x46, 0x9e, 0xc8, 0x15, 0xc8, 0xa5, 0x50, + 0xc5, 0x56, 0x27, 0x70, 0x75, 0xf9, 0xe1, 0x72, 0x26, 0x55, 0xe0, 0x57, 0x2d, 0x18, 0xf7, 0x02, + 0x2f, 0xf1, 0x1c, 0xe6, 0x74, 0xe6, 0x53, 0xb5, 0x55, 0x89, 0x5b, 0xe1, 0x9c, 0xc3, 0xc8, 0xdc, + 0xf7, 0x53, 0xc2, 0xb0, 0x29, 0x19, 0x7d, 0x4a, 0x44, 0x93, 0x15, 0x73, 0xcb, 0x34, 0x29, 0x67, + 0x42, 0xc8, 0x5a, 0x50, 0x8a, 0x48, 0x12, 0xc9, 0x1c, 0x9f, 0x9b, 0x27, 0x0d, 0x11, 0x4e, 0xa2, + 0xce, 0x56, 0x12, 0x39, 0x09, 0x69, 0x18, 0x8b, 0x76, 0x06, 0xc6, 0x5c, 0x90, 0x1d, 0x03, 0xea, + 0x6e, 0x8b, 0x21, 0x23, 0x75, 0xe6, 0xa1, 0xe2, 0xb4, 0x93, 0xb0, 0x49, 0x9b, 0x49, 0x6c, 0x4d, + 0xea, 0x58, 0x24, 0x89, 0xc0, 0x9a, 0xc6, 0xfe, 0x72, 0x09, 0x32, 0xc1, 0xfb, 0xe8, 0xc0, 0x2c, + 0x68, 0x6d, 0xe5, 0x5b, 0xd0, 0x5a, 0x29, 0xd3, 0xab, 0xa8, 0x35, 0x6a, 0x40, 0xa9, 0xb5, 0xeb, + 0xc4, 0xd2, 0xa7, 0x7c, 0x53, 0x36, 0xd3, 0x26, 0x05, 0xde, 0x3f, 0x9c, 0xfd, 0xa9, 0xc1, 0xf6, + 0x28, 0x68, 0x5f, 0x9d, 0xe7, 0x99, 0x8c, 0x5a, 0x34, 0xe3, 0x81, 0x39, 0x7f, 0x73, 0x97, 0xa2, + 0x78, 0xcc, 0x61, 0xd6, 0x67, 0x44, 0x4d, 0x2d, 0x4c, 0xe2, 0xb6, 0x9f, 0x88, 0xde, 0xf0, 0x66, + 0x8e, 0xa3, 0x8c, 0x33, 0xd6, 0xa9, 0x5f, 0xfc, 0x3f, 0x36, 0x84, 0xa2, 0x8f, 0x41, 0x25, 0x4e, + 0x9c, 0x28, 0x79, 0xc8, 0x44, 0x11, 0xd5, 0xe8, 0x5b, 0x92, 0x09, 0xd6, 0xfc, 0xd0, 0x5b, 0xac, + 0x6e, 0x8f, 0x17, 0xef, 0x3e, 0x64, 0x10, 0xa8, 0xac, 0xf1, 0x23, 0x38, 0x60, 0x83, 0x1b, 0x75, + 0xd9, 0x59, 0xdf, 0xe6, 0x91, 0x0f, 0x65, 0xb6, 0x26, 0x53, 0xa6, 0x10, 0x2b, 0x0c, 0x36, 0xa8, + 0xec, 0x5f, 0x80, 0x73, 0xd9, 0x1b, 0x30, 0xc4, 0xb6, 0x65, 0x23, 0x0a, 0xdb, 0xad, 0xec, 0x9a, + 0x84, 0xdd, 0x90, 0x80, 0x39, 0x8e, 0xae, 0x49, 0xf6, 0xbc, 0xa0, 0x96, 0x5d, 0x93, 0xdc, 0xf4, + 0x82, 0x1a, 0x66, 0x98, 0x01, 0x2a, 0x7d, 0xff, 0x2b, 0x0b, 0x2e, 0x1f, 0x77, 0x51, 0x07, 0x7a, + 0x0e, 0x46, 0xee, 0x39, 0x91, 0xac, 0x03, 0xc6, 0x6c, 0xc7, 0x1d, 0x27, 0x0a, 0x30, 0x83, 0xa2, + 0x0e, 0x8c, 0xf2, 0xe4, 0x38, 0xe1, 0xc0, 0xbe, 0x99, 0xef, 0xb5, 0x21, 0x37, 0x89, 0xe1, 0x41, + 0xf3, 0xc4, 0x3c, 0x2c, 0x04, 0xda, 0xef, 0x5a, 0x80, 0x36, 0xf6, 0x49, 0x14, 0x79, 0x35, 0x23, + 0x9d, 0x0f, 0xbd, 0x0a, 0x13, 0x77, 0xb7, 0x36, 0xd6, 0x37, 0x43, 0x2f, 0x60, 0x15, 0x0b, 0x8c, + 0xc4, 0x8e, 0x1b, 0x06, 0x1c, 0xa7, 0xa8, 0xd0, 0x22, 0x4c, 0xdf, 0x7d, 0x9b, 0xae, 0xa3, 0xae, + 0x1e, 0xb4, 0x22, 0x12, 0xc7, 0xca, 0x27, 0x17, 0x3b, 0x67, 0x37, 0xde, 0xcc, 0x20, 0x71, 0x37, + 0x3d, 0xda, 0x80, 0x0b, 0x4d, 0xee, 0x81, 0xb3, 0xe5, 0x63, 0xcc, 0xdd, 0xf1, 0x48, 0xa6, 0x84, + 0x3f, 0x73, 0x74, 0x38, 0x7b, 0x61, 0xad, 0x17, 0x01, 0xee, 0xfd, 0x9c, 0xfd, 0xad, 0x02, 0x8c, + 0x1b, 0x97, 0xdd, 0x0c, 0xb0, 0x50, 0xce, 0xdc, 0xcf, 0x53, 0x18, 0xf0, 0x7e, 0x9e, 0x17, 0xa1, + 0xdc, 0x0a, 0x7d, 0xcf, 0xf5, 0x54, 0xfe, 0x3a, 0xab, 0xa3, 0xb4, 0x29, 0x60, 0x58, 0x61, 0xd1, + 0x3d, 0xa8, 0xa8, 0x0b, 0x20, 0x44, 0x46, 0x5b, 0x5e, 0x5b, 0x05, 0x6a, 0xf0, 0xea, 0x8b, 0x1d, + 0xb4, 0x2c, 0x64, 0xc3, 0x28, 0xeb, 0xf9, 0x32, 0x26, 0x88, 0xa5, 0x2d, 0xb0, 0x21, 0x11, 0x63, + 0x81, 0xb1, 0x7f, 0x65, 0x0c, 0xce, 0xf7, 0xaa, 0xfd, 0x83, 0x7e, 0x0e, 0x46, 0xb9, 0x8e, 0xf9, + 0x94, 0x97, 0xeb, 0x25, 0x63, 0x99, 0x31, 0x14, 0x6a, 0xb1, 0xdf, 0x58, 0xc8, 0x14, 0xd2, 0x7d, + 0x67, 0x47, 0xb8, 0x11, 0xa7, 0x23, 0x7d, 0xd5, 0xd1, 0xd2, 0x57, 0x1d, 0x2e, 0xdd, 0x77, 0x76, + 0xd0, 0x01, 0x94, 0x1a, 0x5e, 0x42, 0x1c, 0xe1, 0x4c, 0xdf, 0x39, 0x15, 0xe1, 0xc4, 0xe1, 0xa1, + 0xe7, 0xec, 0x27, 0xe6, 0x02, 0xd1, 0x37, 0x2c, 0x38, 0xb3, 0x93, 0xce, 0x02, 0x11, 0xb3, 0x8a, + 0x73, 0x0a, 0xf5, 0x9d, 0xd2, 0x82, 0xaa, 0xe7, 0x8e, 0x0e, 0x67, 0xcf, 0x64, 0x80, 0x38, 0xab, + 0x0e, 0xfa, 0x25, 0x0b, 0xc6, 0xea, 0x9e, 0x6f, 0xd4, 0x36, 0x39, 0x85, 0x8f, 0x73, 0x8d, 0x09, + 0xd0, 0x33, 0x2f, 0xff, 0x1f, 0x63, 0x29, 0xb9, 0xdf, 0x59, 0xdc, 0xe8, 0x49, 0xcf, 0xe2, 0xc6, + 0x1e, 0xd3, 0xf2, 0xe9, 0xef, 0x16, 0xe0, 0x85, 0x01, 0xbe, 0x91, 0x99, 0x55, 0x60, 0x1d, 0x93, + 0x55, 0x70, 0x19, 0x46, 0x22, 0xd2, 0x0a, 0xb3, 0xf3, 0x1d, 0x0b, 0xfb, 0x61, 0x18, 0xf4, 0x3c, + 0x14, 0x9d, 0x96, 0x27, 0xa6, 0x3b, 0x75, 0x54, 0xbf, 0xb0, 0xb9, 0x82, 0x29, 0x9c, 0x7e, 0xe9, + 0xca, 0x8e, 0xcc, 0x4d, 0xca, 0xa7, 0x60, 0x68, 0xbf, 0x54, 0x27, 0xbe, 0xa0, 0x51, 0x58, 0xac, + 0xe5, 0xda, 0x1b, 0x70, 0xb1, 0x7f, 0x0f, 0x41, 0xaf, 0xc0, 0xf8, 0x4e, 0xe4, 0x04, 0xee, 0xee, + 0x9a, 0x93, 0xb8, 0xf2, 0xc0, 0x9c, 0x05, 0x3f, 0x56, 0x35, 0x18, 0x9b, 0x34, 0xf6, 0xb7, 0x0b, + 0xbd, 0x39, 0x72, 0x23, 0x30, 0x4c, 0x0b, 0x8b, 0xf6, 0x2b, 0xf4, 0x69, 0xbf, 0xb7, 0xa1, 0x9c, + 0xb0, 0x50, 0x76, 0x52, 0x17, 0x96, 0x24, 0xb7, 0x6c, 0x2c, 0x36, 0xd7, 0x6c, 0x0b, 0xe6, 0x58, + 0x89, 0xa1, 0x26, 0xdf, 0xd7, 0x65, 0x51, 0x84, 0xc9, 0xcf, 0xec, 0xa3, 0x2d, 0xc1, 0x59, 0xa3, + 0x8c, 0x1b, 0x8f, 0xe4, 0xe5, 0xc7, 0xa8, 0x2a, 0xbd, 0x65, 0x33, 0x83, 0xc7, 0x5d, 0x4f, 0xd8, + 0xdf, 0x2c, 0xc0, 0x33, 0x7d, 0x2d, 0x9b, 0x3e, 0xeb, 0xb5, 0x1e, 0x70, 0xd6, 0x7b, 0xe2, 0x0e, + 0x6a, 0x36, 0xf0, 0xc8, 0xa3, 0x69, 0xe0, 0x97, 0xa0, 0xec, 0x05, 0x31, 0x71, 0xdb, 0x11, 0x6f, + 0x34, 0x23, 0xa6, 0x6e, 0x45, 0xc0, 0xb1, 0xa2, 0xb0, 0xff, 0xa0, 0x7f, 0x57, 0xa3, 0xb3, 0xdc, + 0x0f, 0x6d, 0x2b, 0xbd, 0x0e, 0x93, 0x4e, 0xab, 0xc5, 0xe9, 0xd8, 0xb9, 0x5a, 0x26, 0x61, 0x6d, + 0xc1, 0x44, 0xe2, 0x34, 0xad, 0xd1, 0x87, 0x47, 0xfb, 0xf5, 0x61, 0xfb, 0x4f, 0x4b, 0x50, 0xa1, + 0x2d, 0xb0, 0x18, 0x91, 0x5a, 0x4c, 0x1b, 0xa0, 0x1d, 0xf9, 0xa2, 0x15, 0x55, 0x03, 0xdc, 0xc2, + 0xab, 0x98, 0xc2, 0x53, 0xab, 0xe4, 0xc2, 0x50, 0xf9, 0x2c, 0xc5, 0x63, 0xf3, 0x59, 0x5e, 0x87, + 0xc9, 0x38, 0xde, 0xdd, 0x8c, 0xbc, 0x7d, 0x27, 0xa1, 0xbe, 0xb7, 0x88, 0x5b, 0xd0, 0x31, 0xe8, + 0x5b, 0xd7, 0x35, 0x12, 0xa7, 0x69, 0xd1, 0x32, 0x4c, 0xeb, 0xac, 0x12, 0x12, 0x25, 0x2c, 0x4c, + 0x81, 0x37, 0x95, 0x0a, 0x01, 0xd7, 0x79, 0x28, 0x82, 0x00, 0x77, 0x3f, 0x43, 0x87, 0x74, 0x0a, + 0x48, 0x15, 0x19, 0x4d, 0x0f, 0xe9, 0x14, 0x1f, 0xaa, 0x4b, 0xd7, 0x13, 0x68, 0x0d, 0xce, 0xf1, + 0x7e, 0xc1, 0xee, 0x3b, 0x53, 0x6f, 0x34, 0xc6, 0x18, 0x3d, 0x2b, 0x18, 0x9d, 0x5b, 0xee, 0x26, + 0xc1, 0xbd, 0x9e, 0xa3, 0x8e, 0xb5, 0x02, 0xaf, 0x2c, 0x89, 0x05, 0x9e, 0x72, 0xac, 0x15, 0x9b, + 0x95, 0x1a, 0x36, 0xe9, 0xd0, 0x47, 0xe1, 0x69, 0xfd, 0x97, 0x47, 0x73, 0xf1, 0x5d, 0x8f, 0x25, + 0x91, 0xb0, 0xa7, 0x4a, 0x88, 0x2d, 0xf7, 0x24, 0xab, 0xe1, 0x7e, 0xcf, 0xa3, 0x1d, 0xb8, 0xa8, + 0x50, 0x57, 0xe9, 0x2a, 0xa6, 0x15, 0x79, 0x31, 0xa9, 0x3a, 0x31, 0xb9, 0x15, 0xf9, 0x2c, 0xc5, + 0xaf, 0xa2, 0x8b, 0x1d, 0x2f, 0x7b, 0xc9, 0xf5, 0x5e, 0x94, 0x78, 0x15, 0x3f, 0x80, 0x0b, 0x9a, + 0x87, 0x0a, 0x09, 0x9c, 0x1d, 0x9f, 0x6c, 0x2c, 0xae, 0xb0, 0xc4, 0x3f, 0x63, 0x93, 0xe5, 0xaa, + 0x44, 0x60, 0x4d, 0xa3, 0x8e, 0xca, 0x26, 0xfa, 0x1e, 0x95, 0xfd, 0x91, 0x05, 0x93, 0xaa, 0xb3, + 0x3f, 0x82, 0x98, 0x14, 0x3f, 0x1d, 0x93, 0xb2, 0x7c, 0xd2, 0xdd, 0x2d, 0xa1, 0x79, 0x9f, 0x83, + 0xcd, 0x3f, 0xa9, 0x00, 0xb0, 0xab, 0x5b, 0x3d, 0x56, 0x83, 0x43, 0x9a, 0x3b, 0xab, 0xaf, 0xb9, + 0x7b, 0x62, 0x87, 0x73, 0xaf, 0x14, 0x99, 0xd2, 0xe3, 0x4d, 0x91, 0xd9, 0x82, 0x0b, 0x72, 0x32, + 0xe2, 0x0b, 0xfe, 0xeb, 0x61, 0xac, 0xac, 0x43, 0xb9, 0xfa, 0xbc, 0x60, 0x74, 0x61, 0xa5, 0x17, + 0x11, 0xee, 0xfd, 0x6c, 0x6a, 0x0e, 0x1c, 0x3b, 0x6e, 0x0e, 0xd4, 0x03, 0x62, 0xb5, 0x2e, 0xab, + 0x79, 0x65, 0x06, 0xc4, 0xea, 0xb5, 0x2d, 0xac, 0x69, 0x7a, 0x5b, 0xc5, 0x4a, 0x4e, 0x56, 0x11, + 0x86, 0xb6, 0x8a, 0x72, 0x7c, 0x8e, 0xf7, 0xbd, 0x33, 0x4f, 0xee, 0x31, 0x4c, 0xf4, 0xdd, 0x63, + 0x78, 0x03, 0xa6, 0xbc, 0x60, 0x97, 0x44, 0x5e, 0x42, 0x6a, 0x6c, 0x2c, 0x88, 0x0b, 0x31, 0x55, + 0x24, 0xc8, 0x4a, 0x0a, 0x8b, 0x33, 0xd4, 0x69, 0xa3, 0x32, 0x35, 0x80, 0x51, 0xe9, 0x63, 0xca, + 0xcf, 0xe4, 0x63, 0xca, 0xcf, 0x9e, 0xdc, 0x94, 0x4f, 0x9f, 0xaa, 0x29, 0x47, 0xb9, 0x98, 0xf2, + 0x17, 0xa0, 0xd4, 0x8a, 0xc2, 0x83, 0xce, 0xcc, 0xb9, 0xb4, 0x7b, 0xb6, 0x49, 0x81, 0x98, 0xe3, + 0xcc, 0xe5, 0xc2, 0xf9, 0x07, 0x2f, 0x17, 0xec, 0xcf, 0x15, 0xe0, 0x82, 0xb6, 0x74, 0xb4, 0x7f, + 0x79, 0x75, 0x3a, 0xd6, 0x59, 0xc9, 0x45, 0x1e, 0x4e, 0x60, 0x04, 0x21, 0xe9, 0x78, 0x26, 0x85, + 0xc1, 0x06, 0x15, 0x8b, 0xe5, 0x21, 0x11, 0xab, 0xb1, 0x91, 0x35, 0x83, 0x8b, 0x02, 0x8e, 0x15, + 0x05, 0xbb, 0xf7, 0x9d, 0x44, 0x89, 0x88, 0x8f, 0xcc, 0xe6, 0xdd, 0x2e, 0x6a, 0x14, 0x36, 0xe9, + 0xd0, 0x8b, 0x5c, 0x08, 0x1b, 0x82, 0xd4, 0x14, 0x4e, 0x88, 0x6a, 0xe1, 0x72, 0xd4, 0x29, 0xac, + 0x54, 0x87, 0x05, 0x6d, 0x95, 0xba, 0xd5, 0x61, 0x87, 0x27, 0x8a, 0xc2, 0xfe, 0xbf, 0x16, 0x3c, + 0xd3, 0xb3, 0x29, 0x1e, 0xc1, 0xf4, 0x76, 0x90, 0x9e, 0xde, 0xb6, 0x4e, 0x3e, 0xbd, 0x75, 0xbd, + 0x45, 0x9f, 0xa9, 0xee, 0x3f, 0x59, 0x30, 0xa5, 0xe9, 0x1f, 0xc1, 0xab, 0x7a, 0xb9, 0xde, 0xe0, + 0xae, 0x55, 0xe7, 0x3b, 0x57, 0xa9, 0x77, 0xfb, 0x23, 0xf6, 0x6e, 0x7c, 0x0f, 0x7a, 0xc1, 0x95, + 0xb7, 0x8d, 0x1e, 0xb3, 0xf7, 0xda, 0x81, 0x51, 0x56, 0x9b, 0x37, 0xce, 0x67, 0x2f, 0x3c, 0x2d, + 0x9f, 0x45, 0x63, 0xea, 0xbd, 0x70, 0xf6, 0x37, 0xc6, 0x42, 0x20, 0xab, 0x00, 0xe3, 0xc5, 0xd4, + 0x5e, 0xd6, 0x44, 0xf8, 0x93, 0xae, 0x00, 0x23, 0xe0, 0x58, 0x51, 0xd8, 0x4d, 0x98, 0x49, 0x33, + 0x5f, 0x22, 0x75, 0x76, 0xe4, 0x38, 0xd0, 0x6b, 0xce, 0x43, 0xc5, 0x61, 0x4f, 0xad, 0xb6, 0x9d, + 0xec, 0x05, 0x13, 0x0b, 0x12, 0x81, 0x35, 0x8d, 0xfd, 0xdb, 0x16, 0x9c, 0xeb, 0xf1, 0x32, 0x39, + 0x86, 0x7d, 0x25, 0xda, 0x0a, 0xf4, 0xb9, 0x06, 0xb6, 0x46, 0xea, 0x8e, 0x3c, 0xd4, 0x32, 0xac, + 0xda, 0x12, 0x07, 0x63, 0x89, 0xb7, 0xff, 0x97, 0x05, 0x67, 0xd2, 0xba, 0xc6, 0xe8, 0x06, 0x20, + 0xfe, 0x32, 0x4b, 0x5e, 0xec, 0x86, 0xfb, 0x24, 0xea, 0xd0, 0x37, 0xe7, 0x5a, 0x5f, 0x14, 0x9c, + 0xd0, 0x42, 0x17, 0x05, 0xee, 0xf1, 0x14, 0xab, 0x50, 0x51, 0x53, 0xad, 0x2d, 0x7b, 0xca, 0xed, + 0x3c, 0x7b, 0x8a, 0xfe, 0x98, 0xe6, 0xc6, 0xbf, 0x12, 0x89, 0x4d, 0xf9, 0xf6, 0xbb, 0x23, 0xa0, + 0xe2, 0x42, 0xd9, 0xf1, 0x49, 0x4e, 0x87, 0x4f, 0xa9, 0x5b, 0x48, 0x8a, 0x43, 0xdc, 0x4b, 0x3b, + 0xf2, 0xa0, 0xa3, 0x0d, 0x5e, 0x10, 0xdf, 0xdc, 0xe4, 0x51, 0x6f, 0xb8, 0xad, 0x51, 0xd8, 0xa4, + 0xa3, 0x9a, 0xf8, 0xde, 0x3e, 0xe1, 0x0f, 0x8d, 0xa6, 0x35, 0x59, 0x95, 0x08, 0xac, 0x69, 0xa8, + 0x26, 0x35, 0xaf, 0x5e, 0x17, 0x2b, 0x45, 0xa5, 0x09, 0x6d, 0x1d, 0xcc, 0x30, 0x94, 0x62, 0x37, + 0x0c, 0xf7, 0x84, 0xff, 0xa7, 0x28, 0xae, 0x87, 0xe1, 0x1e, 0x66, 0x18, 0xea, 0xb1, 0x04, 0x61, + 0xd4, 0x64, 0x17, 0x80, 0xd4, 0x94, 0x14, 0xe1, 0xf7, 0x29, 0x8f, 0x65, 0xbd, 0x9b, 0x04, 0xf7, + 0x7a, 0x8e, 0xf6, 0xc0, 0x56, 0x44, 0x6a, 0x9e, 0x9b, 0x98, 0xdc, 0x20, 0xdd, 0x03, 0x37, 0xbb, + 0x28, 0x70, 0x8f, 0xa7, 0xd0, 0x02, 0x9c, 0x91, 0x71, 0xbd, 0x32, 0x6f, 0x89, 0x3b, 0x83, 0xca, + 0x0f, 0xc7, 0x69, 0x34, 0xce, 0xd2, 0x53, 0x6b, 0xd3, 0x14, 0x29, 0x8b, 0xcc, 0x4d, 0x34, 0xac, + 0x8d, 0x4c, 0x65, 0xc4, 0x8a, 0xc2, 0xfe, 0x4c, 0x91, 0xce, 0x8e, 0x7d, 0xca, 0x6e, 0x3e, 0xb2, + 0xc3, 0xce, 0x74, 0x8f, 0x1c, 0x19, 0xa0, 0x47, 0xbe, 0x0a, 0x13, 0x77, 0xe3, 0x30, 0x50, 0x07, + 0x89, 0xa5, 0xbe, 0x07, 0x89, 0x06, 0x55, 0xef, 0x83, 0xc4, 0xd1, 0xbc, 0x0e, 0x12, 0xc7, 0x1e, + 0xf2, 0x20, 0xf1, 0xdf, 0x95, 0x40, 0x15, 0xcd, 0x5b, 0x27, 0xc9, 0xbd, 0x30, 0xda, 0xf3, 0x82, + 0x06, 0x8b, 0x87, 0xfe, 0x86, 0x05, 0x13, 0x7c, 0xbc, 0xac, 0x9a, 0xb1, 0x91, 0xf5, 0x9c, 0x0a, + 0xc5, 0xa5, 0x84, 0xcd, 0x6d, 0x1b, 0x82, 0x32, 0xe5, 0xa7, 0x4d, 0x14, 0x4e, 0x69, 0x84, 0x7e, + 0x1e, 0x40, 0x5e, 0x85, 0x51, 0xcf, 0xe9, 0x92, 0x68, 0x75, 0x31, 0x09, 0xa9, 0x6b, 0xdf, 0x74, + 0x5b, 0x09, 0xc1, 0x86, 0x40, 0xf4, 0xb9, 0xec, 0x05, 0x49, 0x9f, 0x3a, 0x95, 0xb6, 0x19, 0x24, + 0x6a, 0x14, 0xc3, 0x98, 0x17, 0x34, 0x68, 0x3f, 0x11, 0x67, 0xaf, 0x1f, 0xe8, 0x95, 0x4b, 0xb0, + 0x1a, 0x3a, 0xb5, 0xaa, 0xe3, 0x3b, 0x81, 0x4b, 0xa2, 0x15, 0x4e, 0x6e, 0xde, 0x87, 0xc0, 0x00, + 0x58, 0x32, 0xea, 0xaa, 0x84, 0x58, 0x1a, 0xa4, 0x12, 0xe2, 0xc5, 0x8f, 0xc0, 0x74, 0xd7, 0xc7, + 0x1c, 0x2a, 0x48, 0xf4, 0xe1, 0xe3, 0x4b, 0xed, 0x7f, 0x3d, 0xaa, 0x27, 0xad, 0xf5, 0xb0, 0xc6, + 0xeb, 0xf1, 0x45, 0xfa, 0x8b, 0x0a, 0xdf, 0x33, 0xc7, 0x2e, 0x62, 0xdc, 0xa9, 0xa0, 0x80, 0xd8, + 0x14, 0x49, 0xfb, 0x68, 0xcb, 0x89, 0x48, 0x70, 0xda, 0x7d, 0x74, 0x53, 0x09, 0xc1, 0x86, 0x40, + 0xb4, 0x9b, 0x8a, 0x12, 0xbb, 0x76, 0xf2, 0x28, 0x31, 0x96, 0x67, 0xd8, 0xab, 0xe0, 0xd8, 0x57, + 0x2c, 0x98, 0x0a, 0x52, 0x3d, 0x57, 0xec, 0xc3, 0x6f, 0x9f, 0xc6, 0xa8, 0xe0, 0x35, 0x57, 0xd3, + 0x30, 0x9c, 0x91, 0xdf, 0x6b, 0x4a, 0x2b, 0x0d, 0x39, 0xa5, 0xe9, 0xc2, 0x9e, 0xa3, 0xfd, 0x0a, + 0x7b, 0xa2, 0x40, 0x95, 0x0f, 0x1e, 0xcb, 0xbd, 0x7c, 0x30, 0xf4, 0x28, 0x1d, 0x7c, 0x07, 0x2a, + 0x6e, 0x44, 0x9c, 0xe4, 0x21, 0x2b, 0xc9, 0xb2, 0x43, 0xc8, 0x45, 0xc9, 0x00, 0x6b, 0x5e, 0xf6, + 0x7f, 0x2c, 0xc2, 0x59, 0xd9, 0x22, 0x32, 0x82, 0x86, 0xce, 0x8f, 0x5c, 0xae, 0x76, 0x6e, 0xd5, + 0xfc, 0x78, 0x5d, 0x22, 0xb0, 0xa6, 0xa1, 0xfe, 0x58, 0x3b, 0x26, 0x1b, 0x2d, 0x12, 0xac, 0x7a, + 0x3b, 0xb1, 0x38, 0x3f, 0x52, 0x03, 0xe5, 0x96, 0x46, 0x61, 0x93, 0x8e, 0x3a, 0xe3, 0xdc, 0x2f, + 0x8e, 0xb3, 0x01, 0x69, 0xc2, 0xdf, 0xc6, 0x12, 0x8f, 0x7e, 0xad, 0x67, 0x1d, 0xf0, 0x7c, 0x42, + 0x31, 0xbb, 0x02, 0x87, 0x86, 0x2c, 0x00, 0xfe, 0x65, 0x0b, 0xce, 0xec, 0xa5, 0x72, 0x49, 0xa4, + 0x49, 0x3e, 0x61, 0xd6, 0x63, 0x3a, 0x41, 0x45, 0x77, 0xe1, 0x34, 0x3c, 0xc6, 0x59, 0xe9, 0xf6, + 0xff, 0xb1, 0xc0, 0x34, 0x4f, 0x83, 0x79, 0x56, 0xc6, 0xcd, 0x0e, 0x85, 0x63, 0x6e, 0x76, 0x90, + 0x4e, 0x58, 0x71, 0x30, 0xa7, 0x7f, 0x64, 0x08, 0xa7, 0xbf, 0xd4, 0xd7, 0x6b, 0x7b, 0x1e, 0x8a, + 0x6d, 0xaf, 0x26, 0xfc, 0x76, 0x7d, 0x18, 0xb6, 0xb2, 0x84, 0x29, 0xdc, 0xfe, 0x17, 0x25, 0xbd, + 0x4e, 0x17, 0x11, 0x84, 0x3f, 0x14, 0xaf, 0x5d, 0x57, 0x49, 0xac, 0xfc, 0xcd, 0xd7, 0xbb, 0x92, + 0x58, 0x7f, 0x62, 0xf8, 0x00, 0x51, 0xde, 0x40, 0xfd, 0x72, 0x58, 0xc7, 0x8e, 0x89, 0x0e, 0xbd, + 0x0b, 0x65, 0xba, 0xb4, 0x61, 0x1b, 0x6e, 0xe5, 0x94, 0x52, 0xe5, 0xeb, 0x02, 0x7e, 0xff, 0x70, + 0xf6, 0xc7, 0x87, 0x57, 0x4b, 0x3e, 0x8d, 0x15, 0x7f, 0x14, 0x43, 0x85, 0xfe, 0x66, 0x81, 0xac, + 0x62, 0xd1, 0x74, 0x4b, 0xd9, 0x22, 0x89, 0xc8, 0x25, 0x4a, 0x56, 0xcb, 0x41, 0x01, 0x54, 0xd8, + 0x1d, 0x04, 0x4c, 0x28, 0x5f, 0x5b, 0x6d, 0xaa, 0x70, 0x52, 0x89, 0xb8, 0x7f, 0x38, 0xfb, 0xfa, + 0xf0, 0x42, 0xd5, 0xe3, 0x58, 0x8b, 0xb0, 0xbf, 0x3a, 0xa2, 0xfb, 0xae, 0xc8, 0x5d, 0xfe, 0xa1, + 0xe8, 0xbb, 0xaf, 0x65, 0xfa, 0xee, 0xe5, 0xae, 0xbe, 0x3b, 0xa5, 0xeb, 0xf4, 0xa7, 0x7a, 0xe3, + 0xa3, 0x9e, 0x60, 0x8f, 0x5f, 0xc7, 0x33, 0xcf, 0xe2, 0xed, 0xb6, 0x17, 0x91, 0x78, 0x33, 0x6a, + 0x07, 0x5e, 0xd0, 0x10, 0xb7, 0x35, 0x19, 0x9e, 0x45, 0x0a, 0x8d, 0xb3, 0xf4, 0xec, 0xa6, 0xa7, + 0x4e, 0xe0, 0xde, 0x71, 0xf6, 0x79, 0xaf, 0x32, 0xd2, 0x39, 0xb7, 0x04, 0x1c, 0x2b, 0x0a, 0xfb, + 0x5b, 0xec, 0x74, 0xd4, 0x88, 0xa0, 0xa7, 0x7d, 0xc2, 0x67, 0x97, 0x3e, 0xf0, 0x5c, 0x50, 0xd5, + 0x27, 0xf8, 0x4d, 0x0f, 0x1c, 0x87, 0xee, 0xc1, 0xd8, 0x0e, 0x2f, 0x06, 0x9d, 0x4f, 0xe5, 0x27, + 0x51, 0x59, 0x9a, 0x15, 0x48, 0x94, 0x65, 0xa6, 0xef, 0xeb, 0x9f, 0x58, 0x4a, 0xb3, 0xff, 0x7e, + 0x11, 0xce, 0x64, 0xae, 0x24, 0x48, 0xd5, 0xa1, 0x28, 0x1c, 0x5b, 0x87, 0xe2, 0x13, 0x00, 0x35, + 0xd2, 0xf2, 0xc3, 0x0e, 0x73, 0x73, 0x46, 0x86, 0x76, 0x73, 0x94, 0x67, 0xbc, 0xa4, 0xb8, 0x60, + 0x83, 0xa3, 0x48, 0x80, 0xe5, 0x65, 0x2d, 0x32, 0x09, 0xb0, 0x46, 0x01, 0xb4, 0xd1, 0x47, 0x5b, + 0x00, 0xcd, 0x83, 0x33, 0x5c, 0x45, 0x15, 0xa7, 0xfe, 0x10, 0xe1, 0xe8, 0x2c, 0xc2, 0x71, 0x29, + 0xcd, 0x06, 0x67, 0xf9, 0xda, 0x5f, 0x2a, 0x50, 0x67, 0x8f, 0x37, 0xb6, 0x4a, 0x85, 0x7c, 0x3f, + 0x8c, 0x3a, 0xed, 0x64, 0x37, 0xec, 0xaa, 0x6a, 0xbd, 0xc0, 0xa0, 0x58, 0x60, 0xd1, 0x2a, 0x8c, + 0xd4, 0x74, 0x7a, 0xdb, 0x30, 0xca, 0xe9, 0x7d, 0x33, 0x27, 0x21, 0x98, 0x71, 0x41, 0xcf, 0xc1, + 0x48, 0xe2, 0x34, 0x52, 0x17, 0x79, 0x6d, 0x3b, 0x8d, 0x18, 0x33, 0xa8, 0x39, 0x17, 0x8d, 0x1c, + 0x33, 0x17, 0xbd, 0x0e, 0x93, 0xb1, 0xd7, 0x08, 0x9c, 0xa4, 0x1d, 0x11, 0xe3, 0x8c, 0x46, 0x1f, + 0x6c, 0x9b, 0x48, 0x9c, 0xa6, 0xb5, 0xdf, 0xad, 0xc0, 0xf9, 0x5e, 0x37, 0xaa, 0xe6, 0x1d, 0x24, + 0xdc, 0x4b, 0xc6, 0xa3, 0x0b, 0x12, 0xee, 0x23, 0xdd, 0x37, 0x82, 0x84, 0x7d, 0x23, 0x48, 0xf8, + 0x73, 0x16, 0x54, 0x54, 0x6c, 0xac, 0x88, 0xef, 0xfb, 0xd8, 0x29, 0xdc, 0x5a, 0x2b, 0x45, 0x88, + 0x10, 0x49, 0xf9, 0x17, 0x6b, 0xe1, 0xa7, 0x17, 0x35, 0xfc, 0x40, 0x85, 0x86, 0x8a, 0x1a, 0x56, + 0x21, 0xd5, 0xa5, 0x3c, 0x42, 0xaa, 0xfb, 0x7c, 0xaa, 0x9e, 0x21, 0xd5, 0x5f, 0xb1, 0x60, 0xdc, + 0x79, 0xa7, 0x1d, 0x91, 0x25, 0xb2, 0xbf, 0xd1, 0x8a, 0x85, 0xdd, 0xfa, 0x78, 0xfe, 0x0a, 0x2c, + 0x68, 0x21, 0xa2, 0xfc, 0xa6, 0x06, 0x60, 0x53, 0x85, 0x54, 0x08, 0xf5, 0x58, 0x1e, 0x21, 0xd4, + 0xbd, 0xd4, 0x39, 0x36, 0x84, 0xfa, 0x75, 0x98, 0x74, 0xfd, 0x30, 0x20, 0x9b, 0x51, 0x98, 0x84, + 0x6e, 0xe8, 0x0b, 0x1f, 0x55, 0x99, 0x84, 0x45, 0x13, 0x89, 0xd3, 0xb4, 0xfd, 0xe2, 0xaf, 0x2b, + 0x27, 0x8d, 0xbf, 0x86, 0xc7, 0x14, 0x7f, 0xfd, 0x67, 0x05, 0x98, 0x3d, 0xe6, 0xa3, 0xa2, 0xd7, + 0x60, 0x22, 0x8c, 0x1a, 0x4e, 0xe0, 0xbd, 0xc3, 0xd3, 0xdf, 0x4a, 0xe9, 0xea, 0x04, 0x1b, 0x06, + 0x0e, 0xa7, 0x28, 0x65, 0x84, 0xe6, 0x68, 0x9f, 0x08, 0xcd, 0x0f, 0xc1, 0x78, 0x42, 0x9c, 0xa6, + 0x08, 0x18, 0x10, 0xeb, 0x0a, 0x7d, 0x4e, 0xa3, 0x51, 0xd8, 0xa4, 0xa3, 0xdd, 0x68, 0xca, 0x71, + 0x5d, 0x12, 0xc7, 0x32, 0x04, 0x53, 0xec, 0x79, 0xe4, 0x16, 0xdf, 0xc9, 0xb6, 0x92, 0x16, 0x52, + 0x22, 0x70, 0x46, 0x24, 0x55, 0xde, 0xf1, 0x7d, 0x1e, 0x6d, 0x4d, 0xe4, 0xd5, 0x9c, 0x3a, 0x59, + 0x5e, 0xa3, 0xb0, 0x49, 0x67, 0xff, 0x46, 0x01, 0x9e, 0x7f, 0xa0, 0x79, 0x19, 0x38, 0x3a, 0xb6, + 0x1d, 0x93, 0x28, 0x7b, 0xce, 0x71, 0x2b, 0x26, 0x11, 0x66, 0x18, 0xde, 0x4a, 0xad, 0x96, 0x71, + 0x75, 0x45, 0xde, 0xc1, 0xd8, 0xbc, 0x95, 0x52, 0x22, 0x70, 0x46, 0x64, 0xb6, 0x95, 0x46, 0x06, + 0x6c, 0xa5, 0x7f, 0x5c, 0x80, 0x17, 0x06, 0x30, 0xc2, 0x39, 0x06, 0xad, 0xa7, 0x83, 0xfe, 0x8b, + 0x8f, 0x27, 0xe8, 0xff, 0x61, 0x9b, 0xeb, 0x5b, 0x05, 0xb8, 0xd8, 0xdf, 0x16, 0xa2, 0x9f, 0xa4, + 0x6b, 0x13, 0x19, 0xc3, 0x60, 0x26, 0x0c, 0x9c, 0xe3, 0xeb, 0x92, 0x14, 0x0a, 0x67, 0x69, 0xd1, + 0x1c, 0x40, 0xcb, 0x49, 0x76, 0xe3, 0xab, 0x07, 0x5e, 0x9c, 0x88, 0x54, 0xb7, 0x29, 0xbe, 0xc3, + 0x2c, 0xa1, 0xd8, 0xa0, 0xa0, 0xe2, 0xd8, 0xbf, 0xa5, 0x70, 0x3d, 0x4c, 0xf8, 0x43, 0xdc, 0x8f, + 0x3b, 0xc7, 0xef, 0xd2, 0x4d, 0xa1, 0x70, 0x96, 0x96, 0x8a, 0x63, 0x67, 0x18, 0x5c, 0x51, 0x71, + 0xef, 0x30, 0x15, 0xb7, 0xaa, 0xa0, 0xd8, 0xa0, 0xc8, 0xa6, 0x42, 0x94, 0x06, 0x48, 0x85, 0xf8, + 0x67, 0x05, 0x78, 0xa6, 0xef, 0x5c, 0x3a, 0xd8, 0x00, 0x7c, 0xf2, 0x72, 0x20, 0x1e, 0xae, 0xef, + 0x0c, 0x19, 0xd9, 0xff, 0x5f, 0xfa, 0xf4, 0x34, 0x11, 0xd9, 0x9f, 0x9d, 0x2a, 0xac, 0x61, 0xa7, + 0x8a, 0x27, 0xa8, 0x3d, 0xbb, 0x82, 0xf9, 0x47, 0x86, 0x08, 0xe6, 0xcf, 0x7c, 0x8c, 0xd2, 0x80, + 0x03, 0xf9, 0xbb, 0xfd, 0x9b, 0x97, 0xfa, 0xde, 0x03, 0xed, 0xfa, 0x2c, 0xc1, 0x59, 0x71, 0x81, + 0xf9, 0x56, 0x7b, 0x47, 0x24, 0x42, 0x16, 0xd2, 0xd7, 0xb8, 0xac, 0x64, 0xf0, 0xb8, 0xeb, 0x89, + 0x27, 0x30, 0xb9, 0xe2, 0x21, 0x9b, 0xf4, 0x13, 0x50, 0x51, 0xbc, 0x79, 0xc0, 0xa1, 0xfa, 0xa0, + 0x5d, 0x01, 0x87, 0xea, 0x6b, 0x1a, 0x54, 0xb4, 0x25, 0xf6, 0x48, 0x27, 0xdb, 0x33, 0x6f, 0x92, + 0x0e, 0x3b, 0x7c, 0xb4, 0x7f, 0x0c, 0x26, 0xd4, 0x22, 0x72, 0xd0, 0x52, 0x92, 0xf6, 0xff, 0x1c, + 0x81, 0xc9, 0x54, 0xc2, 0x7b, 0x6a, 0x2b, 0xc4, 0x3a, 0x76, 0x2b, 0x84, 0x85, 0x68, 0xb6, 0x03, + 0x59, 0x69, 0xd5, 0x08, 0xd1, 0x6c, 0x07, 0x04, 0x73, 0x1c, 0x5d, 0xba, 0xd7, 0xa2, 0x0e, 0x6e, + 0x07, 0x22, 0xd0, 0x4b, 0x2d, 0xdd, 0x97, 0x18, 0x14, 0x0b, 0x2c, 0xfa, 0xb4, 0x05, 0x13, 0x31, + 0xdb, 0x67, 0xe3, 0x1b, 0x49, 0xe2, 0x83, 0xde, 0xc8, 0xe3, 0x86, 0x4d, 0x51, 0xdc, 0x81, 0x9d, + 0x11, 0x9b, 0x10, 0x9c, 0x92, 0x88, 0x7e, 0xd9, 0x32, 0xef, 0x16, 0x1d, 0xcd, 0x23, 0x40, 0x31, + 0x5b, 0x4f, 0x80, 0x6f, 0xb3, 0x3c, 0xf8, 0x8a, 0xd1, 0x58, 0xed, 0xf2, 0x8c, 0x9d, 0xce, 0x2e, + 0x0f, 0xf4, 0xd8, 0xe1, 0xf9, 0x20, 0x54, 0x9a, 0x4e, 0xe0, 0xd5, 0x49, 0x9c, 0xc4, 0x33, 0x65, + 0xa3, 0xcc, 0x89, 0x04, 0x62, 0x8d, 0xa7, 0x93, 0x5d, 0xcc, 0x5e, 0x8c, 0x9f, 0x8b, 0x55, 0xf4, + 0xa5, 0x07, 0x5b, 0x1a, 0x8c, 0x4d, 0x1a, 0xfb, 0x9f, 0x5a, 0x70, 0xa1, 0x67, 0x63, 0x3c, 0xb9, + 0x11, 0x35, 0x74, 0x82, 0x3e, 0xd7, 0xa3, 0x20, 0x04, 0xea, 0x9c, 0xda, 0x15, 0xb4, 0xa2, 0xe2, + 0xc4, 0x64, 0xdf, 0xbe, 0x31, 0xdc, 0x5e, 0xa5, 0xde, 0x2f, 0x2c, 0x3e, 0xd2, 0xfd, 0x42, 0xfb, + 0xdd, 0x22, 0x18, 0x97, 0x25, 0xa3, 0x5f, 0x30, 0x6b, 0x9f, 0x58, 0x79, 0xd5, 0xe9, 0xe0, 0xcc, + 0x55, 0xed, 0x14, 0xde, 0x6a, 0xbd, 0x4a, 0xa9, 0x64, 0xfb, 0x6b, 0xe1, 0xf8, 0xfe, 0x8a, 0x7c, + 0x59, 0x64, 0xa6, 0x98, 0x7f, 0x91, 0x99, 0x4a, 0xb6, 0xc0, 0x0c, 0xfa, 0x1d, 0x0b, 0x66, 0x9a, + 0x7d, 0x8a, 0xa1, 0xe5, 0x93, 0xfb, 0xdb, 0xaf, 0xd4, 0x1a, 0xbb, 0xf8, 0xbf, 0x6f, 0x0d, 0x3a, + 0xdc, 0x57, 0x2b, 0xfb, 0xef, 0x59, 0x7c, 0x70, 0x64, 0xbe, 0x82, 0x9e, 0x14, 0xac, 0x07, 0x4c, + 0x0a, 0x2f, 0xb1, 0x7b, 0x88, 0xea, 0xd7, 0x89, 0xe3, 0x8b, 0xc9, 0xc3, 0xbc, 0x52, 0x88, 0xc1, + 0xb1, 0xa2, 0x60, 0x55, 0xcb, 0x7d, 0x3f, 0xbc, 0x77, 0xb5, 0xd9, 0x4a, 0x3a, 0x62, 0x1a, 0xd1, + 0x55, 0xcb, 0x15, 0x06, 0x1b, 0x54, 0xf6, 0x9f, 0x5b, 0xbc, 0x07, 0x8a, 0x93, 0xaa, 0xd7, 0x32, + 0x55, 0x76, 0x07, 0x3f, 0xe4, 0xf9, 0x39, 0x00, 0x57, 0x5d, 0x41, 0x92, 0xcf, 0xb5, 0xcf, 0xfa, + 0x4a, 0x13, 0xf3, 0x2e, 0x62, 0x09, 0xc3, 0x86, 0xbc, 0xd4, 0x78, 0x2f, 0x1e, 0x37, 0xde, 0xed, + 0x3f, 0xb3, 0x20, 0x35, 0xbf, 0xa1, 0x16, 0x94, 0xa8, 0x06, 0x9d, 0x7c, 0x2e, 0x4c, 0x31, 0x59, + 0x53, 0x5b, 0x20, 0x7a, 0x32, 0xfb, 0x89, 0xb9, 0x20, 0xe4, 0x8b, 0x33, 0xaa, 0x42, 0x1e, 0x97, + 0xfa, 0x98, 0x02, 0xaf, 0x87, 0xe1, 0x1e, 0xdf, 0x83, 0xd7, 0xe7, 0x5d, 0xf6, 0x6b, 0x30, 0xdd, + 0xa5, 0x14, 0xab, 0x91, 0x19, 0xca, 0x5b, 0x62, 0x8c, 0x1e, 0xc8, 0x2a, 0xf6, 0x62, 0x8e, 0xb3, + 0xbf, 0x65, 0xc1, 0xd9, 0x2c, 0x7b, 0xf4, 0x75, 0x0b, 0xa6, 0xe3, 0x2c, 0xbf, 0xd3, 0x6a, 0x3b, + 0x15, 0xbf, 0xd1, 0x85, 0xc2, 0xdd, 0x4a, 0xd8, 0xff, 0xbf, 0xc0, 0xfb, 0xf3, 0x1d, 0x2f, 0xa8, + 0x85, 0xf7, 0xd4, 0x7c, 0x68, 0xf5, 0x9d, 0x0f, 0xe9, 0x10, 0x73, 0x77, 0x49, 0xad, 0xed, 0x77, + 0x65, 0xa8, 0x6c, 0x09, 0x38, 0x56, 0x14, 0xa9, 0x2b, 0x59, 0x8b, 0xc7, 0x5e, 0xc9, 0xfa, 0x2a, + 0x4c, 0x98, 0x37, 0x21, 0x89, 0x74, 0x77, 0xe6, 0x5e, 0x99, 0x97, 0x26, 0xe1, 0x14, 0x55, 0xe6, + 0x2e, 0xcc, 0xd2, 0xb1, 0x77, 0x61, 0xbe, 0x08, 0x65, 0x71, 0xaf, 0xa3, 0x8c, 0x72, 0xe2, 0xe9, + 0x2f, 0x02, 0x86, 0x15, 0x96, 0x1a, 0x88, 0xa6, 0x13, 0xb4, 0x1d, 0x9f, 0xb6, 0x90, 0xc8, 0x8a, + 0x53, 0x23, 0x6b, 0x4d, 0x61, 0xb0, 0x41, 0x45, 0xdf, 0x38, 0xf1, 0x9a, 0xe4, 0xad, 0x30, 0x90, + 0xf1, 0x01, 0x7a, 0x87, 0x52, 0xc0, 0xb1, 0xa2, 0xb0, 0xff, 0x87, 0x05, 0xd9, 0x4b, 0xe9, 0x52, + 0x6b, 0x56, 0xeb, 0xd8, 0x4c, 0xbc, 0x74, 0x96, 0x51, 0x61, 0xa0, 0x2c, 0x23, 0x33, 0x01, 0xa8, + 0xf8, 0xc0, 0x04, 0xa0, 0x1f, 0xd1, 0x95, 0xd6, 0x79, 0xa6, 0xd0, 0x78, 0xaf, 0x2a, 0xeb, 0xc8, + 0x86, 0x51, 0xd7, 0x51, 0x89, 0xce, 0x13, 0xdc, 0x13, 0x5c, 0x5c, 0x60, 0x44, 0x02, 0x53, 0xdd, + 0xf9, 0xce, 0xf7, 0x2f, 0xbd, 0xef, 0xbb, 0xdf, 0xbf, 0xf4, 0xbe, 0x3f, 0xfc, 0xfe, 0xa5, 0xf7, + 0x7d, 0xfa, 0xe8, 0x92, 0xf5, 0x9d, 0xa3, 0x4b, 0xd6, 0x77, 0x8f, 0x2e, 0x59, 0x7f, 0x78, 0x74, + 0xc9, 0x7a, 0xf7, 0xe8, 0x92, 0xf5, 0x95, 0xff, 0x76, 0xe9, 0x7d, 0x6f, 0xf5, 0x8c, 0xe7, 0xa0, + 0x3f, 0x5e, 0x76, 0x6b, 0xf3, 0xfb, 0x57, 0x58, 0x48, 0x01, 0x1d, 0x0d, 0xf3, 0x46, 0x17, 0x98, + 0x97, 0xa3, 0xe1, 0x2f, 0x03, 0x00, 0x00, 0xff, 0xff, 0x82, 0xa3, 0x6a, 0x27, 0xe2, 0xb4, 0x00, + 0x00, } func (m *AWSAuthConfig) Marshal() (dAtA []byte, err error) { @@ -8105,7 +8141,7 @@ func (m *ListGenerator) MarshalToSizedBuffer(dAtA []byte) (int, error) { return len(dAtA) - i, nil } -func (m *MatrixGenerator) Marshal() (dAtA []byte, err error) { +func (m *ManagedNamespaceMetadata) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -8115,36 +8151,60 @@ func (m *MatrixGenerator) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *MatrixGenerator) MarshalTo(dAtA []byte) (int, error) { +func (m *ManagedNamespaceMetadata) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *MatrixGenerator) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *ManagedNamespaceMetadata) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int _ = l - { - size, err := m.Template.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err + if len(m.Annotations) > 0 { + keysForAnnotations := make([]string, 0, len(m.Annotations)) + for k := range m.Annotations { + keysForAnnotations = append(keysForAnnotations, string(k)) + } + github_com_gogo_protobuf_sortkeys.Strings(keysForAnnotations) + for iNdEx := len(keysForAnnotations) - 1; iNdEx >= 0; iNdEx-- { + v := m.Annotations[string(keysForAnnotations[iNdEx])] + baseI := i + i -= len(v) + copy(dAtA[i:], v) + i = encodeVarintGenerated(dAtA, i, uint64(len(v))) + i-- + dAtA[i] = 0x12 + i -= len(keysForAnnotations[iNdEx]) + copy(dAtA[i:], keysForAnnotations[iNdEx]) + i = encodeVarintGenerated(dAtA, i, uint64(len(keysForAnnotations[iNdEx]))) + i-- + dAtA[i] = 0xa + i = encodeVarintGenerated(dAtA, i, uint64(baseI-i)) + i-- + dAtA[i] = 0x12 } - i -= size - i = encodeVarintGenerated(dAtA, i, uint64(size)) } - i-- - dAtA[i] = 0x12 - if len(m.Generators) > 0 { - for iNdEx := len(m.Generators) - 1; iNdEx >= 0; iNdEx-- { - { - size, err := m.Generators[iNdEx].MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintGenerated(dAtA, i, uint64(size)) - } + if len(m.Labels) > 0 { + keysForLabels := make([]string, 0, len(m.Labels)) + for k := range m.Labels { + keysForLabels = append(keysForLabels, string(k)) + } + github_com_gogo_protobuf_sortkeys.Strings(keysForLabels) + for iNdEx := len(keysForLabels) - 1; iNdEx >= 0; iNdEx-- { + v := m.Labels[string(keysForLabels[iNdEx])] + baseI := i + i -= len(v) + copy(dAtA[i:], v) + i = encodeVarintGenerated(dAtA, i, uint64(len(v))) + i-- + dAtA[i] = 0x12 + i -= len(keysForLabels[iNdEx]) + copy(dAtA[i:], keysForLabels[iNdEx]) + i = encodeVarintGenerated(dAtA, i, uint64(len(keysForLabels[iNdEx]))) + i-- + dAtA[i] = 0xa + i = encodeVarintGenerated(dAtA, i, uint64(baseI-i)) i-- dAtA[i] = 0xa } @@ -8152,7 +8212,7 @@ func (m *MatrixGenerator) MarshalToSizedBuffer(dAtA []byte) (int, error) { return len(dAtA) - i, nil } -func (m *MergeGenerator) Marshal() (dAtA []byte, err error) { +func (m *MatrixGenerator) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -8162,12 +8222,12 @@ func (m *MergeGenerator) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *MergeGenerator) MarshalTo(dAtA []byte) (int, error) { +func (m *MatrixGenerator) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *MergeGenerator) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *MatrixGenerator) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -8181,16 +8241,7 @@ func (m *MergeGenerator) MarshalToSizedBuffer(dAtA []byte) (int, error) { i = encodeVarintGenerated(dAtA, i, uint64(size)) } i-- - dAtA[i] = 0x1a - if len(m.MergeKeys) > 0 { - for iNdEx := len(m.MergeKeys) - 1; iNdEx >= 0; iNdEx-- { - i -= len(m.MergeKeys[iNdEx]) - copy(dAtA[i:], m.MergeKeys[iNdEx]) - i = encodeVarintGenerated(dAtA, i, uint64(len(m.MergeKeys[iNdEx]))) - i-- - dAtA[i] = 0x12 - } - } + dAtA[i] = 0x12 if len(m.Generators) > 0 { for iNdEx := len(m.Generators) - 1; iNdEx >= 0; iNdEx-- { { @@ -8208,7 +8259,7 @@ func (m *MergeGenerator) MarshalToSizedBuffer(dAtA []byte) (int, error) { return len(dAtA) - i, nil } -func (m *NestedMatrixGenerator) Marshal() (dAtA []byte, err error) { +func (m *MergeGenerator) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -8218,53 +8269,109 @@ func (m *NestedMatrixGenerator) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *NestedMatrixGenerator) MarshalTo(dAtA []byte) (int, error) { +func (m *MergeGenerator) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *NestedMatrixGenerator) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *MergeGenerator) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int _ = l - if len(m.Generators) > 0 { - for iNdEx := len(m.Generators) - 1; iNdEx >= 0; iNdEx-- { - { - size, err := m.Generators[iNdEx].MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintGenerated(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0xa + { + size, err := m.Template.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) } - return len(dAtA) - i, nil -} - -func (m *NestedMergeGenerator) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *NestedMergeGenerator) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *NestedMergeGenerator) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l + i-- + dAtA[i] = 0x1a + if len(m.MergeKeys) > 0 { + for iNdEx := len(m.MergeKeys) - 1; iNdEx >= 0; iNdEx-- { + i -= len(m.MergeKeys[iNdEx]) + copy(dAtA[i:], m.MergeKeys[iNdEx]) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.MergeKeys[iNdEx]))) + i-- + dAtA[i] = 0x12 + } + } + if len(m.Generators) > 0 { + for iNdEx := len(m.Generators) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.Generators[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + } + } + return len(dAtA) - i, nil +} + +func (m *NestedMatrixGenerator) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *NestedMatrixGenerator) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *NestedMatrixGenerator) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if len(m.Generators) > 0 { + for iNdEx := len(m.Generators) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.Generators[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + } + } + return len(dAtA) - i, nil +} + +func (m *NestedMergeGenerator) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *NestedMergeGenerator) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *NestedMergeGenerator) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l if len(m.MergeKeys) > 0 { for iNdEx := len(m.MergeKeys) - 1; iNdEx >= 0; iNdEx-- { i -= len(m.MergeKeys[iNdEx]) @@ -11249,6 +11356,18 @@ func (m *SyncPolicy) MarshalToSizedBuffer(dAtA []byte) (int, error) { _ = i var l int _ = l + if m.ManagedNamespaceMetadata != nil { + { + size, err := m.ManagedNamespaceMetadata.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x22 + } if m.Retry != nil { { size, err := m.Retry.MarshalToSizedBuffer(dAtA[:i]) @@ -13050,6 +13169,31 @@ func (m *ListGenerator) Size() (n int) { return n } +func (m *ManagedNamespaceMetadata) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if len(m.Labels) > 0 { + for k, v := range m.Labels { + _ = k + _ = v + mapEntrySize := 1 + len(k) + sovGenerated(uint64(len(k))) + 1 + len(v) + sovGenerated(uint64(len(v))) + n += mapEntrySize + 1 + sovGenerated(uint64(mapEntrySize)) + } + } + if len(m.Annotations) > 0 { + for k, v := range m.Annotations { + _ = k + _ = v + mapEntrySize := 1 + len(k) + sovGenerated(uint64(len(k))) + 1 + len(v) + sovGenerated(uint64(len(v))) + n += mapEntrySize + 1 + sovGenerated(uint64(mapEntrySize)) + } + } + return n +} + func (m *MatrixGenerator) Size() (n int) { if m == nil { return 0 @@ -14248,6 +14392,10 @@ func (m *SyncPolicy) Size() (n int) { l = m.Retry.Size() n += 1 + l + sovGenerated(uint64(l)) } + if m.ManagedNamespaceMetadata != nil { + l = m.ManagedNamespaceMetadata.Size() + n += 1 + l + sovGenerated(uint64(l)) + } return n } @@ -15493,6 +15641,37 @@ func (this *ListGenerator) String() string { }, "") return s } +func (this *ManagedNamespaceMetadata) String() string { + if this == nil { + return "nil" + } + keysForLabels := make([]string, 0, len(this.Labels)) + for k := range this.Labels { + keysForLabels = append(keysForLabels, k) + } + github_com_gogo_protobuf_sortkeys.Strings(keysForLabels) + mapStringForLabels := "map[string]string{" + for _, k := range keysForLabels { + mapStringForLabels += fmt.Sprintf("%v: %v,", k, this.Labels[k]) + } + mapStringForLabels += "}" + keysForAnnotations := make([]string, 0, len(this.Annotations)) + for k := range this.Annotations { + keysForAnnotations = append(keysForAnnotations, k) + } + github_com_gogo_protobuf_sortkeys.Strings(keysForAnnotations) + mapStringForAnnotations := "map[string]string{" + for _, k := range keysForAnnotations { + mapStringForAnnotations += fmt.Sprintf("%v: %v,", k, this.Annotations[k]) + } + mapStringForAnnotations += "}" + s := strings.Join([]string{`&ManagedNamespaceMetadata{`, + `Labels:` + mapStringForLabels + `,`, + `Annotations:` + mapStringForAnnotations + `,`, + `}`, + }, "") + return s +} func (this *MatrixGenerator) String() string { if this == nil { return "nil" @@ -16337,6 +16516,7 @@ func (this *SyncPolicy) String() string { `Automated:` + strings.Replace(this.Automated.String(), "SyncPolicyAutomated", "SyncPolicyAutomated", 1) + `,`, `SyncOptions:` + fmt.Sprintf("%v", this.SyncOptions) + `,`, `Retry:` + strings.Replace(this.Retry.String(), "RetryStrategy", "RetryStrategy", 1) + `,`, + `ManagedNamespaceMetadata:` + strings.Replace(this.ManagedNamespaceMetadata.String(), "ManagedNamespaceMetadata", "ManagedNamespaceMetadata", 1) + `,`, `}`, }, "") return s @@ -28701,6 +28881,310 @@ func (m *ListGenerator) Unmarshal(dAtA []byte) error { } return nil } +func (m *ManagedNamespaceMetadata) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: ManagedNamespaceMetadata: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: ManagedNamespaceMetadata: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Labels", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.Labels == nil { + m.Labels = make(map[string]string) + } + var mapkey string + var mapvalue string + for iNdEx < postIndex { + entryPreIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + if fieldNum == 1 { + var stringLenmapkey uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLenmapkey |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLenmapkey := int(stringLenmapkey) + if intStringLenmapkey < 0 { + return ErrInvalidLengthGenerated + } + postStringIndexmapkey := iNdEx + intStringLenmapkey + if postStringIndexmapkey < 0 { + return ErrInvalidLengthGenerated + } + if postStringIndexmapkey > l { + return io.ErrUnexpectedEOF + } + mapkey = string(dAtA[iNdEx:postStringIndexmapkey]) + iNdEx = postStringIndexmapkey + } else if fieldNum == 2 { + var stringLenmapvalue uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLenmapvalue |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLenmapvalue := int(stringLenmapvalue) + if intStringLenmapvalue < 0 { + return ErrInvalidLengthGenerated + } + postStringIndexmapvalue := iNdEx + intStringLenmapvalue + if postStringIndexmapvalue < 0 { + return ErrInvalidLengthGenerated + } + if postStringIndexmapvalue > l { + return io.ErrUnexpectedEOF + } + mapvalue = string(dAtA[iNdEx:postStringIndexmapvalue]) + iNdEx = postStringIndexmapvalue + } else { + iNdEx = entryPreIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > postIndex { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + m.Labels[mapkey] = mapvalue + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Annotations", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.Annotations == nil { + m.Annotations = make(map[string]string) + } + var mapkey string + var mapvalue string + for iNdEx < postIndex { + entryPreIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + if fieldNum == 1 { + var stringLenmapkey uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLenmapkey |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLenmapkey := int(stringLenmapkey) + if intStringLenmapkey < 0 { + return ErrInvalidLengthGenerated + } + postStringIndexmapkey := iNdEx + intStringLenmapkey + if postStringIndexmapkey < 0 { + return ErrInvalidLengthGenerated + } + if postStringIndexmapkey > l { + return io.ErrUnexpectedEOF + } + mapkey = string(dAtA[iNdEx:postStringIndexmapkey]) + iNdEx = postStringIndexmapkey + } else if fieldNum == 2 { + var stringLenmapvalue uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLenmapvalue |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLenmapvalue := int(stringLenmapvalue) + if intStringLenmapvalue < 0 { + return ErrInvalidLengthGenerated + } + postStringIndexmapvalue := iNdEx + intStringLenmapvalue + if postStringIndexmapvalue < 0 { + return ErrInvalidLengthGenerated + } + if postStringIndexmapvalue > l { + return io.ErrUnexpectedEOF + } + mapvalue = string(dAtA[iNdEx:postStringIndexmapvalue]) + iNdEx = postStringIndexmapvalue + } else { + iNdEx = entryPreIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > postIndex { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + m.Annotations[mapkey] = mapvalue + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} func (m *MatrixGenerator) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 @@ -39401,6 +39885,42 @@ func (m *SyncPolicy) Unmarshal(dAtA []byte) error { return err } iNdEx = postIndex + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ManagedNamespaceMetadata", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.ManagedNamespaceMetadata == nil { + m.ManagedNamespaceMetadata = &ManagedNamespaceMetadata{} + } + if err := m.ManagedNamespaceMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) diff --git a/pkg/apis/application/v1alpha1/generated.proto b/pkg/apis/application/v1alpha1/generated.proto index 323e52cd48abd..20b1b9866ed12 100644 --- a/pkg/apis/application/v1alpha1/generated.proto +++ b/pkg/apis/application/v1alpha1/generated.proto @@ -926,6 +926,12 @@ message ListGenerator { optional ApplicationSetTemplate template = 2; } +message ManagedNamespaceMetadata { + map labels = 1; + + map annotations = 2; +} + // MatrixGenerator generates the cartesian product of two sets of parameters. The parameters are defined by two nested // generators. message MatrixGenerator { @@ -1802,6 +1808,9 @@ message SyncPolicy { // Retry controls failed sync retry behavior optional RetryStrategy retry = 3; + + // ManagedNamespaceMetadata controls metadata in the given namespace (if CreateNamespace=true) + optional ManagedNamespaceMetadata managedNamespaceMetadata = 4; } // SyncPolicyAutomated controls the behavior of an automated sync diff --git a/pkg/apis/application/v1alpha1/openapi_generated.go b/pkg/apis/application/v1alpha1/openapi_generated.go index c67b64eea2eb0..fdd836709feae 100644 --- a/pkg/apis/application/v1alpha1/openapi_generated.go +++ b/pkg/apis/application/v1alpha1/openapi_generated.go @@ -80,6 +80,7 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.KnownTypeField": schema_pkg_apis_application_v1alpha1_KnownTypeField(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.KustomizeOptions": schema_pkg_apis_application_v1alpha1_KustomizeOptions(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ListGenerator": schema_pkg_apis_application_v1alpha1_ListGenerator(ref), + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ManagedNamespaceMetadata": schema_pkg_apis_application_v1alpha1_ManagedNamespaceMetadata(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.MatrixGenerator": schema_pkg_apis_application_v1alpha1_MatrixGenerator(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.MergeGenerator": schema_pkg_apis_application_v1alpha1_MergeGenerator(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.NestedMatrixGenerator": schema_pkg_apis_application_v1alpha1_NestedMatrixGenerator(ref), @@ -3282,6 +3283,48 @@ func schema_pkg_apis_application_v1alpha1_ListGenerator(ref common.ReferenceCall } } +func schema_pkg_apis_application_v1alpha1_ManagedNamespaceMetadata(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "labels": { + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + "annotations": { + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + }, + }, + }, + } +} + func schema_pkg_apis_application_v1alpha1_MatrixGenerator(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -6111,11 +6154,17 @@ func schema_pkg_apis_application_v1alpha1_SyncPolicy(ref common.ReferenceCallbac Ref: ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.RetryStrategy"), }, }, + "managedNamespaceMetadata": { + SchemaProps: spec.SchemaProps{ + Description: "ManagedNamespaceMetadata controls metadata in the given namespace (if CreateNamespace=true)", + Ref: ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ManagedNamespaceMetadata"), + }, + }, }, }, }, Dependencies: []string{ - "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.RetryStrategy", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SyncPolicyAutomated"}, + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ManagedNamespaceMetadata", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.RetryStrategy", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SyncPolicyAutomated"}, } } diff --git a/pkg/apis/application/v1alpha1/types.go b/pkg/apis/application/v1alpha1/types.go index b1b5a71c6f47b..29821ab9407e7 100644 --- a/pkg/apis/application/v1alpha1/types.go +++ b/pkg/apis/application/v1alpha1/types.go @@ -698,6 +698,11 @@ func (o SyncOptions) HasOption(option string) bool { return false } +type ManagedNamespaceMetadata struct { + Labels map[string]string `json:"labels,omitempty" protobuf:"bytes,1,opt,name=labels"` + Annotations map[string]string `json:"annotations,omitempty" protobuf:"bytes,2,opt,name=annotations"` +} + // SyncPolicy controls when a sync will be performed in response to updates in git type SyncPolicy struct { // Automated will keep an application synced to the target revision @@ -706,6 +711,8 @@ type SyncPolicy struct { SyncOptions SyncOptions `json:"syncOptions,omitempty" protobuf:"bytes,2,opt,name=syncOptions"` // Retry controls failed sync retry behavior Retry *RetryStrategy `json:"retry,omitempty" protobuf:"bytes,3,opt,name=retry"` + // ManagedNamespaceMetadata controls metadata in the given namespace (if CreateNamespace=true) + ManagedNamespaceMetadata *ManagedNamespaceMetadata `json:"managedNamespaceMetadata,omitempty" protobuf:"bytes,4,opt,name=managedNamespaceMetadata"` } // IsZero returns true if the sync policy is empty diff --git a/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go index ef7b43bf4869d..379167df25754 100644 --- a/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go @@ -1837,6 +1837,36 @@ func (in *ListGenerator) DeepCopy() *ListGenerator { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ManagedNamespaceMetadata) DeepCopyInto(out *ManagedNamespaceMetadata) { + *out = *in + if in.Labels != nil { + in, out := &in.Labels, &out.Labels + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.Annotations != nil { + in, out := &in.Annotations, &out.Annotations + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagedNamespaceMetadata. +func (in *ManagedNamespaceMetadata) DeepCopy() *ManagedNamespaceMetadata { + if in == nil { + return nil + } + out := new(ManagedNamespaceMetadata) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *MatrixGenerator) DeepCopyInto(out *MatrixGenerator) { *out = *in @@ -3223,6 +3253,11 @@ func (in *SyncPolicy) DeepCopyInto(out *SyncPolicy) { *out = new(RetryStrategy) (*in).DeepCopyInto(*out) } + if in.ManagedNamespaceMetadata != nil { + in, out := &in.ManagedNamespaceMetadata, &out.ManagedNamespaceMetadata + *out = new(ManagedNamespaceMetadata) + (*in).DeepCopyInto(*out) + } return } diff --git a/test/e2e/app_management_ns_test.go b/test/e2e/app_management_ns_test.go index 414b7679fd017..50319b5a331ca 100644 --- a/test/e2e/app_management_ns_test.go +++ b/test/e2e/app_management_ns_test.go @@ -4,6 +4,7 @@ import ( "context" "fmt" "math/rand" + "os" "path" "reflect" "strings" @@ -1816,12 +1817,12 @@ func TestNamespacedListResource(t *testing.T) { // Given application is set with --sync-option CreateNamespace=true // -// application --dest-namespace does not exist +// application --dest-namespace does not exist // -// Verity application --dest-namespace is created +// Verify application --dest-namespace is created // -// application sync successful -// when application is deleted, --dest-namespace is not deleted +// application sync successful +// when application is deleted, --dest-namespace is not deleted func TestNamespacedNamespaceAutoCreation(t *testing.T) { SkipOnEnv(t, "OPENSHIFT") updatedNamespace := getNewNamespace(t) @@ -1839,12 +1840,7 @@ func TestNamespacedNamespaceAutoCreation(t *testing.T) { When(). CreateApp("--sync-option", "CreateNamespace=true"). Then(). - And(func(app *Application) { - //Make sure the namespace we are about to update to does not exist - _, err := Run("", "kubectl", "get", "namespace", updatedNamespace) - assert.Error(t, err) - assert.Contains(t, err.Error(), "not found") - }). + Expect(NoNamespace(updatedNamespace)). When(). AppSet("--dest-namespace", updatedNamespace). Sync(). @@ -1866,6 +1862,302 @@ func TestNamespacedNamespaceAutoCreation(t *testing.T) { }) } +// Given application is set with --sync-option CreateNamespace=true +// +// application --dest-namespace does not exist +// +// Verify application --dest-namespace is created with managedNamespaceMetadata +func TestNamespacedNamespaceAutoCreationWithMetadata(t *testing.T) { + SkipOnEnv(t, "OPENSHIFT") + updatedNamespace := getNewNamespace(t) + defer func() { + if !t.Skipped() { + _, err := Run("", "kubectl", "delete", "namespace", updatedNamespace) + assert.NoError(t, err) + } + }() + ctx := Given(t) + ctx. + SetAppNamespace(AppNamespace()). + SetTrackingMethod("annotation"). + Timeout(30). + Path("guestbook"). + When(). + CreateFromFile(func(app *Application) { + app.Spec.SyncPolicy = &SyncPolicy{ + SyncOptions: SyncOptions{"CreateNamespace=true"}, + ManagedNamespaceMetadata: &ManagedNamespaceMetadata{ + Labels: map[string]string{"foo": "bar"}, + Annotations: map[string]string{"bar": "bat"}, + }} + }). + Then(). + Expect(NoNamespace(updatedNamespace)). + When(). + AppSet("--dest-namespace", updatedNamespace). + Sync(). + Then(). + Expect(Success("")). + Expect(Namespace(updatedNamespace, func(app *Application, ns *v1.Namespace) { + assert.Empty(t, app.Status.Conditions) + + trackingId := ns.Annotations["argocd.argoproj.io/tracking-id"] + + delete(ns.Labels, "kubernetes.io/metadata.name") + delete(ns.Labels, "argocd.argoproj.io/tracking-id") + delete(ns.Annotations, "argocd.argoproj.io/tracking-id") + delete(ns.Annotations, "kubectl.kubernetes.io/last-applied-configuration") + + assert.Equal(t, fmt.Sprintf("%s:/Namespace:/%s", app.Name, updatedNamespace), trackingId) + + assert.Equal(t, map[string]string{"foo": "bar"}, ns.Labels) + assert.Equal(t, map[string]string{"bar": "bat", "argocd.argoproj.io/sync-options": "ServerSideApply=true"}, ns.Annotations) + assert.Equal(t, map[string]string{"foo": "bar"}, app.Spec.SyncPolicy.ManagedNamespaceMetadata.Labels) + assert.Equal(t, map[string]string{"bar": "bat"}, app.Spec.SyncPolicy.ManagedNamespaceMetadata.Annotations) + })). + Expect(OperationPhaseIs(OperationSucceeded)).Expect(ResourceHealthWithNamespaceIs("Deployment", "guestbook-ui", updatedNamespace, health.HealthStatusHealthy)). + Expect(ResourceHealthWithNamespaceIs("Deployment", "guestbook-ui", updatedNamespace, health.HealthStatusHealthy)). + Expect(ResourceSyncStatusWithNamespaceIs("Deployment", "guestbook-ui", updatedNamespace, SyncStatusCodeSynced)). + When(). + And(func() { + FailOnErr(AppClientset.ArgoprojV1alpha1().Applications(AppNamespace()).Patch(context.Background(), + ctx.GetName(), types.JSONPatchType, []byte(`[{ "op": "replace", "path": "/spec/syncPolicy/managedNamespaceMetadata/labels", "value": {"new":"label"} }]`), metav1.PatchOptions{})) + }). + Sync(). + Then(). + Expect(Success("")). + Expect(Namespace(updatedNamespace, func(app *Application, ns *v1.Namespace) { + trackingId := ns.Annotations["argocd.argoproj.io/tracking-id"] + + delete(ns.Labels, "kubernetes.io/metadata.name") + delete(ns.Labels, "argocd.argoproj.io/tracking-id") + delete(ns.Annotations, "kubectl.kubernetes.io/last-applied-configuration") + delete(ns.Annotations, "argocd.argoproj.io/tracking-id") + + assert.Equal(t, fmt.Sprintf("%s:/Namespace:/%s", app.Name, updatedNamespace), trackingId) + + assert.Equal(t, map[string]string{"new": "label"}, ns.Labels) + assert.Equal(t, map[string]string{"bar": "bat", "argocd.argoproj.io/sync-options": "ServerSideApply=true"}, ns.Annotations) + assert.Equal(t, map[string]string{"new": "label"}, app.Spec.SyncPolicy.ManagedNamespaceMetadata.Labels) + assert.Equal(t, map[string]string{"bar": "bat"}, app.Spec.SyncPolicy.ManagedNamespaceMetadata.Annotations) + })). + When(). + And(func() { + FailOnErr(AppClientset.ArgoprojV1alpha1().Applications(AppNamespace()).Patch(context.Background(), + ctx.GetName(), types.JSONPatchType, []byte(`[{ "op": "replace", "path": "/spec/syncPolicy/managedNamespaceMetadata/annotations", "value": {"new":"custom-annotation"} }]`), metav1.PatchOptions{})) + }). + Sync(). + Then(). + Expect(Success("")). + Expect(Namespace(updatedNamespace, func(app *Application, ns *v1.Namespace) { + trackingId := ns.Annotations["argocd.argoproj.io/tracking-id"] + + delete(ns.Labels, "kubernetes.io/metadata.name") + delete(ns.Labels, "argocd.argoproj.io/tracking-id") + delete(ns.Annotations, "argocd.argoproj.io/tracking-id") + delete(ns.Annotations, "kubectl.kubernetes.io/last-applied-configuration") + + assert.Equal(t, fmt.Sprintf("%s:/Namespace:/%s", app.Name, updatedNamespace), trackingId) + + assert.Equal(t, map[string]string{"new": "label"}, ns.Labels) + assert.Equal(t, map[string]string{"new": "custom-annotation", "argocd.argoproj.io/sync-options": "ServerSideApply=true"}, ns.Annotations) + assert.Equal(t, map[string]string{"new": "label"}, app.Spec.SyncPolicy.ManagedNamespaceMetadata.Labels) + assert.Equal(t, map[string]string{"new": "custom-annotation"}, app.Spec.SyncPolicy.ManagedNamespaceMetadata.Annotations) + })) +} + +// Given application is set with --sync-option CreateNamespace=true +// +// application --dest-namespace does not exist +// +// Verify application namespace manifest takes precedence over managedNamespaceMetadata +func TestNamespacedNamespaceAutoCreationWithMetadataAndNsManifest(t *testing.T) { + SkipOnEnv(t, "OPENSHIFT") + namespace := "guestbook-ui-with-namespace-manifest" + defer func() { + if !t.Skipped() { + _, err := Run("", "kubectl", "delete", "namespace", namespace) + assert.NoError(t, err) + } + }() + + ctx := Given(t) + ctx. + SetAppNamespace(AppNamespace()). + SetTrackingMethod("annotation"). + Timeout(30). + Path("guestbook-with-namespace-manifest"). + When(). + CreateFromFile(func(app *Application) { + app.Spec.SyncPolicy = &SyncPolicy{ + SyncOptions: SyncOptions{"CreateNamespace=true"}, + ManagedNamespaceMetadata: &ManagedNamespaceMetadata{ + Labels: map[string]string{"foo": "bar", "abc": "123"}, + Annotations: map[string]string{"bar": "bat"}, + }} + }). + Then(). + Expect(NoNamespace(namespace)). + When(). + AppSet("--dest-namespace", namespace). + Sync(). + Then(). + Expect(Success("")). + Expect(Namespace(namespace, func(app *Application, ns *v1.Namespace) { + //assert.NotEmpty(t, app.Status.Conditions) + + //trackingId := ns.Annotations["argocd.argoproj.io/tracking-id"] + + delete(ns.Labels, "kubernetes.io/metadata.name") + delete(ns.Labels, "argocd.argoproj.io/tracking-id") + delete(ns.Labels, "kubectl.kubernetes.io/last-applied-configuration") + delete(ns.Annotations, "argocd.argoproj.io/tracking-id") + delete(ns.Annotations, "kubectl.kubernetes.io/last-applied-configuration") + + //assert.Equal(t, fmt.Sprintf("%s:/Namespace:/%s/%s", AppNamespace(), namespace, namespace), trackingId) + + // The application namespace manifest takes precedence over what is in managedNamespaceMetadata + assert.Equal(t, map[string]string{"test": "true"}, ns.Labels) + assert.Equal(t, map[string]string{"foo": "bar", "something": "else"}, ns.Annotations) + })). + Expect(OperationPhaseIs(OperationSucceeded)).Expect(ResourceHealthWithNamespaceIs("Deployment", "guestbook-ui", namespace, health.HealthStatusHealthy)). + Expect(ResourceHealthWithNamespaceIs("Deployment", "guestbook-ui", namespace, health.HealthStatusHealthy)). + Expect(ResourceSyncStatusWithNamespaceIs("Deployment", "guestbook-ui", namespace, SyncStatusCodeSynced)) +} + +// Given application is set with --sync-option CreateNamespace=true +// +// application --dest-namespace exists +// +// Verify application --dest-namespace is updated with managedNamespaceMetadata labels and annotations +func TestNamespacedNamespaceAutoCreationWithPreexistingNs(t *testing.T) { + SkipOnEnv(t, "OPENSHIFT") + updatedNamespace := getNewNamespace(t) + defer func() { + if !t.Skipped() { + _, err := Run("", "kubectl", "delete", "namespace", updatedNamespace) + assert.NoError(t, err) + } + }() + + existingNs := ` +apiVersion: v1 +kind: Namespace +metadata: + name: %s + labels: + test: "true" + annotations: + something: "whatevs" +` + s := fmt.Sprintf(existingNs, updatedNamespace) + + tmpFile, err := os.CreateTemp("", "") + errors.CheckError(err) + _, err = tmpFile.Write([]byte(s)) + errors.CheckError(err) + + _, err = Run("", "kubectl", "apply", "-f", tmpFile.Name()) + assert.NoError(t, err) + + ctx := Given(t) + ctx. + SetAppNamespace(AppNamespace()). + SetTrackingMethod("annotation"). + Timeout(30). + Path("guestbook"). + When(). + CreateFromFile(func(app *Application) { + app.Spec.SyncPolicy = &SyncPolicy{ + SyncOptions: SyncOptions{"CreateNamespace=true"}, + ManagedNamespaceMetadata: &ManagedNamespaceMetadata{ + Labels: map[string]string{"foo": "bar"}, + Annotations: map[string]string{"bar": "bat"}, + }} + }). + Then(). + Expect(Namespace(updatedNamespace, func(app *Application, ns *v1.Namespace) { + assert.Empty(t, app.Status.Conditions) + + delete(ns.Labels, "kubernetes.io/metadata.name") + delete(ns.Annotations, "kubectl.kubernetes.io/last-applied-configuration") + + assert.Equal(t, map[string]string{"test": "true"}, ns.Labels) + assert.Equal(t, map[string]string{"something": "whatevs"}, ns.Annotations) + })). + When(). + AppSet("--dest-namespace", updatedNamespace). + Sync(). + Then(). + Expect(Success("")). + Expect(Namespace(updatedNamespace, func(app *Application, ns *v1.Namespace) { + trackingId := ns.Annotations["argocd.argoproj.io/tracking-id"] + + assert.Empty(t, app.Status.Conditions) + + delete(ns.Labels, "kubernetes.io/metadata.name") + delete(ns.Labels, "argocd.argoproj.io/tracking-id") + delete(ns.Annotations, "argocd.argoproj.io/tracking-id") + delete(ns.Annotations, "kubectl.kubernetes.io/last-applied-configuration") + + assert.Equal(t, fmt.Sprintf("%s:/Namespace:/%s", app.Name, updatedNamespace), trackingId) + + assert.Equal(t, map[string]string{"test": "true", "foo": "bar"}, ns.Labels) + assert.Equal(t, map[string]string{"argocd.argoproj.io/sync-options": "ServerSideApply=true", "something": "whatevs", "bar": "bat"}, ns.Annotations) + })). + When(). + And(func() { + FailOnErr(AppClientset.ArgoprojV1alpha1().Applications(AppNamespace()).Patch(context.Background(), + ctx.GetName(), types.JSONPatchType, []byte(`[{ "op": "add", "path": "/spec/syncPolicy/managedNamespaceMetadata/annotations/something", "value": "hmm" }]`), metav1.PatchOptions{})) + }). + Sync(). + Then(). + Expect(Success("")). + Expect(Namespace(updatedNamespace, func(app *Application, ns *v1.Namespace) { + trackingId := ns.Annotations["argocd.argoproj.io/tracking-id"] + + assert.Empty(t, app.Status.Conditions) + + delete(ns.Labels, "kubernetes.io/metadata.name") + delete(ns.Labels, "argocd.argoproj.io/tracking-id") + delete(ns.Annotations, "kubectl.kubernetes.io/last-applied-configuration") + delete(ns.Annotations, "argocd.argoproj.io/tracking-id") + + assert.Equal(t, fmt.Sprintf("%s:/Namespace:/%s", app.Name, updatedNamespace), trackingId) + + assert.Equal(t, map[string]string{"test": "true", "foo": "bar"}, ns.Labels) + assert.Equal(t, map[string]string{"argocd.argoproj.io/sync-options": "ServerSideApply=true", "something": "hmm", "bar": "bat"}, ns.Annotations) + assert.Equal(t, map[string]string{"something": "hmm", "bar": "bat"}, app.Spec.SyncPolicy.ManagedNamespaceMetadata.Annotations) + })). + When(). + And(func() { + FailOnErr(AppClientset.ArgoprojV1alpha1().Applications(AppNamespace()).Patch(context.Background(), + ctx.GetName(), types.JSONPatchType, []byte(`[{ "op": "remove", "path": "/spec/syncPolicy/managedNamespaceMetadata/annotations/something" }]`), metav1.PatchOptions{})) + }). + Sync(). + Then(). + Expect(Success("")). + Expect(Namespace(updatedNamespace, func(app *Application, ns *v1.Namespace) { + trackingId := ns.Annotations["argocd.argoproj.io/tracking-id"] + + assert.Empty(t, app.Status.Conditions) + + delete(ns.Labels, "kubernetes.io/metadata.name") + delete(ns.Labels, "argocd.argoproj.io/tracking-id") + delete(ns.Annotations, "kubectl.kubernetes.io/last-applied-configuration") + delete(ns.Annotations, "argocd.argoproj.io/tracking-id") + + assert.Equal(t, fmt.Sprintf("%s:/Namespace:/%s", app.Name, updatedNamespace), trackingId) + + assert.Equal(t, map[string]string{"test": "true", "foo": "bar"}, ns.Labels) + assert.Equal(t, map[string]string{"argocd.argoproj.io/sync-options": "ServerSideApply=true", "bar": "bat"}, ns.Annotations) + assert.Equal(t, map[string]string{"bar": "bat"}, app.Spec.SyncPolicy.ManagedNamespaceMetadata.Annotations) + })). + Expect(OperationPhaseIs(OperationSucceeded)).Expect(ResourceHealthWithNamespaceIs("Deployment", "guestbook-ui", updatedNamespace, health.HealthStatusHealthy)). + Expect(ResourceHealthWithNamespaceIs("Deployment", "guestbook-ui", updatedNamespace, health.HealthStatusHealthy)). + Expect(ResourceSyncStatusWithNamespaceIs("Deployment", "guestbook-ui", updatedNamespace, SyncStatusCodeSynced)) +} + func TestNamespacedFailedSyncWithRetry(t *testing.T) { Given(t). SetAppNamespace(AppNamespace()). diff --git a/test/e2e/fixture/app/expectation.go b/test/e2e/fixture/app/expectation.go index e06d2462461e7..14f978c84a402 100644 --- a/test/e2e/fixture/app/expectation.go +++ b/test/e2e/fixture/app/expectation.go @@ -87,6 +87,19 @@ func NoConditions() Expectation { } } +func Namespace(name string, block func(app *Application, ns *v1.Namespace)) Expectation { + return func(c *Consequences) (state, string) { + ns, err := namespace(name) + + if err != nil { + return failed, fmt.Sprintf("namespace not found %s", err.Error()) + } + + block(c.app(), ns) + return succeeded, fmt.Sprintf("namespace %s assertions passed", name) + } +} + func HealthIs(expected health.HealthStatusCode) Expectation { return func(c *Consequences) (state, string) { actual := c.app().Status.Health.Status @@ -218,6 +231,23 @@ func pods() (*v1.PodList, error) { return pods, err } +func NoNamespace(name string) Expectation { + return func(c *Consequences) (state, string) { + _, err := namespace(name) + + if err != nil { + return succeeded, "namespace not found" + } + + return failed, fmt.Sprintf("found namespace %s", name) + } +} + +func namespace(name string) (*v1.Namespace, error) { + fixture.KubeClientset.CoreV1() + return fixture.KubeClientset.CoreV1().Namespaces().Get(context.Background(), name, metav1.GetOptions{}) +} + func event(namespace string, reason string, message string) Expectation { return func(c *Consequences) (state, string) { list, err := fixture.KubeClientset.CoreV1().Events(namespace).List(context.Background(), metav1.ListOptions{ diff --git a/test/e2e/testdata/guestbook-with-namespace-manifest/guestbook-ui-deployment.yaml b/test/e2e/testdata/guestbook-with-namespace-manifest/guestbook-ui-deployment.yaml new file mode 100644 index 0000000000000..bf3375672f70c --- /dev/null +++ b/test/e2e/testdata/guestbook-with-namespace-manifest/guestbook-ui-deployment.yaml @@ -0,0 +1,23 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: guestbook-ui + labels: + test: "true" +spec: + replicas: 0 + revisionHistoryLimit: 3 + selector: + matchLabels: + app: guestbook-ui + template: + metadata: + labels: + app: guestbook-ui + spec: + containers: + - image: quay.io/argoprojlabs/argocd-e2e-container:0.2 + imagePullPolicy: IfNotPresent + name: guestbook-ui + ports: + - containerPort: 80 diff --git a/test/e2e/testdata/guestbook-with-namespace-manifest/guestbook-ui-namespace.yaml b/test/e2e/testdata/guestbook-with-namespace-manifest/guestbook-ui-namespace.yaml new file mode 100644 index 0000000000000..ceda849716ccb --- /dev/null +++ b/test/e2e/testdata/guestbook-with-namespace-manifest/guestbook-ui-namespace.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: guestbook-ui-with-namespace-manifest + labels: + test: "true" + annotations: + foo: bar + something: else diff --git a/test/e2e/testdata/guestbook-with-namespace-manifest/guestbook-ui-svc.yaml b/test/e2e/testdata/guestbook-with-namespace-manifest/guestbook-ui-svc.yaml new file mode 100644 index 0000000000000..e8a4a27fbae40 --- /dev/null +++ b/test/e2e/testdata/guestbook-with-namespace-manifest/guestbook-ui-svc.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Service +metadata: + name: guestbook-ui +spec: + ports: + - port: 80 + targetPort: 80 + selector: + app: guestbook-ui diff --git a/test/e2e/testdata/guestbook-with-namespace-manifest/kustomization.yaml b/test/e2e/testdata/guestbook-with-namespace-manifest/kustomization.yaml new file mode 100644 index 0000000000000..2fc095b980adb --- /dev/null +++ b/test/e2e/testdata/guestbook-with-namespace-manifest/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ./guestbook-ui-namespace.yaml + - ./guestbook-ui-deployment.yaml + - ./guestbook-ui-svc.yaml From 826d59b296f84da74c38e4f56d747925d56f49f5 Mon Sep 17 00:00:00 2001 From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Date: Fri, 4 Nov 2022 09:02:25 -0400 Subject: [PATCH 025/304] docs: add Dockerfile example for plugin (#11130) Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: emirot --- docs/user-guide/config-management-plugins.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docs/user-guide/config-management-plugins.md b/docs/user-guide/config-management-plugins.md index dc9a11e6a6f6a..1aaafadfb4fec 100644 --- a/docs/user-guide/config-management-plugins.md +++ b/docs/user-guide/config-management-plugins.md @@ -98,6 +98,11 @@ Argo CD expects the plugin configuration file to be located at `/home/argocd/cmp If you use a custom image for the sidecar, you can add the file directly to that image. +```dockerfile +WORKDIR /home/argocd/cmp-server/config/ +COPY plugin.yaml ./ +``` + If you use a stock image for the sidecar or would rather maintain the plugin configuration in a ConfigMap, just nest the plugin config file in a ConfigMap under the `plugin.yaml` key. From 44c415b2ed34247a13c5478355a529e4c4029cd8 Mon Sep 17 00:00:00 2001 From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Date: Fri, 4 Nov 2022 09:03:25 -0400 Subject: [PATCH 026/304] docs: document metadata access for go-templated cluster generator (#10929) Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: emirot --- docs/operator-manual/applicationset/GoTemplate.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/docs/operator-manual/applicationset/GoTemplate.md b/docs/operator-manual/applicationset/GoTemplate.md index 6d441781eb802..8f677c1435570 100644 --- a/docs/operator-manual/applicationset/GoTemplate.md +++ b/docs/operator-manual/applicationset/GoTemplate.md @@ -74,6 +74,13 @@ All your templates must replace parameters with GoTemplate Syntax: Example: `{{ some.value }}` becomes `{{ .some.value }}` +### Cluster Generators + +By activating Go Templating, `{{ .metadata }}` becomes an object. + +- `{{ metadata.labels.my-label }}` becomes `{{ index .metadata.labels "my-label" }}` +- `{{ metadata.annotations.my/annotation }}` becomes `{{ index .metadata.annotations "my/annotation" }}` + ### Git Generators By activating Go Templating, `{{ .path }}` becomes an object. Therefore, some changes must be made to the Git From 74e2972a48e50151e79838f3401b5ef11c782250 Mon Sep 17 00:00:00 2001 From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Date: Fri, 4 Nov 2022 10:10:53 -0400 Subject: [PATCH 027/304] docs: debugging CMPs (#11142) Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: emirot --- docs/user-guide/config-management-plugins.md | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/docs/user-guide/config-management-plugins.md b/docs/user-guide/config-management-plugins.md index 1aaafadfb4fec..ba115fdab6b63 100644 --- a/docs/user-guide/config-management-plugins.md +++ b/docs/user-guide/config-management-plugins.md @@ -241,12 +241,24 @@ If you don't need to set any environment variables, you can set an empty plugin Each CMP command will also independently timeout on the `ARGOCD_EXEC_TIMEOUT` set for the CMP sidecar. The default is 90s. So if you increase the repo server timeout greater than 90s, be sure to set `ARGOCD_EXEC_TIMEOUT` on the sidecar. - + !!! note Each Application can only have one config management plugin configured at a time. If you're converting an existing plugin configured through the `argocd-cm` ConfigMap to a sidecar, make sure the discovery mechanism only returns true for Applications that have had their `name` field in the `plugin` section of their spec removed. +## Debugging a CMP + +If you are actively developing a sidecar-installed CMP, keep a few things in mind: + +1) If you are mounting plugin.yaml from a ConfigMap, you will have to restart the repo-server Pod so the plugin will + pick up the changes. +2) If you have baked plugin.yaml into your image, you will have to build, push, and force a re-pull of that image on the + repo-server Pod so the plugin will pick up the changes. If you are using `:latest`, the Pod will always pull the new + image. If you're using a different, static tag, set `imagePullPolicy: Always` on the CMP's sidecar container. +3) CMP errors are cached by the repo-server in Redis. Restarting the repo-server Pod will not clear the cache. Always + do a "Hard Refresh" when actively developing a CMP so you have the latest output. + ## Plugin tar stream exclusions In order to increase the speed of manifest generation, certain files and folders can be excluded from being sent to your From e25059d0a4fb562afc94ccf3a576b0ec8a805801 Mon Sep 17 00:00:00 2001 From: Abhishek Veeramalla Date: Fri, 4 Nov 2022 22:27:35 +0530 Subject: [PATCH 028/304] feat: Add new admin command to print Argo CD initial password (11117) (#11155) * feat: Add new admin command to print Argo CD initial password (11117) Signed-off-by: iam-veeramalla * fix failing CI Signed-off-by: iam-veeramalla * fix failing CI Signed-off-by: iam-veeramalla * fix failing CI Signed-off-by: iam-veeramalla * fix failing CI Signed-off-by: iam-veeramalla * fix failing CI Signed-off-by: iam-veeramalla * Update docs/getting_started.md Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * Update cmd/argocd/commands/admin/initial_password.go Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * Update docs/user-guide/commands/argocd_admin_initial-password.md Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: iam-veeramalla Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: emirot --- cmd/argocd/commands/admin/admin.go | 1 + cmd/argocd/commands/admin/initial_password.go | 46 +++++++++++++++ docs/getting_started.md | 4 +- docs/user-guide/commands/argocd_admin.md | 1 + .../commands/argocd_admin_initial-password.md | 59 +++++++++++++++++++ 5 files changed, 109 insertions(+), 2 deletions(-) create mode 100644 cmd/argocd/commands/admin/initial_password.go create mode 100644 docs/user-guide/commands/argocd_admin_initial-password.md diff --git a/cmd/argocd/commands/admin/admin.go b/cmd/argocd/commands/admin/admin.go index d7d27c0c62d7f..90bbe7e65241e 100644 --- a/cmd/argocd/commands/admin/admin.go +++ b/cmd/argocd/commands/admin/admin.go @@ -56,6 +56,7 @@ func NewAdminCommand() *cobra.Command { command.AddCommand(NewExportCommand()) command.AddCommand(NewDashboardCommand()) command.AddCommand(NewNotificationsCommand()) + command.AddCommand(NewInitialPasswordCommand()) command.Flags().StringVar(&cmdutil.LogFormat, "logformat", "text", "Set the logging format. One of: text|json") command.Flags().StringVar(&cmdutil.LogLevel, "loglevel", "info", "Set the logging level. One of: debug|info|warn|error") diff --git a/cmd/argocd/commands/admin/initial_password.go b/cmd/argocd/commands/admin/initial_password.go new file mode 100644 index 0000000000000..a130ee875ae60 --- /dev/null +++ b/cmd/argocd/commands/admin/initial_password.go @@ -0,0 +1,46 @@ +package admin + +import ( + "context" + "fmt" + + "github.com/spf13/cobra" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/kubernetes" + "k8s.io/client-go/tools/clientcmd" + + "github.com/argoproj/argo-cd/v2/util/cli" + "github.com/argoproj/argo-cd/v2/util/errors" +) + +const initialPasswordSecretName = "argocd-initial-admin-secret" + +// NewInitialPasswordCommand defines a new command to retrieve Argo CD initial password. +func NewInitialPasswordCommand() *cobra.Command { + var ( + clientConfig clientcmd.ClientConfig + ) + var command = cobra.Command{ + Use: "initial-password", + Short: "Prints initial password to log in to Argo CD for the first time", + Run: func(c *cobra.Command, args []string) { + + config, err := clientConfig.ClientConfig() + errors.CheckError(err) + namespace, _, err := clientConfig.Namespace() + errors.CheckError(err) + + kubeClientset := kubernetes.NewForConfigOrDie(config) + secret, err := kubeClientset.CoreV1().Secrets(namespace).Get(context.Background(), initialPasswordSecretName, v1.GetOptions{}) + errors.CheckError(err) + + if initialPass, ok := secret.Data["password"]; ok { + fmt.Println(string(initialPass)) + fmt.Println("\n This password must be only used for first time login. We strongly recommend you update the password using `argocd account update-password`.") + } + }, + } + clientConfig = cli.AddKubectlFlagsToCmd(&command) + + return &command +} diff --git a/docs/getting_started.md b/docs/getting_started.md index 585fa2f6eeb47..f931bb49494fa 100644 --- a/docs/getting_started.md +++ b/docs/getting_started.md @@ -78,10 +78,10 @@ The API server can then be accessed using https://localhost:8080 The initial password for the `admin` account is auto-generated and stored as clear text in the field `password` in a secret named `argocd-initial-admin-secret` in your Argo CD installation namespace. You can simply retrieve this password -using `kubectl`: +using the `argocd` CLI: ```bash -kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d; echo +argocd admin initial-password ``` !!! warning diff --git a/docs/user-guide/commands/argocd_admin.md b/docs/user-guide/commands/argocd_admin.md index 4d387884b7f54..a6d28e084d18a 100644 --- a/docs/user-guide/commands/argocd_admin.md +++ b/docs/user-guide/commands/argocd_admin.md @@ -43,6 +43,7 @@ argocd admin [flags] * [argocd admin dashboard](argocd_admin_dashboard.md) - Starts Argo CD Web UI locally * [argocd admin export](argocd_admin_export.md) - Export all Argo CD data to stdout (default) or a file * [argocd admin import](argocd_admin_import.md) - Import Argo CD data from stdin (specify `-') or a file +* [argocd admin initial-password](argocd_admin_initial-password.md) - Prints initial password to log in to Argo CD for the first time * [argocd admin notifications](argocd_admin_notifications.md) - Set of CLI commands that helps manage notifications settings * [argocd admin proj](argocd_admin_proj.md) - Manage projects configuration * [argocd admin repo](argocd_admin_repo.md) - Manage repositories configuration diff --git a/docs/user-guide/commands/argocd_admin_initial-password.md b/docs/user-guide/commands/argocd_admin_initial-password.md new file mode 100644 index 0000000000000..4f938f5f9ce02 --- /dev/null +++ b/docs/user-guide/commands/argocd_admin_initial-password.md @@ -0,0 +1,59 @@ +## argocd admin initial-password + +Prints initial password to log in to Argo CD for the first time + +``` +argocd admin initial-password [flags] +``` + +### Options + +``` + --as string Username to impersonate for the operation + --as-group stringArray Group to impersonate for the operation, this flag can be repeated to specify multiple groups. + --as-uid string UID to impersonate for the operation + --certificate-authority string Path to a cert file for the certificate authority + --client-certificate string Path to a client certificate file for TLS + --client-key string Path to a client key file for TLS + --cluster string The name of the kubeconfig cluster to use + --context string The name of the kubeconfig context to use + -h, --help help for initial-password + --insecure-skip-tls-verify If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure + --kubeconfig string Path to a kube config. Only required if out-of-cluster + -n, --namespace string If present, the namespace scope for this CLI request + --password string Password for basic authentication to the API server + --proxy-url string If provided, this URL will be used to connect via proxy + --request-timeout string The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. (default "0") + --tls-server-name string If provided, this name will be used to validate server certificate. If this is not provided, hostname used to contact the server is used. + --token string Bearer token for authentication to the API server + --user string The name of the kubeconfig user to use + --username string Username for basic authentication to the API server +``` + +### Options inherited from parent commands + +``` + --auth-token string Authentication token + --client-crt string Client certificate file + --client-crt-key string Client certificate key file + --config string Path to Argo CD config (default "/home/user/.config/argocd/config") + --core If set to true then CLI talks directly to Kubernetes instead of talking to Argo CD API server + --grpc-web Enables gRPC-web protocol. Useful if Argo CD server is behind proxy which does not support HTTP2. + --grpc-web-root-path string Enables gRPC-web protocol. Useful if Argo CD server is behind proxy which does not support HTTP2. Set web root. + -H, --header strings Sets additional header to all requests made by Argo CD CLI. (Can be repeated multiple times to add multiple headers, also supports comma separated headers) + --http-retry-max int Maximum number of retries to establish http connection to Argo CD server + --insecure Skip server certificate and domain verification + --kube-context string Directs the command to the given kube-context + --logformat string Set the logging format. One of: text|json (default "text") + --loglevel string Set the logging level. One of: debug|info|warn|error (default "info") + --plaintext Disable TLS + --port-forward Connect to a random argocd-server port using port forwarding + --port-forward-namespace string Namespace name which should be used for port forwarding + --server string Argo CD server address + --server-crt string Server certificate file +``` + +### SEE ALSO + +* [argocd admin](argocd_admin.md) - Contains a set of commands useful for Argo CD administrators and requires direct Kubernetes access + From dd5158c0f1ce5a335f44dd0b16461c3a0c3ea4cb Mon Sep 17 00:00:00 2001 From: Chris Lewis Date: Fri, 4 Nov 2022 18:21:27 -0600 Subject: [PATCH 029/304] docs: Add Contributor's Quickstart Page (#11108) * First Draft * Update docs/contributors_quickstart.md Co-authored-by: ChanJong Na Signed-off-by: ctlewis * Update docs/contributors_quickstart.md Co-authored-by: Dan Garfield Signed-off-by: ctlewis * Update docs/contributors_quickstart.md Co-authored-by: Moshe Shitrit Signed-off-by: ctlewis * Update docs/contributors_quickstart.md Co-authored-by: Jason Poley Signed-off-by: ctlewis * Update docs/contributors_quickstart.md Co-authored-by: Moshe Shitrit Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * Update docs/contributors_quickstart.md Co-authored-by: Garima Negi Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * tweaks Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * undo temporary change Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * Add sign off Signed-off-by: Chris Lewis * Update docs/developer-guide/contributors-quickstart.md Co-authored-by: Angela Wilson <84730053+awilson-payit@users.noreply.github.com> Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * Update docs/developer-guide/contributors-quickstart.md Co-authored-by: Andre Marcelo-Tanner Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: ctlewis Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: Chris Lewis Co-authored-by: Chris Lewis Co-authored-by: ChanJong Na Co-authored-by: Dan Garfield Co-authored-by: Moshe Shitrit Co-authored-by: Jason Poley Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Co-authored-by: Garima Negi Co-authored-by: Angela Wilson <84730053+awilson-payit@users.noreply.github.com> Co-authored-by: Andre Marcelo-Tanner Signed-off-by: emirot --- .../contributors-quickstart.md | 112 ++++++++++++++++++ mkdocs.yml | 1 + 2 files changed, 113 insertions(+) create mode 100644 docs/developer-guide/contributors-quickstart.md diff --git a/docs/developer-guide/contributors-quickstart.md b/docs/developer-guide/contributors-quickstart.md new file mode 100644 index 0000000000000..821fc36f3eabd --- /dev/null +++ b/docs/developer-guide/contributors-quickstart.md @@ -0,0 +1,112 @@ +# Contributors Quick-Start + +This guide is a starting point for first-time contributors running Argo CD locally for the first time. + +It skips advanced topics such as codegen, which are covered in the [running locally guide](running-locally.md) +and the [toolchain guide](toolchain-guide.md). + +## Getting Started + +### Install Go + +- Install version 1.18 or newer (Verify version by running `go version`) + +- Get current value of `GOPATH` env: + ```shell + go env | grep path + ``` +- Change directory into that path + ```shell + cd + ``` + +### Clone the Argo CD repo + +```shell +mkdir -p src/github.com/argoproj/ && +cd src/github.com/argoproj && +git clone https://github.com/argoproj/argo-cd.git +``` + +### Install Docker + + + +### Install or Upgrade `kind` (Optional - Should work with any local cluster) + + + +### Start Your Local Cluster + +```shell +kind create cluster +``` + +### Install Argo CD + +```shell +kubectl create namespace argocd && +kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/master/manifests/install.yaml +``` + +Set kubectl config to avoid specifying the namespace in every kubectl command. +All following commands in this guide assume the namespace is already set. + +```shell +kubectl config set-context --current --namespace=argocd +``` + +### Install `yarn` + + + +### Install `goreman` + + + +### Run Argo CD + +```shell +cd argo-cd +make start-local ARGOCD_GPG_ENABLED=false +``` + +- Navigate to to the ArgoCD UI on browser +- It may take a few minutes for the UI to be responsive + +!!! note + If the UI is not working, check the logs from `make start-local`. The logs are `DEBUG` level by default. If the logs are + too noisy to find the problem, try editing log levels for the commands in the `Procfile` in the root of the Argo CD repo. + +## Making Changes + +### UI Changes + +Modifying the User-Interface (by editing .tsx or .scss files) auto-reloads the changes on port 4000. + +### Backend Changes + +Modifying the API server, repo server, or a controller requires restarting the current `make start-local` session to reflect the changes. + +### CLI Changes + +Modifying the CLI requires restarting the current `make start-local` session to reflect the changes. + +To test most CLI commands, you will need to log in. + +First, get the auto-generated secret: + +```shell +kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d; echo +``` + +Then log in using that password and username `admin`: + +```shell +dist/argocd login localhost:8080 +``` + +--- +Congrats on making it to the end of this runbook! 🚀 + +For more on Argo CD, find us in Slack - [#argo-contributors](https://cloud-native.slack.com/archives/C020XM04CUW) diff --git a/mkdocs.yml b/mkdocs.yml index 35116f848eb77..053fa6370e07e 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -158,6 +158,7 @@ nav: - developer-guide/index.md - Code Contribution Guide: developer-guide/code-contributions.md - Toolchain Guide: developer-guide/toolchain-guide.md + - developer-guide/contributors-quickstart.md - developer-guide/release-process-and-cadence.md - developer-guide/running-locally.md - developer-guide/debugging-remote-environment.md From 412282b3531a06358445e5eb64d1ed3257f36f01 Mon Sep 17 00:00:00 2001 From: d3adb5 Date: Mon, 7 Nov 2022 09:47:25 -0300 Subject: [PATCH 030/304] chore: add Objective to USERS.md (#11202) Signed-off-by: d3adb5 Signed-off-by: d3adb5 Signed-off-by: emirot --- USERS.md | 1 + 1 file changed, 1 insertion(+) diff --git a/USERS.md b/USERS.md index 644494d5b46cd..c017a16020359 100644 --- a/USERS.md +++ b/USERS.md @@ -144,6 +144,7 @@ Currently, the following organizations are **officially** using Argo CD: 1. [Nextdoor](https://nextdoor.com/) 1. [Nikkei](https://www.nikkei.co.jp/nikkeiinfo/en/) 1. [Nitro](https://gonitro.com) +1. [Objective](https://www.objective.com.br/) 1. [OCCMundial](https://occ.com.mx) 1. [Octadesk](https://octadesk.com) 1. [omegaUp](https://omegaUp.com) From 2f8cd984c56b8e03081c28ae1b8353b4c27d4e50 Mon Sep 17 00:00:00 2001 From: Nolan Emirot Date: Mon, 7 Nov 2022 04:52:46 -0800 Subject: [PATCH 031/304] docs: fix typo in declarative-setup.md (#11190) * fix: typo Signed-off-by: emirot * chore: fix typo Signed-off-by: emirot Signed-off-by: emirot --- docs/operator-manual/declarative-setup.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/operator-manual/declarative-setup.md b/docs/operator-manual/declarative-setup.md index 6e339f58d8062..e2ac17f6dd3dc 100644 --- a/docs/operator-manual/declarative-setup.md +++ b/docs/operator-manual/declarative-setup.md @@ -178,7 +178,7 @@ Consider using [bitnami-labs/sealed-secrets](https://github.com/bitnami-labs/sea Each repository must have a `url` field and, depending on whether you connect using HTTPS, SSH, or GitHub App, `username` and `password` (for HTTPS), `sshPrivateKey` (for SSH), or `githubAppPrivateKey` (for GitHub App). !!!warning - When using [bitnami-labs/sealed-secrets](https://github.com/bitnami-labs/sealed-secrets) the labels will be removed and have to be readded as descibed here: https://github.com/bitnami-labs/sealed-secrets#sealedsecrets-as-templates-for-secrets + When using [bitnami-labs/sealed-secrets](https://github.com/bitnami-labs/sealed-secrets) the labels will be removed and have to be readded as described here: https://github.com/bitnami-labs/sealed-secrets#sealedsecrets-as-templates-for-secrets Example for HTTPS: From 612d97dfe77de5268a0f7413694c46570749de9d Mon Sep 17 00:00:00 2001 From: my-git9 Date: Mon, 7 Nov 2022 20:54:44 +0800 Subject: [PATCH 032/304] chore: beta.kubernetes.io/arch has been deprecated in 1.14 (#11016) Signed-off-by: xin.li Signed-off-by: xin.li Signed-off-by: emirot --- util/helm/testdata/redis/README.md | 2 +- util/helm/testdata/redis/values-production.yaml | 6 +++--- util/helm/testdata/redis/values.yaml | 6 +++--- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/util/helm/testdata/redis/README.md b/util/helm/testdata/redis/README.md index 8338b6f96b14d..a17fb83b2e619 100644 --- a/util/helm/testdata/redis/README.md +++ b/util/helm/testdata/redis/README.md @@ -94,7 +94,7 @@ The following table lists the configurable parameters of the Redis chart and the | `master.args` | Redis master command-line args | [] | | `master.disableCommands` | Comma-separated list of Redis commands to disable (master) | `FLUSHDB,FLUSHALL` | | `master.extraFlags` | Redis master additional command line flags | [] | -| `master.nodeSelector` | Redis master Node labels for pod assignment | {"beta.kubernetes.io/arch": "amd64"} | +| `master.nodeSelector` | Redis master Node labels for pod assignment | {"kubernetes.io/arch": "amd64"} | | `master.tolerations` | Toleration labels for Redis master pod assignment | [] | | `master.affinity ` | Affinity settings for Redis master pod assignment | [] | | `master.schedulerName` | Name of an alternate scheduler | `nil` | diff --git a/util/helm/testdata/redis/values-production.yaml b/util/helm/testdata/redis/values-production.yaml index 49a09b81dcad4..07a108153380c 100644 --- a/util/helm/testdata/redis/values-production.yaml +++ b/util/helm/testdata/redis/values-production.yaml @@ -41,7 +41,7 @@ metrics: # pullSecrets: # - myRegistrKeySecretName ## Metrics exporter labels and tolerations for pod assignment - # nodeSelector: {"beta.kubernetes.io/arch": "amd64"} + # nodeSelector: {"kubernetes.io/arch": "amd64"} # tolerations: [] ## Metrics exporter pod Annotation and Labels # podLabels: {} @@ -128,7 +128,7 @@ master: ## Redis Master Node labels and tolerations for pod assignment ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature - # nodeSelector: {"beta.kubernetes.io/arch": "amd64"} + # nodeSelector: {"kubernetes.io/arch": "amd64"} # tolerations: [] ## Redis Master pod annotations podAnnotations: {} @@ -243,7 +243,7 @@ slave: # cpu: 100m ## Redis slave labels and tolerations for pod assignment - # nodeSelector: {"beta.kubernetes.io/arch": "amd64"} + # nodeSelector: {"kubernetes.io/arch": "amd64"} # tolerations: [] ## Redis slave pod Annotation and Labels diff --git a/util/helm/testdata/redis/values.yaml b/util/helm/testdata/redis/values.yaml index 7e0b44c83165b..9ec7bce636ad1 100644 --- a/util/helm/testdata/redis/values.yaml +++ b/util/helm/testdata/redis/values.yaml @@ -46,7 +46,7 @@ metrics: # - myRegistrKeySecretName ## Metrics exporter labels and tolerations for pod assignment - # nodeSelector: {"beta.kubernetes.io/arch": "amd64"} + # nodeSelector: {"kubernetes.io/arch": "amd64"} # tolerations: [] ## Metrics exporter pod Annotation and Labels @@ -170,7 +170,7 @@ master: ## Redis Master Node labels and tolerations for pod assignment ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature - # nodeSelector: {"beta.kubernetes.io/arch": "amd64"} + # nodeSelector: {"kubernetes.io/arch": "amd64"} # tolerations: [] ## Redis Master pod/node affinity/anti-affinity affinity: {} @@ -286,7 +286,7 @@ slave: # cpu: 100m ## Redis slave labels and tolerations for pod assignment - # nodeSelector: {"beta.kubernetes.io/arch": "amd64"} + # nodeSelector: {"kubernetes.io/arch": "amd64"} # tolerations: [] ## Use an alternate scheduler, e.g. "stork". From 07445b6869669643ba03a857012ca5bb8f2fba8e Mon Sep 17 00:00:00 2001 From: Lukas Grossar Date: Mon, 7 Nov 2022 13:55:32 +0100 Subject: [PATCH 033/304] docs(user-guide): update link to Helm hooks documentation (#11045) Signed-off-by: Lukas Grossar Signed-off-by: Lukas Grossar Signed-off-by: emirot --- docs/user-guide/helm.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/user-guide/helm.md b/docs/user-guide/helm.md index 0f5935e48babf..b75cebc43078f 100644 --- a/docs/user-guide/helm.md +++ b/docs/user-guide/helm.md @@ -128,7 +128,7 @@ Unsupported hooks are ignored. In Argo CD, hooks are created by using `kubectl a * Annotate `pre-install` and `post-install` with `hook-weight: "-1"`. This will make sure it runs to success before any upgrade hooks. * Annotate `pre-upgrade` and `post-upgrade` with `hook-delete-policy: before-hook-creation` to make sure it runs on every sync. -Read more about [Argo hooks](resource_hooks.md) and [Helm hooks](https://github.com/helm/helm/blob/dev-v2/docs/charts_hooks.md). +Read more about [Argo hooks](resource_hooks.md) and [Helm hooks](https://helm.sh/docs/topics/charts_hooks/). ## Random Data From 832d736a686aaf4041abfc5809c50596f655c1ed Mon Sep 17 00:00:00 2001 From: Roee Landesman <100310202+roee-landesman@users.noreply.github.com> Date: Mon, 7 Nov 2022 04:57:51 -0800 Subject: [PATCH 034/304] chore: Add Envoy to Users list (#11169) Signed-off-by: Roee Landesman Signed-off-by: Roee Landesman Signed-off-by: emirot --- USERS.md | 1 + 1 file changed, 1 insertion(+) diff --git a/USERS.md b/USERS.md index c017a16020359..5971da34fbdac 100644 --- a/USERS.md +++ b/USERS.md @@ -67,6 +67,7 @@ Currently, the following organizations are **officially** using Argo CD: 1. [END.](https://www.endclothing.com/) 1. [Energisme](https://energisme.com/) 1. [enigmo](https://enigmo.co.jp/) +1. [Envoy](https://envoy.com/) 1. [Faro](https://www.faro.com/) 1. [Fave](https://myfave.com) 1. [Flip](https://flip.id) From 49d36db1c105bacbc3a5097ea9ddeb7469910ce7 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 7 Nov 2022 13:50:24 -0500 Subject: [PATCH 035/304] [Bot] Update Snyk reports (#11205) Signed-off-by: CI Signed-off-by: CI Co-authored-by: CI Signed-off-by: emirot --- docs/snyk/index.md | 8 +- docs/snyk/master/argocd-iac-install.html | 54 +-- .../master/argocd-iac-namespace-install.html | 2 +- docs/snyk/master/argocd-test.html | 2 +- ...ghcr.io_dexidp_dex_v2.35.3-distroless.html | 2 +- docs/snyk/master/haproxy_2.6.2-alpine.html | 2 +- .../quay.io_argoproj_argocd_latest.html | 310 +++++++++++++++++- docs/snyk/master/redis_7.0.5-alpine.html | 2 +- docs/snyk/v2.3.11/argocd-iac-install.html | 2 +- .../v2.3.11/argocd-iac-namespace-install.html | 2 +- docs/snyk/v2.3.11/argocd-test.html | 2 +- ...ghcr.io_dexidp_dex_v2.35.3-distroless.html | 2 +- docs/snyk/v2.3.11/haproxy_2.0.29-alpine.html | 2 +- ...argoproj_argocd-applicationset_v0.4.1.html | 3 +- .../quay.io_argoproj_argocd_v2.3.11.html | 310 +++++++++++++++++- docs/snyk/v2.3.11/redis_6.2.7-alpine.html | 2 +- docs/snyk/v2.4.16/argocd-iac-install.html | 2 +- .../v2.4.16/argocd-iac-namespace-install.html | 2 +- docs/snyk/v2.4.16/argocd-test.html | 2 +- ...ghcr.io_dexidp_dex_v2.35.3-distroless.html | 2 +- docs/snyk/v2.4.16/haproxy_2.0.29-alpine.html | 2 +- .../quay.io_argoproj_argocd_v2.4.16.html | 310 +++++++++++++++++- docs/snyk/v2.4.16/redis_7.0.4-alpine.html | 2 +- docs/snyk/v2.5.1/argocd-iac-install.html | 2 +- .../v2.5.1/argocd-iac-namespace-install.html | 2 +- docs/snyk/v2.5.1/argocd-test.html | 2 +- ...ghcr.io_dexidp_dex_v2.35.3-distroless.html | 2 +- docs/snyk/v2.5.1/haproxy_2.6.2-alpine.html | 2 +- .../quay.io_argoproj_argocd_v2.5.1.html | 310 +++++++++++++++++- docs/snyk/v2.5.1/redis_7.0.5-alpine.html | 2 +- 30 files changed, 1280 insertions(+), 71 deletions(-) diff --git a/docs/snyk/index.md b/docs/snyk/index.md index ca1840a1f8e28..c44697e6dd7d8 100644 --- a/docs/snyk/index.md +++ b/docs/snyk/index.md @@ -17,7 +17,7 @@ recent minor releases. | [ui/yarn.lock](master/argocd-test.html) | 0 | 0 | 3 | 0 | | [dex:v2.35.3-distroless](master/ghcr.io_dexidp_dex_v2.35.3-distroless.html) | 0 | 0 | 0 | 0 | | [haproxy:2.6.2-alpine](master/haproxy_2.6.2-alpine.html) | 0 | 0 | 0 | 0 | -| [argocd:latest](master/quay.io_argoproj_argocd_latest.html) | 0 | 0 | 1 | 12 | +| [argocd:latest](master/quay.io_argoproj_argocd_latest.html) | 0 | 0 | 4 | 12 | | [redis:7.0.5-alpine](master/redis_7.0.5-alpine.html) | 0 | 0 | 0 | 0 | | [install.yaml](master/argocd-iac-install.html) | - | - | - | - | | [namespace-install.yaml](master/argocd-iac-namespace-install.html) | - | - | - | - | @@ -30,7 +30,7 @@ recent minor releases. | [ui/yarn.lock](v2.5.1/argocd-test.html) | 0 | 0 | 3 | 0 | | [dex:v2.35.3-distroless](v2.5.1/ghcr.io_dexidp_dex_v2.35.3-distroless.html) | 0 | 0 | 0 | 0 | | [haproxy:2.6.2-alpine](v2.5.1/haproxy_2.6.2-alpine.html) | 0 | 0 | 0 | 0 | -| [argocd:v2.5.1](v2.5.1/quay.io_argoproj_argocd_v2.5.1.html) | 0 | 0 | 1 | 12 | +| [argocd:v2.5.1](v2.5.1/quay.io_argoproj_argocd_v2.5.1.html) | 0 | 0 | 4 | 12 | | [redis:7.0.5-alpine](v2.5.1/redis_7.0.5-alpine.html) | 0 | 0 | 0 | 0 | | [install.yaml](v2.5.1/argocd-iac-install.html) | - | - | - | - | | [namespace-install.yaml](v2.5.1/argocd-iac-namespace-install.html) | - | - | - | - | @@ -43,7 +43,7 @@ recent minor releases. | [ui/yarn.lock](v2.4.16/argocd-test.html) | 0 | 0 | 3 | 0 | | [dex:v2.35.3-distroless](v2.4.16/ghcr.io_dexidp_dex_v2.35.3-distroless.html) | 0 | 0 | 0 | 0 | | [haproxy:2.0.29-alpine](v2.4.16/haproxy_2.0.29-alpine.html) | 0 | 0 | 0 | 0 | -| [argocd:v2.4.16](v2.4.16/quay.io_argoproj_argocd_v2.4.16.html) | 0 | 0 | 1 | 12 | +| [argocd:v2.4.16](v2.4.16/quay.io_argoproj_argocd_v2.4.16.html) | 0 | 0 | 4 | 12 | | [redis:7.0.4-alpine](v2.4.16/redis_7.0.4-alpine.html) | 0 | 0 | 0 | 0 | | [install.yaml](v2.4.16/argocd-iac-install.html) | - | - | - | - | | [namespace-install.yaml](v2.4.16/argocd-iac-namespace-install.html) | - | - | - | - | @@ -57,7 +57,7 @@ recent minor releases. | [dex:v2.35.3-distroless](v2.3.11/ghcr.io_dexidp_dex_v2.35.3-distroless.html) | 0 | 0 | 0 | 0 | | [haproxy:2.0.29-alpine](v2.3.11/haproxy_2.0.29-alpine.html) | 0 | 0 | 0 | 0 | | [argocd-applicationset:v0.4.1](v2.3.11/quay.io_argoproj_argocd-applicationset_v0.4.1.html) | 0 | 4 | 38 | 29 | -| [argocd:v2.3.11](v2.3.11/quay.io_argoproj_argocd_v2.3.11.html) | 0 | 0 | 1 | 12 | +| [argocd:v2.3.11](v2.3.11/quay.io_argoproj_argocd_v2.3.11.html) | 0 | 0 | 4 | 12 | | [redis:6.2.7-alpine](v2.3.11/redis_6.2.7-alpine.html) | 0 | 0 | 0 | 0 | | [install.yaml](v2.3.11/argocd-iac-install.html) | - | - | - | - | | [namespace-install.yaml](v2.3.11/argocd-iac-namespace-install.html) | - | - | - | - | diff --git a/docs/snyk/master/argocd-iac-install.html b/docs/snyk/master/argocd-iac-install.html index 317abc7e73f45..8043933e133dd 100644 --- a/docs/snyk/master/argocd-iac-install.html +++ b/docs/snyk/master/argocd-iac-install.html @@ -456,7 +456,7 @@

      Snyk test report

      -

      November 2nd 2022, 12:48:46 pm

      +

      November 6th 2022, 12:20:07 am

      Scanned the following path: @@ -783,7 +783,7 @@

      Container could be running with outdated image

    • - Line number: 10481 + Line number: 10725
    @@ -841,7 +841,7 @@

    Container has no CPU limit

  • - Line number: 9950 + Line number: 10194
    • @@ -899,7 +899,7 @@

    Container has no CPU limit

  • - Line number: 10117 + Line number: 10361
    • @@ -957,7 +957,7 @@

    Container has no CPU limit

  • - Line number: 10083 + Line number: 10327
    • @@ -1015,7 +1015,7 @@

    Container has no CPU limit

  • - Line number: 10173 + Line number: 10417
    • @@ -1073,7 +1073,7 @@

    Container has no CPU limit

  • - Line number: 10247 + Line number: 10491
    • @@ -1131,7 +1131,7 @@

    Container has no CPU limit

  • - Line number: 10481 + Line number: 10725
    • @@ -1189,7 +1189,7 @@

    Container has no CPU limit

  • - Line number: 10303 + Line number: 10547
    • @@ -1247,7 +1247,7 @@

    Container has no CPU limit

  • - Line number: 10566 + Line number: 10810
    • @@ -1305,7 +1305,7 @@

    Container has no CPU limit

  • - Line number: 10864 + Line number: 11108
    • @@ -1357,7 +1357,7 @@

    Container is running with multiple open ports

  • - Line number: 10097 + Line number: 10341
    • @@ -1413,7 +1413,7 @@

    Container is running with writable root filesystem

  • - Line number: 10257 + Line number: 10501
    • @@ -1465,7 +1465,7 @@

    Container is running without liveness probe

  • - Line number: 9950 + Line number: 10194
    • @@ -1517,7 +1517,7 @@

    Container is running without liveness probe

  • - Line number: 10083 + Line number: 10327
    • @@ -1569,7 +1569,7 @@

    Container is running without liveness probe

  • - Line number: 10117 + Line number: 10361
    • @@ -1621,7 +1621,7 @@

    Container is running without liveness probe

  • - Line number: 10247 + Line number: 10491
    • @@ -1673,7 +1673,7 @@

    Container is running without liveness probe

  • - Line number: 10481 + Line number: 10725
    • @@ -1731,7 +1731,7 @@

    Container is running without memory limit

  • - Line number: 9950 + Line number: 10194
    • @@ -1789,7 +1789,7 @@

    Container is running without memory limit

  • - Line number: 10083 + Line number: 10327
    • @@ -1847,7 +1847,7 @@

    Container is running without memory limit

  • - Line number: 10117 + Line number: 10361
    • @@ -1905,7 +1905,7 @@

    Container is running without memory limit

  • - Line number: 10173 + Line number: 10417
    • @@ -1963,7 +1963,7 @@

    Container is running without memory limit

  • - Line number: 10247 + Line number: 10491
    • @@ -2021,7 +2021,7 @@

    Container is running without memory limit

  • - Line number: 10481 + Line number: 10725
    • @@ -2079,7 +2079,7 @@

    Container is running without memory limit

  • - Line number: 10303 + Line number: 10547
    • @@ -2137,7 +2137,7 @@

    Container is running without memory limit

  • - Line number: 10566 + Line number: 10810
    • @@ -2195,7 +2195,7 @@

    Container is running without memory limit

  • - Line number: 10864 + Line number: 11108
    • diff --git a/docs/snyk/master/argocd-iac-namespace-install.html b/docs/snyk/master/argocd-iac-namespace-install.html index 0b6f6efa2e8c6..0e165bfbce413 100644 --- a/docs/snyk/master/argocd-iac-namespace-install.html +++ b/docs/snyk/master/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 2nd 2022, 12:48:55 pm

    +

    November 6th 2022, 12:20:18 am

    Scanned the following path: diff --git a/docs/snyk/master/argocd-test.html b/docs/snyk/master/argocd-test.html index 7f8eec366bf77..7c660cdef27f4 100644 --- a/docs/snyk/master/argocd-test.html +++ b/docs/snyk/master/argocd-test.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 2nd 2022, 12:47:09 pm

    +

    November 6th 2022, 12:18:17 am

    Scanned the following paths: diff --git a/docs/snyk/master/ghcr.io_dexidp_dex_v2.35.3-distroless.html b/docs/snyk/master/ghcr.io_dexidp_dex_v2.35.3-distroless.html index 51f73536cfb41..3a26adef3501b 100644 --- a/docs/snyk/master/ghcr.io_dexidp_dex_v2.35.3-distroless.html +++ b/docs/snyk/master/ghcr.io_dexidp_dex_v2.35.3-distroless.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 2nd 2022, 12:47:21 pm

    +

    November 6th 2022, 12:18:28 am

    Scanned the following path: diff --git a/docs/snyk/master/haproxy_2.6.2-alpine.html b/docs/snyk/master/haproxy_2.6.2-alpine.html index 2425fe25e0451..81eb578252c69 100644 --- a/docs/snyk/master/haproxy_2.6.2-alpine.html +++ b/docs/snyk/master/haproxy_2.6.2-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 2nd 2022, 12:47:29 pm

    +

    November 6th 2022, 12:18:33 am

    Scanned the following path: diff --git a/docs/snyk/master/quay.io_argoproj_argocd_latest.html b/docs/snyk/master/quay.io_argoproj_argocd_latest.html index 0ef16f4c5413b..becab4fa5848e 100644 --- a/docs/snyk/master/quay.io_argoproj_argocd_latest.html +++ b/docs/snyk/master/quay.io_argoproj_argocd_latest.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 2nd 2022, 12:47:47 pm

    +

    November 6th 2022, 12:18:55 am

    Scanned the following path: @@ -466,8 +466,8 @@

    Snyk test report

    -
    13 known vulnerabilities
    -
    75 vulnerable dependency paths
    +
    16 known vulnerabilities
    +
    87 vulnerable dependency paths
    162 dependencies
    @@ -485,6 +485,244 @@

    Snyk test report

    +
    +

    CVE-2022-42800

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + zlib/zlib1g +
      • + +
    • Introduced through: + + + docker-image|quay.io/argoproj/argocd@latest, meta-common-packages@meta and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + meta-common-packages@meta + + zlib/zlib1g@1:1.2.11.dfsg-2ubuntu9.2 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply to the upstream zlib package.

    +

    This issue was addressed with improved checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. A user may be able to cause unexpected app termination or arbitrary code execution.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 zlib.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    CVE-2022-3821

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + systemd/libsystemd0 +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@latest and systemd/libsystemd0@249.11-0ubuntu3.6 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + systemd/libsystemd0@249.11-0ubuntu3.6 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + apt@2.4.8 + + systemd/libsystemd0@249.11-0ubuntu3.6 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + procps/libprocps8@2:3.3.17-6ubuntu2 + + systemd/libsystemd0@249.11-0ubuntu3.6 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + util-linux@2.37.2-4ubuntu3 + + systemd/libsystemd0@249.11-0ubuntu3.6 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + util-linux/bsdutils@1:2.37.2-4ubuntu3 + + systemd/libsystemd0@249.11-0ubuntu3.6 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + apt@2.4.8 + + apt/libapt-pkg6.0@2.4.8 + + systemd/libsystemd0@249.11-0ubuntu3.6 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + systemd/libudev1@249.11-0ubuntu3.6 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + libfido2/libfido2-1@1.10.0-1 + + systemd/libudev1@249.11-0ubuntu3.6 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + util-linux@2.37.2-4ubuntu3 + + systemd/libudev1@249.11-0ubuntu3.6 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + apt@2.4.8 + + apt/libapt-pkg6.0@2.4.8 + + systemd/libudev1@249.11-0ubuntu3.6 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    This vulnerability has not been analyzed by NVD yet.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 systemd.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +

    Improper Validation of Array Index

    @@ -557,6 +795,70 @@

    References

    More about this vulnerability

    +
    +
    +

    CVE-2022-3715

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + bash +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@latest and bash@5.1-6ubuntu1 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + bash@5.1-6ubuntu1 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    This vulnerability has not been analyzed by NVD yet.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 bash.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    Time-of-check Time-of-use (TOCTOU)

    diff --git a/docs/snyk/master/redis_7.0.5-alpine.html b/docs/snyk/master/redis_7.0.5-alpine.html index b83ae218b2643..c72a9561a361b 100644 --- a/docs/snyk/master/redis_7.0.5-alpine.html +++ b/docs/snyk/master/redis_7.0.5-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 2nd 2022, 12:47:53 pm

    +

    November 6th 2022, 12:19:00 am

    Scanned the following path: diff --git a/docs/snyk/v2.3.11/argocd-iac-install.html b/docs/snyk/v2.3.11/argocd-iac-install.html index 829952797459c..2e3cb1be8f46e 100644 --- a/docs/snyk/v2.3.11/argocd-iac-install.html +++ b/docs/snyk/v2.3.11/argocd-iac-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 2nd 2022, 12:54:19 pm

    +

    November 6th 2022, 12:26:48 am

    Scanned the following path: diff --git a/docs/snyk/v2.3.11/argocd-iac-namespace-install.html b/docs/snyk/v2.3.11/argocd-iac-namespace-install.html index a005e2998c7b3..ea523157b8032 100644 --- a/docs/snyk/v2.3.11/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.3.11/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 2nd 2022, 12:54:51 pm

    +

    November 6th 2022, 12:27:28 am

    Scanned the following path: diff --git a/docs/snyk/v2.3.11/argocd-test.html b/docs/snyk/v2.3.11/argocd-test.html index e762adb83a412..ecfc60402a6b7 100644 --- a/docs/snyk/v2.3.11/argocd-test.html +++ b/docs/snyk/v2.3.11/argocd-test.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 2nd 2022, 12:52:41 pm

    +

    November 6th 2022, 12:24:52 am

    Scanned the following paths: diff --git a/docs/snyk/v2.3.11/ghcr.io_dexidp_dex_v2.35.3-distroless.html b/docs/snyk/v2.3.11/ghcr.io_dexidp_dex_v2.35.3-distroless.html index 960a45ac9e069..2940998c38028 100644 --- a/docs/snyk/v2.3.11/ghcr.io_dexidp_dex_v2.35.3-distroless.html +++ b/docs/snyk/v2.3.11/ghcr.io_dexidp_dex_v2.35.3-distroless.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 2nd 2022, 12:52:45 pm

    +

    November 6th 2022, 12:24:56 am

    Scanned the following path: diff --git a/docs/snyk/v2.3.11/haproxy_2.0.29-alpine.html b/docs/snyk/v2.3.11/haproxy_2.0.29-alpine.html index 6c0d1f0ae6944..91c38b62b2dd7 100644 --- a/docs/snyk/v2.3.11/haproxy_2.0.29-alpine.html +++ b/docs/snyk/v2.3.11/haproxy_2.0.29-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 2nd 2022, 12:52:48 pm

    +

    November 6th 2022, 12:24:59 am

    Scanned the following path: diff --git a/docs/snyk/v2.3.11/quay.io_argoproj_argocd-applicationset_v0.4.1.html b/docs/snyk/v2.3.11/quay.io_argoproj_argocd-applicationset_v0.4.1.html index fc107d5cfdf9f..e8bde259b8056 100644 --- a/docs/snyk/v2.3.11/quay.io_argoproj_argocd-applicationset_v0.4.1.html +++ b/docs/snyk/v2.3.11/quay.io_argoproj_argocd-applicationset_v0.4.1.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 2nd 2022, 12:53:01 pm

    +

    November 6th 2022, 12:25:13 am

    Scanned the following path: @@ -3198,6 +3198,7 @@

    References

  • MISC
  • MISC
  • MLIST
    • +
  • CONFIRM
    • diff --git a/docs/snyk/v2.3.11/quay.io_argoproj_argocd_v2.3.11.html b/docs/snyk/v2.3.11/quay.io_argoproj_argocd_v2.3.11.html index 03884f3a02922..9bb4fe050926a 100644 --- a/docs/snyk/v2.3.11/quay.io_argoproj_argocd_v2.3.11.html +++ b/docs/snyk/v2.3.11/quay.io_argoproj_argocd_v2.3.11.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 2nd 2022, 12:53:26 pm

    +

    November 6th 2022, 12:25:43 am

    Scanned the following path: @@ -466,8 +466,8 @@

    Snyk test report

    -
    13 known vulnerabilities
    -
    75 vulnerable dependency paths
    +
    16 known vulnerabilities
    +
    87 vulnerable dependency paths
    162 dependencies
    @@ -485,6 +485,244 @@

    Snyk test report

    +
    +

    CVE-2022-42800

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + zlib/zlib1g +
      • + +
    • Introduced through: + + + docker-image|quay.io/argoproj/argocd@v2.3.11, meta-common-packages@meta and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.3.11 + + meta-common-packages@meta + + zlib/zlib1g@1:1.2.11.dfsg-2ubuntu9.2 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply to the upstream zlib package.

    +

    This issue was addressed with improved checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. A user may be able to cause unexpected app termination or arbitrary code execution.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 zlib.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    CVE-2022-3821

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + systemd/libsystemd0 +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.3.11 and systemd/libsystemd0@249.11-0ubuntu3.6 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.3.11 + + systemd/libsystemd0@249.11-0ubuntu3.6 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.3.11 + + apt@2.4.8 + + systemd/libsystemd0@249.11-0ubuntu3.6 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.3.11 + + procps/libprocps8@2:3.3.17-6ubuntu2 + + systemd/libsystemd0@249.11-0ubuntu3.6 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.3.11 + + util-linux@2.37.2-4ubuntu3 + + systemd/libsystemd0@249.11-0ubuntu3.6 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.3.11 + + util-linux/bsdutils@1:2.37.2-4ubuntu3 + + systemd/libsystemd0@249.11-0ubuntu3.6 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.3.11 + + apt@2.4.8 + + apt/libapt-pkg6.0@2.4.8 + + systemd/libsystemd0@249.11-0ubuntu3.6 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.3.11 + + systemd/libudev1@249.11-0ubuntu3.6 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.3.11 + + libfido2/libfido2-1@1.10.0-1 + + systemd/libudev1@249.11-0ubuntu3.6 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.3.11 + + util-linux@2.37.2-4ubuntu3 + + systemd/libudev1@249.11-0ubuntu3.6 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.3.11 + + apt@2.4.8 + + apt/libapt-pkg6.0@2.4.8 + + systemd/libudev1@249.11-0ubuntu3.6 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    This vulnerability has not been analyzed by NVD yet.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 systemd.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +

    Improper Validation of Array Index

    @@ -557,6 +795,70 @@

    References

    More about this vulnerability

    +
    +
    +

    CVE-2022-3715

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + bash +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.3.11 and bash@5.1-6ubuntu1 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.3.11 + + bash@5.1-6ubuntu1 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    This vulnerability has not been analyzed by NVD yet.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 bash.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    Time-of-check Time-of-use (TOCTOU)

    diff --git a/docs/snyk/v2.3.11/redis_6.2.7-alpine.html b/docs/snyk/v2.3.11/redis_6.2.7-alpine.html index bbb2aa62c33da..ba2dcc31c831b 100644 --- a/docs/snyk/v2.3.11/redis_6.2.7-alpine.html +++ b/docs/snyk/v2.3.11/redis_6.2.7-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 2nd 2022, 12:53:31 pm

    +

    November 6th 2022, 12:25:47 am

    Scanned the following path: diff --git a/docs/snyk/v2.4.16/argocd-iac-install.html b/docs/snyk/v2.4.16/argocd-iac-install.html index cd4e6b81468f5..37b128e3b068b 100644 --- a/docs/snyk/v2.4.16/argocd-iac-install.html +++ b/docs/snyk/v2.4.16/argocd-iac-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 2nd 2022, 12:52:20 pm

    +

    November 6th 2022, 12:24:24 am

    Scanned the following path: diff --git a/docs/snyk/v2.4.16/argocd-iac-namespace-install.html b/docs/snyk/v2.4.16/argocd-iac-namespace-install.html index 803d15719077b..95229268ee08f 100644 --- a/docs/snyk/v2.4.16/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.4.16/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 2nd 2022, 12:52:28 pm

    +

    November 6th 2022, 12:24:34 am

    Scanned the following path: diff --git a/docs/snyk/v2.4.16/argocd-test.html b/docs/snyk/v2.4.16/argocd-test.html index a528b50bb9deb..934c38d07a60c 100644 --- a/docs/snyk/v2.4.16/argocd-test.html +++ b/docs/snyk/v2.4.16/argocd-test.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 2nd 2022, 12:50:53 pm

    +

    November 6th 2022, 12:22:48 am

    Scanned the following paths: diff --git a/docs/snyk/v2.4.16/ghcr.io_dexidp_dex_v2.35.3-distroless.html b/docs/snyk/v2.4.16/ghcr.io_dexidp_dex_v2.35.3-distroless.html index 379ce74d44bc8..bf224bc4d5e70 100644 --- a/docs/snyk/v2.4.16/ghcr.io_dexidp_dex_v2.35.3-distroless.html +++ b/docs/snyk/v2.4.16/ghcr.io_dexidp_dex_v2.35.3-distroless.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 2nd 2022, 12:50:59 pm

    +

    November 6th 2022, 12:22:54 am

    Scanned the following path: diff --git a/docs/snyk/v2.4.16/haproxy_2.0.29-alpine.html b/docs/snyk/v2.4.16/haproxy_2.0.29-alpine.html index 0c23ea585178e..f5137599377b6 100644 --- a/docs/snyk/v2.4.16/haproxy_2.0.29-alpine.html +++ b/docs/snyk/v2.4.16/haproxy_2.0.29-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 2nd 2022, 12:51:06 pm

    +

    November 6th 2022, 12:23:00 am

    Scanned the following path: diff --git a/docs/snyk/v2.4.16/quay.io_argoproj_argocd_v2.4.16.html b/docs/snyk/v2.4.16/quay.io_argoproj_argocd_v2.4.16.html index a9e26d1130e9a..6dda470cf92bf 100644 --- a/docs/snyk/v2.4.16/quay.io_argoproj_argocd_v2.4.16.html +++ b/docs/snyk/v2.4.16/quay.io_argoproj_argocd_v2.4.16.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 2nd 2022, 12:51:26 pm

    +

    November 6th 2022, 12:23:19 am

    Scanned the following path: @@ -466,8 +466,8 @@

    Snyk test report

    -
    13 known vulnerabilities
    -
    75 vulnerable dependency paths
    +
    16 known vulnerabilities
    +
    87 vulnerable dependency paths
    162 dependencies
    @@ -485,6 +485,244 @@

    Snyk test report

    +
    +

    CVE-2022-42800

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + zlib/zlib1g +
      • + +
    • Introduced through: + + + docker-image|quay.io/argoproj/argocd@v2.4.16, meta-common-packages@meta and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.4.16 + + meta-common-packages@meta + + zlib/zlib1g@1:1.2.11.dfsg-2ubuntu9.2 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply to the upstream zlib package.

    +

    This issue was addressed with improved checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. A user may be able to cause unexpected app termination or arbitrary code execution.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 zlib.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    CVE-2022-3821

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + systemd/libsystemd0 +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.4.16 and systemd/libsystemd0@249.11-0ubuntu3.6 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.4.16 + + systemd/libsystemd0@249.11-0ubuntu3.6 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.4.16 + + apt@2.4.8 + + systemd/libsystemd0@249.11-0ubuntu3.6 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.4.16 + + procps/libprocps8@2:3.3.17-6ubuntu2 + + systemd/libsystemd0@249.11-0ubuntu3.6 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.4.16 + + util-linux@2.37.2-4ubuntu3 + + systemd/libsystemd0@249.11-0ubuntu3.6 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.4.16 + + util-linux/bsdutils@1:2.37.2-4ubuntu3 + + systemd/libsystemd0@249.11-0ubuntu3.6 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.4.16 + + apt@2.4.8 + + apt/libapt-pkg6.0@2.4.8 + + systemd/libsystemd0@249.11-0ubuntu3.6 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.4.16 + + systemd/libudev1@249.11-0ubuntu3.6 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.4.16 + + libfido2/libfido2-1@1.10.0-1 + + systemd/libudev1@249.11-0ubuntu3.6 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.4.16 + + util-linux@2.37.2-4ubuntu3 + + systemd/libudev1@249.11-0ubuntu3.6 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.4.16 + + apt@2.4.8 + + apt/libapt-pkg6.0@2.4.8 + + systemd/libudev1@249.11-0ubuntu3.6 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    This vulnerability has not been analyzed by NVD yet.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 systemd.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +

    Improper Validation of Array Index

    @@ -557,6 +795,70 @@

    References

    More about this vulnerability

    +
    +
    +

    CVE-2022-3715

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + bash +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.4.16 and bash@5.1-6ubuntu1 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.4.16 + + bash@5.1-6ubuntu1 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    This vulnerability has not been analyzed by NVD yet.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 bash.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    Time-of-check Time-of-use (TOCTOU)

    diff --git a/docs/snyk/v2.4.16/redis_7.0.4-alpine.html b/docs/snyk/v2.4.16/redis_7.0.4-alpine.html index cdc07d3b5ec4d..033744c05f2cf 100644 --- a/docs/snyk/v2.4.16/redis_7.0.4-alpine.html +++ b/docs/snyk/v2.4.16/redis_7.0.4-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 2nd 2022, 12:51:32 pm

    +

    November 6th 2022, 12:23:24 am

    Scanned the following path: diff --git a/docs/snyk/v2.5.1/argocd-iac-install.html b/docs/snyk/v2.5.1/argocd-iac-install.html index 6128687cfff2e..13ef9625f8e5d 100644 --- a/docs/snyk/v2.5.1/argocd-iac-install.html +++ b/docs/snyk/v2.5.1/argocd-iac-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 2nd 2022, 12:50:27 pm

    +

    November 6th 2022, 12:22:16 am

    Scanned the following path: diff --git a/docs/snyk/v2.5.1/argocd-iac-namespace-install.html b/docs/snyk/v2.5.1/argocd-iac-namespace-install.html index 9a02ac042678b..dd5fc67961b12 100644 --- a/docs/snyk/v2.5.1/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.5.1/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 2nd 2022, 12:50:35 pm

    +

    November 6th 2022, 12:22:27 am

    Scanned the following path: diff --git a/docs/snyk/v2.5.1/argocd-test.html b/docs/snyk/v2.5.1/argocd-test.html index e79d58a27efa5..78768bd205fe0 100644 --- a/docs/snyk/v2.5.1/argocd-test.html +++ b/docs/snyk/v2.5.1/argocd-test.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 2nd 2022, 12:49:09 pm

    +

    November 6th 2022, 12:20:31 am

    Scanned the following paths: diff --git a/docs/snyk/v2.5.1/ghcr.io_dexidp_dex_v2.35.3-distroless.html b/docs/snyk/v2.5.1/ghcr.io_dexidp_dex_v2.35.3-distroless.html index cfdb189ab5b63..8156e01398975 100644 --- a/docs/snyk/v2.5.1/ghcr.io_dexidp_dex_v2.35.3-distroless.html +++ b/docs/snyk/v2.5.1/ghcr.io_dexidp_dex_v2.35.3-distroless.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 2nd 2022, 12:49:13 pm

    +

    November 6th 2022, 12:20:35 am

    Scanned the following path: diff --git a/docs/snyk/v2.5.1/haproxy_2.6.2-alpine.html b/docs/snyk/v2.5.1/haproxy_2.6.2-alpine.html index 8a58b5bf6f025..f2a4e73abc423 100644 --- a/docs/snyk/v2.5.1/haproxy_2.6.2-alpine.html +++ b/docs/snyk/v2.5.1/haproxy_2.6.2-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 2nd 2022, 12:49:15 pm

    +

    November 6th 2022, 12:20:38 am

    Scanned the following path: diff --git a/docs/snyk/v2.5.1/quay.io_argoproj_argocd_v2.5.1.html b/docs/snyk/v2.5.1/quay.io_argoproj_argocd_v2.5.1.html index 0a2e402b354e5..8e4dc8f6cfa9d 100644 --- a/docs/snyk/v2.5.1/quay.io_argoproj_argocd_v2.5.1.html +++ b/docs/snyk/v2.5.1/quay.io_argoproj_argocd_v2.5.1.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 2nd 2022, 12:49:32 pm

    +

    November 6th 2022, 12:21:08 am

    Scanned the following path: @@ -466,8 +466,8 @@

    Snyk test report

    -
    13 known vulnerabilities
    -
    75 vulnerable dependency paths
    +
    16 known vulnerabilities
    +
    87 vulnerable dependency paths
    162 dependencies
    @@ -485,6 +485,244 @@

    Snyk test report

    +
    +

    CVE-2022-42800

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + zlib/zlib1g +
      • + +
    • Introduced through: + + + docker-image|quay.io/argoproj/argocd@v2.5.1, meta-common-packages@meta and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.1 + + meta-common-packages@meta + + zlib/zlib1g@1:1.2.11.dfsg-2ubuntu9.2 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply to the upstream zlib package.

    +

    This issue was addressed with improved checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. A user may be able to cause unexpected app termination or arbitrary code execution.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 zlib.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    CVE-2022-3821

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + systemd/libsystemd0 +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.5.1 and systemd/libsystemd0@249.11-0ubuntu3.6 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.1 + + systemd/libsystemd0@249.11-0ubuntu3.6 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.1 + + apt@2.4.8 + + systemd/libsystemd0@249.11-0ubuntu3.6 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.1 + + procps/libprocps8@2:3.3.17-6ubuntu2 + + systemd/libsystemd0@249.11-0ubuntu3.6 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.1 + + util-linux@2.37.2-4ubuntu3 + + systemd/libsystemd0@249.11-0ubuntu3.6 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.1 + + util-linux/bsdutils@1:2.37.2-4ubuntu3 + + systemd/libsystemd0@249.11-0ubuntu3.6 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.1 + + apt@2.4.8 + + apt/libapt-pkg6.0@2.4.8 + + systemd/libsystemd0@249.11-0ubuntu3.6 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.1 + + systemd/libudev1@249.11-0ubuntu3.6 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.1 + + libfido2/libfido2-1@1.10.0-1 + + systemd/libudev1@249.11-0ubuntu3.6 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.1 + + util-linux@2.37.2-4ubuntu3 + + systemd/libudev1@249.11-0ubuntu3.6 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.1 + + apt@2.4.8 + + apt/libapt-pkg6.0@2.4.8 + + systemd/libudev1@249.11-0ubuntu3.6 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    This vulnerability has not been analyzed by NVD yet.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 systemd.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +

    Improper Validation of Array Index

    @@ -557,6 +795,70 @@

    References

    More about this vulnerability

    +
    +
    +

    CVE-2022-3715

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + bash +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.5.1 and bash@5.1-6ubuntu1 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.1 + + bash@5.1-6ubuntu1 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    This vulnerability has not been analyzed by NVD yet.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 bash.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    Time-of-check Time-of-use (TOCTOU)

    diff --git a/docs/snyk/v2.5.1/redis_7.0.5-alpine.html b/docs/snyk/v2.5.1/redis_7.0.5-alpine.html index 0da064e1918e1..939e7dd6fa071 100644 --- a/docs/snyk/v2.5.1/redis_7.0.5-alpine.html +++ b/docs/snyk/v2.5.1/redis_7.0.5-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 2nd 2022, 12:49:35 pm

    +

    November 6th 2022, 12:21:11 am

    Scanned the following path: From 99cba7cf6bbb5dc7773a90f7a39d3f20a35c6bf8 Mon Sep 17 00:00:00 2001 From: reggie-k Date: Tue, 8 Nov 2022 15:42:08 +0200 Subject: [PATCH 036/304] feat: Shared custom health check for multiple resources (#4212) (#10885) * Kind wildcard support in health customizations Signed-off-by: reggie * Updated health customizations docs to using the correct field with a / Signed-off-by: reggie * Updated health customizations docs to using the correct field with a / Signed-off-by: reggie * Document resource kind wildcard for custom health check Signed-off-by: reggie * Implemented wildcard * support in API Group and Resource Kind and updated docs Signed-off-by: reggie * Implemented wildcard * support in API Group and Resource Kind and updated docs Signed-off-by: reggie * Implemented wildcard * support in API Group and Resource Kind and updated docs Signed-off-by: reggie * Removed code duplication and returned an empty string instead of an error Signed-off-by: reggie Signed-off-by: reggie Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: emirot --- docs/operator-manual/health.md | 84 +++++++++++++++++++++------------- util/lua/lua.go | 26 +++++++++++ util/lua/lua_test.go | 34 ++++++++++++++ 3 files changed, 112 insertions(+), 32 deletions(-) diff --git a/docs/operator-manual/health.md b/docs/operator-manual/health.md index 947a2753f1033..f52cfd27d73ee 100644 --- a/docs/operator-manual/health.md +++ b/docs/operator-manual/health.md @@ -36,19 +36,21 @@ metadata: app.kubernetes.io/name: argocd-cm app.kubernetes.io/part-of: argocd data: - resource.customizations.health.argoproj.io_Application: | - hs = {} - hs.status = "Progressing" - hs.message = "" - if obj.status ~= nil then - if obj.status.health ~= nil then - hs.status = obj.status.health.status - if obj.status.health.message ~= nil then - hs.message = obj.status.health.message + resource.customizations: | + argoproj.io/Application: + health.lua: | + hs = {} + hs.status = "Progressing" + hs.message = "" + if obj.status ~= nil then + if obj.status.health ~= nil then + hs.status = obj.status.health.status + if obj.status.health.message ~= nil then + hs.message = obj.status.health.message + end + end end - end - end - return hs + return hs ``` ## Custom Health Checks @@ -62,34 +64,50 @@ There are two ways to configure a custom health check. The next two sections des ### Way 1. Define a Custom Health Check in `argocd-cm` ConfigMap -Custom health checks can be defined in `resource.customizations.health.` field of `argocd-cm`. If you are using argocd-operator, this is overridden by [the argocd-operator resourceCustomizations](https://argocd-operator.readthedocs.io/en/latest/reference/argocd/#resource-customizations). +Custom health checks can be defined in +```yaml + resource.customizations: | + : + health.lua: | +``` +field of `argocd-cm`. If you are using argocd-operator, this is overridden by [the argocd-operator resourceCustomizations](https://argocd-operator.readthedocs.io/en/latest/reference/argocd/#resource-customizations). The following example demonstrates a health check for `cert-manager.io/Certificate`. ```yaml data: - resource.customizations.health.cert-manager.io_Certificate: | - hs = {} - if obj.status ~= nil then - if obj.status.conditions ~= nil then - for i, condition in ipairs(obj.status.conditions) do - if condition.type == "Ready" and condition.status == "False" then - hs.status = "Degraded" - hs.message = condition.message - return hs - end - if condition.type == "Ready" and condition.status == "True" then - hs.status = "Healthy" - hs.message = condition.message - return hs + resource.customizations: | + cert-manager.io/Certificate: + health.lua: | + hs = {} + if obj.status ~= nil then + if obj.status.conditions ~= nil then + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" and condition.status == "False" then + hs.status = "Degraded" + hs.message = condition.message + return hs + end + if condition.type == "Ready" and condition.status == "True" then + hs.status = "Healthy" + hs.message = condition.message + return hs + end + end end end - end - end - hs.status = "Progressing" - hs.message = "Waiting for certificate" - return hs + hs.status = "Progressing" + hs.message = "Waiting for certificate" + return hs +``` +In order to prevent duplication of the same custom health check for potentially multiple resources, it is also possible to specify a wildcard in the resource kind, like this: + +```yaml + resource.customizations: | + ec2.aws.crossplane.io/*: + health.lua: | + ... ``` The `obj` is a global variable which contains the resource. The script must return an object with status and optional message field. @@ -139,3 +157,5 @@ tests: To test the implemented custom health checks, run `go test -v ./util/lua/`. The [PR#1139](https://github.com/argoproj/argo-cd/pull/1139) is an example of Cert Manager CRDs custom health check. + +Please note that bundled health checks with wildcards are not supported. diff --git a/util/lua/lua.go b/util/lua/lua.go index 34d1caf0ca56a..8f1daba22406c 100644 --- a/util/lua/lua.go +++ b/util/lua/lua.go @@ -16,6 +16,7 @@ import ( appv1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" "github.com/argoproj/argo-cd/v2/resource_customizations" + "github.com/argoproj/argo-cd/v2/util/glob" ) const ( @@ -122,10 +123,24 @@ func (vm VM) ExecuteHealthLua(obj *unstructured.Unstructured, script string) (*h // GetHealthScript attempts to read lua script from config and then filesystem for that resource func (vm VM) GetHealthScript(obj *unstructured.Unstructured) (string, bool, error) { + // first, search the gvk as is in the ResourceOverrides key := GetConfigMapKey(obj.GroupVersionKind()) + if script, ok := vm.ResourceOverrides[key]; ok && script.HealthLua != "" { return script.HealthLua, script.UseOpenLibs, nil } + + // if not found as is, perhaps it matches wildcard entries in the configmap + wildcardKey := GetWildcardConfigMapKey(vm, obj.GroupVersionKind()) + + if wildcardKey != "" { + if wildcardScript, ok := vm.ResourceOverrides[wildcardKey]; ok && wildcardScript.HealthLua != "" { + return wildcardScript.HealthLua, wildcardScript.UseOpenLibs, nil + } + } + + // if not found in the ResourceOverrides at all, search it as is in the built-in scripts + // (as built-in scripts are files in folders, named after the GVK, currently there is no wildcard support for them) builtInScript, err := vm.getPredefinedLuaScripts(key, healthScriptFile) // standard libraries will be enabled for all built-in scripts return builtInScript, true, err @@ -333,6 +348,17 @@ func GetConfigMapKey(gvk schema.GroupVersionKind) string { return fmt.Sprintf("%s/%s", gvk.Group, gvk.Kind) } +func GetWildcardConfigMapKey(vm VM, gvk schema.GroupVersionKind) string { + gvkKeyToMatch := GetConfigMapKey(gvk) + + for key := range vm.ResourceOverrides { + if glob.Match(key, gvkKeyToMatch) { + return key + } + } + return "" +} + func (vm VM) getPredefinedLuaScripts(objKey string, scriptFile string) (string, error) { data, err := resource_customizations.Embedded.ReadFile(filepath.Join(objKey, scriptFile)) if err != nil { diff --git a/util/lua/lua_test.go b/util/lua/lua_test.go index 628db49db8284..314f9a8ab313c 100644 --- a/util/lua/lua_test.go +++ b/util/lua/lua_test.go @@ -126,6 +126,40 @@ func TestGetHealthScriptWithOverride(t *testing.T) { assert.Equal(t, newHealthStatusFunction, script) } +func TestGetHealthScriptWithKindWildcardOverride(t *testing.T) { + testObj := StrToUnstructured(objJSON) + vm := VM{ + ResourceOverrides: map[string]appv1.ResourceOverride{ + "argoproj.io/*": { + HealthLua: newHealthStatusFunction, + UseOpenLibs: false, + }, + }, + } + + script, useOpenLibs, err := vm.GetHealthScript(testObj) + assert.Nil(t, err) + assert.Equal(t, false, useOpenLibs) + assert.Equal(t, newHealthStatusFunction, script) +} + +func TestGetHealthScriptWithGroupWildcardOverride(t *testing.T) { + testObj := StrToUnstructured(objJSON) + vm := VM{ + ResourceOverrides: map[string]appv1.ResourceOverride{ + "*.io/Rollout": { + HealthLua: newHealthStatusFunction, + UseOpenLibs: false, + }, + }, + } + + script, useOpenLibs, err := vm.GetHealthScript(testObj) + assert.Nil(t, err) + assert.Equal(t, false, useOpenLibs) + assert.Equal(t, newHealthStatusFunction, script) +} + func TestGetHealthScriptPredefined(t *testing.T) { testObj := StrToUnstructured(objJSON) vm := VM{} From bcd709252235a9839141e3d76b43476855b67df5 Mon Sep 17 00:00:00 2001 From: Alex Eftimie Date: Tue, 8 Nov 2022 18:45:28 +0100 Subject: [PATCH 037/304] Action menu: sort items, show in resource details page (#11008) Signed-off-by: Alex Eftimie Co-authored-by: Remington Breeze Signed-off-by: emirot --- .../resource-details/resource-details.tsx | 16 +++- ui/src/app/applications/components/utils.tsx | 90 +++++++++++++------ .../shared/services/applications-service.ts | 6 +- 3 files changed, 80 insertions(+), 32 deletions(-) diff --git a/ui/src/app/applications/components/resource-details/resource-details.tsx b/ui/src/app/applications/components/resource-details/resource-details.tsx index eb94298ff9215..14ab321ff34f7 100644 --- a/ui/src/app/applications/components/resource-details/resource-details.tsx +++ b/ui/src/app/applications/components/resource-details/resource-details.tsx @@ -1,4 +1,4 @@ -import {DataLoader, Tab, Tabs} from 'argo-ui'; +import {DataLoader, DropDown, Tab, Tabs} from 'argo-ui'; import * as React from 'react'; import {useState} from 'react'; import {EventsList, YamlEditor} from '../../../shared/components'; @@ -309,9 +309,21 @@ export const ResourceDetails = (props: ResourceDetailsProps) => { className='argo-button argo-button--base'> SYNC - + ( + + )}> + {() => AppUtils.renderResourceActionMenu(selectedNode, application, tree, {apis: appContext})} +
    { + return services.applications + .getResourceActions(metadata.name, metadata.namespace, resource) + .then(actions => { + return actions.map( + action => + ({ + title: action.name, + disabled: !!action.disabled, + action: async () => { + try { + const confirmed = await appContext.apis.popup.confirm( + `Execute '${action.name}' action?`, + `Are you sure you want to execute '${action.name}' action?` + ); + if (confirmed) { + await services.applications.runResourceAction(metadata.name, metadata.namespace, resource, action.name); + } + } catch (e) { + appContext.apis.notifications.show({ + content: , + type: NotificationType.Error + }); + } + } + } as MenuItem) + ); + }) + .catch(() => [] as MenuItem[]); +} + function getActionItems( resource: ResourceTreeNode, application: appModels.Application, @@ -460,34 +491,8 @@ function getActionItems( }) .catch(() => [] as MenuItem[]); - const resourceActions = services.applications - .getResourceActions(application.metadata.name, application.metadata.namespace, resource) - .then(actions => { - return actions.map( - action => - ({ - title: action.name, - disabled: !!action.disabled, - action: async () => { - try { - const confirmed = await appContext.apis.popup.confirm( - `Execute '${action.name}' action?`, - `Are you sure you want to execute '${action.name}' action?` - ); - if (confirmed) { - await services.applications.runResourceAction(application.metadata.name, application.metadata.namespace, resource, action.name); - } - } catch (e) { - appContext.apis.notifications.show({ - content: , - type: NotificationType.Error - }); - } - } - } as MenuItem) - ); - }) - .catch(() => [] as MenuItem[]); + const resourceActions = getResourceActionsMenuItems(resource, application, appContext); + return combineLatest( from([items]), // this resolves immediately concat([[] as MenuItem[]], resourceActions), // this resolves at first to [] and then whatever the API returns @@ -534,6 +539,33 @@ export function renderResourceMenu( ); } +export function renderResourceActionMenu(resource: ResourceTreeNode, application: appModels.Application, tree: appModels.ApplicationTree, appContext: AppContext): React.ReactNode { + const menuItems = getResourceActionsMenuItems(resource, application.metadata, appContext); + + return ( + menuItems}> + {items => ( +
      + {items.map((item, i) => ( +
    • { + e.stopPropagation(); + if (!item.disabled) { + item.action(); + document.body.click(); + } + }}> + {item.iconClassName && } {item.title} +
      • + ))} +
    + )} +     + ); +} + export function renderResourceButtons( resource: ResourceTreeNode, application: appModels.Application, diff --git a/ui/src/app/shared/services/applications-service.ts b/ui/src/app/shared/services/applications-service.ts index da4d25e913f49..006e6c558b97f 100644 --- a/ui/src/app/shared/services/applications-service.ts +++ b/ui/src/app/shared/services/applications-service.ts @@ -298,7 +298,11 @@ export class ApplicationsService { kind: resource.kind, group: resource.group }) - .then(res => (res.body.actions as models.ResourceAction[]) || []); + .then(res => { + const actions = (res.body.actions as models.ResourceAction[]) || []; + actions.sort((actionA, actionB) => actionA.name.localeCompare(actionB.name)); + return actions; + }); } public runResourceAction(name: string, appNamspace: string, resource: models.ResourceNode, action: string): Promise { From 79d031cf8b77eb53bce4a943791c32c1debfcf71 Mon Sep 17 00:00:00 2001 From: Leonardo Luz Almeida Date: Tue, 8 Nov 2022 16:06:05 -0500 Subject: [PATCH 038/304] fix: do not mutate live when managed namespace enabled (#11197) * fix: do not mutate live when managed namespace enabled Signed-off-by: Leonardo Luz Almeida * fix unit-test Signed-off-by: Leonardo Luz Almeida * fix unit-test Signed-off-by: Leonardo Luz Almeida * Fix lint Signed-off-by: Leonardo Luz Almeida * remove trackingID from e2e test validation Signed-off-by: Leonardo Luz Almeida * fix e2e Signed-off-by: Leonardo Luz Almeida * remove unnecessary config Signed-off-by: Leonardo Luz Almeida Signed-off-by: Leonardo Luz Almeida Signed-off-by: emirot --- controller/sync_namespace.go | 54 ++++++----- controller/sync_namespace_test.go | 143 ++++++++++++----------------- go.mod | 1 + go.sum | 4 +- test/e2e/app_management_ns_test.go | 27 ------ 5 files changed, 92 insertions(+), 137 deletions(-) diff --git a/controller/sync_namespace.go b/controller/sync_namespace.go index b96dd4421b3c2..9203e27f502e7 100644 --- a/controller/sync_namespace.go +++ b/controller/sync_namespace.go @@ -1,46 +1,50 @@ package controller import ( - "fmt" - cdcommon "github.com/argoproj/argo-cd/v2/common" "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" "github.com/argoproj/argo-cd/v2/util/argo" gitopscommon "github.com/argoproj/gitops-engine/pkg/sync/common" - "github.com/argoproj/gitops-engine/pkg/utils/kube" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" ) -func syncNamespace(resourceTracking argo.ResourceTracking, appLabelKey string, trackingMethod v1alpha1.TrackingMethod, appName string, syncPolicy *v1alpha1.SyncPolicy) func(un *unstructured.Unstructured) (bool, error) { - return func(liveNs *unstructured.Unstructured) (bool, error) { - if liveNs != nil && kube.GetAppInstanceLabel(liveNs, cdcommon.LabelKeyAppInstance) != "" { - kube.UnsetLabel(liveNs, cdcommon.LabelKeyAppInstance) - return true, nil +// syncNamespace determine if Argo CD should create and/or manage the namespace +// where the application will be deployed. +func syncNamespace(resourceTracking argo.ResourceTracking, appLabelKey string, trackingMethod v1alpha1.TrackingMethod, appName string, syncPolicy *v1alpha1.SyncPolicy) func(m, l *unstructured.Unstructured) (bool, error) { + // This function must return true for the managed namespace to be synced. + return func(managedNs, liveNs *unstructured.Unstructured) (bool, error) { + if managedNs == nil { + return false, nil } - isNewNamespace := liveNs != nil && liveNs.GetUID() == "" && liveNs.GetResourceVersion() == "" + isNewNamespace := liveNs == nil + isManagedNamespace := syncPolicy != nil && syncPolicy.ManagedNamespaceMetadata != nil - if liveNs != nil && syncPolicy != nil { - // managedNamespaceMetadata relies on SSA, and since the diffs are computed by the k8s control plane we - // always need to call the k8s api server, so we'll always need to return true if managedNamespaceMetadata is set. - hasManagedMetadata := syncPolicy.ManagedNamespaceMetadata != nil - if hasManagedMetadata { - managedNamespaceMetadata := syncPolicy.ManagedNamespaceMetadata - liveNs.SetLabels(managedNamespaceMetadata.Labels) - liveNs.SetAnnotations(appendSSAAnnotation(managedNamespaceMetadata.Annotations)) - - err := resourceTracking.SetAppInstance(liveNs, appLabelKey, appName, "", trackingMethod) - if err != nil { - return false, fmt.Errorf("failed to set app instance tracking on the namespace %s: %s", liveNs.GetName(), err) - } + // should only sync the namespace if it doesn't exist in k8s or if + // syncPolicy is defined to manage the metadata + if !isManagedNamespace && !isNewNamespace { + return false, nil + } - return true, nil - } + if isManagedNamespace { + managedNamespaceMetadata := syncPolicy.ManagedNamespaceMetadata + managedNs.SetLabels(managedNamespaceMetadata.Labels) + // managedNamespaceMetadata relies on SSA in order to avoid overriding + // existing labels and annotations in namespaces + managedNs.SetAnnotations(appendSSAAnnotation(managedNamespaceMetadata.Annotations)) } - return isNewNamespace, nil + // TODO: https://github.com/argoproj/argo-cd/issues/11196 + // err := resourceTracking.SetAppInstance(managedNs, appLabelKey, appName, "", trackingMethod) + // if err != nil { + // return false, fmt.Errorf("failed to set app instance tracking on the namespace %s: %s", managedNs.GetName(), err) + // } + + return true, nil } } +// appendSSAAnnotation will set the managed namespace to be synced +// with server-side apply func appendSSAAnnotation(in map[string]string) map[string]string { r := map[string]string{} for k, v := range in { diff --git a/controller/sync_namespace_test.go b/controller/sync_namespace_test.go index 9a8b7819220d7..e18f52800bf03 100644 --- a/controller/sync_namespace_test.go +++ b/controller/sync_namespace_test.go @@ -1,7 +1,6 @@ package controller import ( - "errors" "github.com/argoproj/argo-cd/v2/common" "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" "github.com/argoproj/argo-cd/v2/util/argo" @@ -11,33 +10,6 @@ import ( "testing" ) -type fakeResourceTracking struct { -} - -func (f fakeResourceTracking) GetAppName(un *unstructured.Unstructured, key string, trackingMethod v1alpha1.TrackingMethod) string { - panic("implement me") -} - -func (f fakeResourceTracking) GetAppInstance(un *unstructured.Unstructured, key string, trackingMethod v1alpha1.TrackingMethod) *argo.AppInstanceValue { - return nil -} - -func (f fakeResourceTracking) SetAppInstance(un *unstructured.Unstructured, key, val, namespace string, trackingMethod v1alpha1.TrackingMethod) error { - return errors.New("some error") -} - -func (f fakeResourceTracking) BuildAppInstanceValue(value argo.AppInstanceValue) string { - panic("implement me") -} - -func (f fakeResourceTracking) ParseAppInstanceValue(value string) (*argo.AppInstanceValue, error) { - panic("implement me") -} - -func (f fakeResourceTracking) Normalize(config, live *unstructured.Unstructured, labelKey, trackingMethod string) error { - panic("implement me") -} - func createFakeNamespace(uid string, resourceVersion string, labels map[string]string, annotations map[string]string) *unstructured.Unstructured { un := unstructured.Unstructured{} un.SetUID(types.UID(uid)) @@ -53,29 +25,33 @@ func Test_shouldNamespaceSync(t *testing.T) { tests := []struct { name string syncPolicy *v1alpha1.SyncPolicy - un *unstructured.Unstructured + managedNs *unstructured.Unstructured + liveNs *unstructured.Unstructured expected bool expectedLabels map[string]string expectedAnnotations map[string]string }{ { - name: "un is nil and syncPolicy is nil", + name: "liveNs is nil and syncPolicy is nil", expected: false, - un: nil, + managedNs: nil, + liveNs: nil, syncPolicy: nil, }, { - name: "un is nil and syncPolicy is not nil", - expected: false, - un: nil, + name: "liveNs is nil and syncPolicy is not nil", + expected: false, + managedNs: nil, + liveNs: nil, syncPolicy: &v1alpha1.SyncPolicy{ ManagedNamespaceMetadata: nil, }, }, { - name: "un is nil and syncPolicy has labels and annotations", + name: "liveNs is nil and syncPolicy has labels and annotations", expected: false, - un: nil, + managedNs: nil, + liveNs: nil, expectedLabels: map[string]string{"my-cool-label": "some-value"}, expectedAnnotations: map[string]string{"my-cool-annotation": "some-value"}, syncPolicy: &v1alpha1.SyncPolicy{ @@ -86,12 +62,12 @@ func Test_shouldNamespaceSync(t *testing.T) { }, }, { - name: "namespace does not yet exist and managedNamespaceMetadata nil", - expected: true, - expectedLabels: map[string]string{}, - //expectedAnnotations: map[string]string{"argocd.argoproj.io/tracking-id": "some-app:/Namespace:/some-namespace"}, + name: "namespace does not yet exist and managedNamespaceMetadata nil", + expected: true, + expectedLabels: map[string]string{}, expectedAnnotations: map[string]string{}, - un: createFakeNamespace("", "", map[string]string{}, map[string]string{}), + managedNs: createFakeNamespace("", "", map[string]string{}, map[string]string{}), + liveNs: nil, syncPolicy: &v1alpha1.SyncPolicy{ ManagedNamespaceMetadata: nil, }, @@ -99,8 +75,9 @@ func Test_shouldNamespaceSync(t *testing.T) { { name: "namespace does not yet exist and managedNamespaceMetadata not nil", expected: true, - expectedAnnotations: map[string]string{"argocd.argoproj.io/tracking-id": "some-app:/Namespace:/some-namespace", "argocd.argoproj.io/sync-options": "ServerSideApply=true"}, - un: createFakeNamespace("", "", map[string]string{}, map[string]string{}), + expectedAnnotations: map[string]string{"argocd.argoproj.io/sync-options": "ServerSideApply=true"}, + managedNs: createFakeNamespace("", "", map[string]string{}, map[string]string{}), + liveNs: nil, syncPolicy: &v1alpha1.SyncPolicy{ ManagedNamespaceMetadata: &v1alpha1.ManagedNamespaceMetadata{}, }, @@ -109,8 +86,9 @@ func Test_shouldNamespaceSync(t *testing.T) { name: "namespace does not yet exist and managedNamespaceMetadata has empty labels map", expected: true, expectedLabels: map[string]string{}, - expectedAnnotations: map[string]string{"argocd.argoproj.io/tracking-id": "some-app:/Namespace:/some-namespace", "argocd.argoproj.io/sync-options": "ServerSideApply=true"}, - un: createFakeNamespace("", "", map[string]string{}, map[string]string{}), + expectedAnnotations: map[string]string{"argocd.argoproj.io/sync-options": "ServerSideApply=true"}, + managedNs: createFakeNamespace("", "", map[string]string{}, map[string]string{}), + liveNs: nil, syncPolicy: &v1alpha1.SyncPolicy{ ManagedNamespaceMetadata: &v1alpha1.ManagedNamespaceMetadata{ Labels: map[string]string{}, @@ -120,8 +98,9 @@ func Test_shouldNamespaceSync(t *testing.T) { { name: "namespace does not yet exist and managedNamespaceMetadata has empty annotations map", expected: true, - expectedAnnotations: map[string]string{"argocd.argoproj.io/tracking-id": "some-app:/Namespace:/some-namespace", "argocd.argoproj.io/sync-options": "ServerSideApply=true"}, - un: createFakeNamespace("", "", map[string]string{}, map[string]string{}), + expectedAnnotations: map[string]string{"argocd.argoproj.io/sync-options": "ServerSideApply=true"}, + managedNs: createFakeNamespace("", "", map[string]string{}, map[string]string{}), + liveNs: nil, syncPolicy: &v1alpha1.SyncPolicy{ ManagedNamespaceMetadata: &v1alpha1.ManagedNamespaceMetadata{ Annotations: map[string]string{}, @@ -132,8 +111,9 @@ func Test_shouldNamespaceSync(t *testing.T) { name: "namespace does not yet exist and managedNamespaceMetadata has empty annotations and labels map", expected: true, expectedLabels: map[string]string{}, - expectedAnnotations: map[string]string{"argocd.argoproj.io/tracking-id": "some-app:/Namespace:/some-namespace", "argocd.argoproj.io/sync-options": "ServerSideApply=true"}, - un: createFakeNamespace("", "", map[string]string{}, map[string]string{}), + expectedAnnotations: map[string]string{"argocd.argoproj.io/sync-options": "ServerSideApply=true"}, + managedNs: createFakeNamespace("", "", map[string]string{}, map[string]string{}), + liveNs: nil, syncPolicy: &v1alpha1.SyncPolicy{ ManagedNamespaceMetadata: &v1alpha1.ManagedNamespaceMetadata{ Labels: map[string]string{}, @@ -145,8 +125,9 @@ func Test_shouldNamespaceSync(t *testing.T) { name: "namespace does not yet exist and managedNamespaceMetadata has labels", expected: true, expectedLabels: map[string]string{"my-cool-label": "some-value"}, - expectedAnnotations: map[string]string{"argocd.argoproj.io/tracking-id": "some-app:/Namespace:/some-namespace", "argocd.argoproj.io/sync-options": "ServerSideApply=true"}, - un: createFakeNamespace("", "", map[string]string{}, map[string]string{}), + expectedAnnotations: map[string]string{"argocd.argoproj.io/sync-options": "ServerSideApply=true"}, + managedNs: createFakeNamespace("", "", map[string]string{}, map[string]string{}), + liveNs: nil, syncPolicy: &v1alpha1.SyncPolicy{ ManagedNamespaceMetadata: &v1alpha1.ManagedNamespaceMetadata{ Labels: map[string]string{"my-cool-label": "some-value"}, @@ -157,8 +138,9 @@ func Test_shouldNamespaceSync(t *testing.T) { { name: "namespace does not yet exist and managedNamespaceMetadata has annotations", expected: true, - expectedAnnotations: map[string]string{"my-cool-annotation": "some-value", "argocd.argoproj.io/tracking-id": "some-app:/Namespace:/some-namespace", "argocd.argoproj.io/sync-options": "ServerSideApply=true"}, - un: createFakeNamespace("", "", map[string]string{}, map[string]string{}), + expectedAnnotations: map[string]string{"my-cool-annotation": "some-value", "argocd.argoproj.io/sync-options": "ServerSideApply=true"}, + managedNs: createFakeNamespace("", "", map[string]string{}, map[string]string{}), + liveNs: nil, syncPolicy: &v1alpha1.SyncPolicy{ ManagedNamespaceMetadata: &v1alpha1.ManagedNamespaceMetadata{ Labels: nil, @@ -170,8 +152,9 @@ func Test_shouldNamespaceSync(t *testing.T) { name: "namespace does not yet exist and managedNamespaceMetadata has annotations and labels", expected: true, expectedLabels: map[string]string{"my-cool-label": "some-value"}, - expectedAnnotations: map[string]string{"my-cool-annotation": "some-value", "argocd.argoproj.io/tracking-id": "some-app:/Namespace:/some-namespace", "argocd.argoproj.io/sync-options": "ServerSideApply=true"}, - un: createFakeNamespace("", "", map[string]string{}, map[string]string{}), + expectedAnnotations: map[string]string{"my-cool-annotation": "some-value", "argocd.argoproj.io/sync-options": "ServerSideApply=true"}, + managedNs: createFakeNamespace("", "", map[string]string{}, map[string]string{}), + liveNs: nil, syncPolicy: &v1alpha1.SyncPolicy{ ManagedNamespaceMetadata: &v1alpha1.ManagedNamespaceMetadata{ Labels: map[string]string{"my-cool-label": "some-value"}, @@ -183,8 +166,9 @@ func Test_shouldNamespaceSync(t *testing.T) { name: "namespace exists with no labels or annotations and managedNamespaceMetadata has labels", expected: true, expectedLabels: map[string]string{"my-cool-label": "some-value"}, - expectedAnnotations: map[string]string{"argocd.argoproj.io/tracking-id": "some-app:/Namespace:/some-namespace", "argocd.argoproj.io/sync-options": "ServerSideApply=true"}, - un: createFakeNamespace("something", "1", map[string]string{}, map[string]string{}), + expectedAnnotations: map[string]string{"argocd.argoproj.io/sync-options": "ServerSideApply=true"}, + managedNs: createFakeNamespace("", "", map[string]string{}, map[string]string{}), + liveNs: createFakeNamespace("something", "1", map[string]string{}, map[string]string{}), syncPolicy: &v1alpha1.SyncPolicy{ ManagedNamespaceMetadata: &v1alpha1.ManagedNamespaceMetadata{ Labels: map[string]string{"my-cool-label": "some-value"}, @@ -194,8 +178,9 @@ func Test_shouldNamespaceSync(t *testing.T) { { name: "namespace exists with no labels or annotations and managedNamespaceMetadata has annotations", expected: true, - expectedAnnotations: map[string]string{"my-cool-annotation": "some-value", "argocd.argoproj.io/tracking-id": "some-app:/Namespace:/some-namespace", "argocd.argoproj.io/sync-options": "ServerSideApply=true"}, - un: createFakeNamespace("something", "1", map[string]string{}, map[string]string{}), + expectedAnnotations: map[string]string{"my-cool-annotation": "some-value", "argocd.argoproj.io/sync-options": "ServerSideApply=true"}, + managedNs: createFakeNamespace("", "", map[string]string{}, map[string]string{}), + liveNs: createFakeNamespace("something", "1", map[string]string{}, map[string]string{}), syncPolicy: &v1alpha1.SyncPolicy{ ManagedNamespaceMetadata: &v1alpha1.ManagedNamespaceMetadata{ Annotations: map[string]string{"my-cool-annotation": "some-value"}, @@ -206,8 +191,9 @@ func Test_shouldNamespaceSync(t *testing.T) { name: "namespace exists with no labels or annotations and managedNamespaceMetadata has annotations and labels", expected: true, expectedLabels: map[string]string{"my-cool-label": "some-value"}, - expectedAnnotations: map[string]string{"my-cool-annotation": "some-value", "argocd.argoproj.io/tracking-id": "some-app:/Namespace:/some-namespace", "argocd.argoproj.io/sync-options": "ServerSideApply=true"}, - un: createFakeNamespace("something", "1", map[string]string{}, map[string]string{}), + expectedAnnotations: map[string]string{"my-cool-annotation": "some-value", "argocd.argoproj.io/sync-options": "ServerSideApply=true"}, + managedNs: createFakeNamespace("", "", map[string]string{}, map[string]string{}), + liveNs: createFakeNamespace("something", "1", map[string]string{}, map[string]string{}), syncPolicy: &v1alpha1.SyncPolicy{ ManagedNamespaceMetadata: &v1alpha1.ManagedNamespaceMetadata{ Labels: map[string]string{"my-cool-label": "some-value"}, @@ -218,9 +204,10 @@ func Test_shouldNamespaceSync(t *testing.T) { { name: "namespace exists with labels and managedNamespaceMetadata has mismatching labels", expected: true, - expectedAnnotations: map[string]string{"argocd.argoproj.io/tracking-id": "some-app:/Namespace:/some-namespace", "argocd.argoproj.io/sync-options": "ServerSideApply=true"}, + expectedAnnotations: map[string]string{"argocd.argoproj.io/sync-options": "ServerSideApply=true"}, expectedLabels: map[string]string{"my-cool-label": "some-value", "my-other-label": "some-other-value"}, - un: createFakeNamespace("something", "1", map[string]string{"my-cool-label": "some-value"}, map[string]string{}), + managedNs: createFakeNamespace("", "", map[string]string{}, map[string]string{}), + liveNs: createFakeNamespace("something", "1", map[string]string{"my-cool-label": "some-value"}, map[string]string{}), syncPolicy: &v1alpha1.SyncPolicy{ ManagedNamespaceMetadata: &v1alpha1.ManagedNamespaceMetadata{ Labels: map[string]string{"my-cool-label": "some-value", "my-other-label": "some-other-value"}, @@ -232,8 +219,9 @@ func Test_shouldNamespaceSync(t *testing.T) { name: "namespace exists with annotations and managedNamespaceMetadata has mismatching annotations", expected: true, expectedLabels: map[string]string{}, - expectedAnnotations: map[string]string{"my-cool-annotation": "some-value", "argocd.argoproj.io/tracking-id": "some-app:/Namespace:/some-namespace", "argocd.argoproj.io/sync-options": "ServerSideApply=true"}, - un: createFakeNamespace("something", "1", map[string]string{}, map[string]string{"my-cool-annotation": "some-value", "my-other-annotation": "some-other-value"}), + expectedAnnotations: map[string]string{"my-cool-annotation": "some-value", "argocd.argoproj.io/sync-options": "ServerSideApply=true"}, + managedNs: createFakeNamespace("", "", map[string]string{}, map[string]string{}), + liveNs: createFakeNamespace("something", "1", map[string]string{}, map[string]string{"my-cool-annotation": "some-value", "my-other-annotation": "some-other-value"}), syncPolicy: &v1alpha1.SyncPolicy{ ManagedNamespaceMetadata: &v1alpha1.ManagedNamespaceMetadata{ Labels: map[string]string{}, @@ -245,8 +233,9 @@ func Test_shouldNamespaceSync(t *testing.T) { name: "namespace exists with annotations and labels managedNamespaceMetadata has mismatching annotations and labels", expected: true, expectedLabels: map[string]string{"my-cool-label": "some-value", "my-other-label": "some-other-value"}, - expectedAnnotations: map[string]string{"my-cool-annotation": "some-value", "my-other-annotation": "some-other-value", "argocd.argoproj.io/tracking-id": "some-app:/Namespace:/some-namespace", "argocd.argoproj.io/sync-options": "ServerSideApply=true"}, - un: createFakeNamespace("something", "1", map[string]string{"my-cool-label": "some-value"}, map[string]string{"my-cool-annotation": "some-value"}), + expectedAnnotations: map[string]string{"my-cool-annotation": "some-value", "my-other-annotation": "some-other-value", "argocd.argoproj.io/sync-options": "ServerSideApply=true"}, + managedNs: createFakeNamespace("", "", map[string]string{}, map[string]string{}), + liveNs: createFakeNamespace("something", "1", map[string]string{"my-cool-label": "some-value"}, map[string]string{"my-cool-annotation": "some-value"}), syncPolicy: &v1alpha1.SyncPolicy{ ManagedNamespaceMetadata: &v1alpha1.ManagedNamespaceMetadata{ Labels: map[string]string{"my-cool-label": "some-value", "my-other-label": "some-other-value"}, @@ -258,27 +247,15 @@ func Test_shouldNamespaceSync(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - actual, err := syncNamespace(argo.NewResourceTracking(), common.LabelKeyAppInstance, argo.TrackingMethodAnnotation, "some-app", tt.syncPolicy)(tt.un) + actual, err := syncNamespace(argo.NewResourceTracking(), common.LabelKeyAppInstance, argo.TrackingMethodAnnotation, "some-app", tt.syncPolicy)(tt.managedNs, tt.liveNs) assert.NoError(t, err) - if tt.un != nil { - assert.Equal(t, tt.expectedLabels, tt.un.GetLabels()) - assert.Equal(t, tt.expectedAnnotations, tt.un.GetAnnotations()) + if tt.managedNs != nil { + assert.Equal(t, tt.expectedLabels, tt.managedNs.GetLabels()) + assert.Equal(t, tt.expectedAnnotations, tt.managedNs.GetAnnotations()) } assert.Equalf(t, tt.expected, actual, "syncNamespace(%v)", tt.syncPolicy) }) } } - -func Test_shouldNamespaceSync_Failure(t *testing.T) { - fake := fakeResourceTracking{} - _, err := syncNamespace(fake, common.LabelKeyAppInstance, argo.TrackingMethodAnnotation, "some-app", &v1alpha1.SyncPolicy{ - ManagedNamespaceMetadata: &v1alpha1.ManagedNamespaceMetadata{ - Labels: map[string]string{"my-cool-label": "some-value"}, - Annotations: map[string]string{"my-cool-annotation": "some-value"}, - }, - })(createFakeNamespace("something", "1", map[string]string{}, map[string]string{})) - assert.Error(t, err, "Expected error") - assert.Equal(t, "failed to set app instance tracking on the namespace some-namespace: some error", err.Error()) -} diff --git a/go.mod b/go.mod index b69337f56080e..613d3a719489d 100644 --- a/go.mod +++ b/go.mod @@ -252,6 +252,7 @@ require ( ) replace ( + github.com/argoproj/gitops-engine => github.com/leoluz/gitops-engine v0.4.1-0.20221104145611-3e05051d9be3 // https://github.com/golang/go/issues/33546#issuecomment-519656923 github.com/go-check/check => github.com/go-check/check v0.0.0-20180628173108-788fd7840127 diff --git a/go.sum b/go.sum index 0da05d81e462a..a269852a18b9b 100644 --- a/go.sum +++ b/go.sum @@ -142,8 +142,6 @@ github.com/antonmedv/expr v1.8.9/go.mod h1:5qsM3oLGDND7sDmQGDXHkYfkjYMUX14qsgqmH github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= github.com/apache/thrift v0.13.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= github.com/appscode/go v0.0.0-20190808133642-1d4ef1f1c1e0/go.mod h1:iy07dV61Z7QQdCKJCIvUoDL21u6AIceRhZzyleh2ymc= -github.com/argoproj/gitops-engine v0.7.1-0.20221103192913-b371e3bfc5e9 h1:qk4O1fw6ZtWwm0vNM1HFACSAJYnhuKweLNP6XzDJchE= -github.com/argoproj/gitops-engine v0.7.1-0.20221103192913-b371e3bfc5e9/go.mod h1:WpA/B7tgwfz+sdNE3LqrTrb7ArEY1FOPI2pAGI0hfPc= github.com/argoproj/notifications-engine v0.3.1-0.20220812180936-4d8552b0775f h1:xTts6TJ/SBbY9zV8qpueokUd3+SlJN6Abt4W6lAjOKM= github.com/argoproj/notifications-engine v0.3.1-0.20220812180936-4d8552b0775f/go.mod h1:R3zlopt+/juYlebQc9Jarn9vBQ2xZruWOWjUNkfGY9M= github.com/argoproj/pkg v0.11.1-0.20211203175135-36c59d8fafe0 h1:Cfp7rO/HpVxnwlRqJe0jHiBbZ77ZgXhB6HWlYD02Xdc= @@ -751,6 +749,8 @@ github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/ktrysmt/go-bitbucket v0.9.40 h1:LcvdyW7u58vfbUi9bCQB+ihyqDzoy+9WBq/odmBsXrg= github.com/ktrysmt/go-bitbucket v0.9.40/go.mod h1:FWxy2UK7GlK5b0NSJGc5hPqnssVlkNnsChvyuOf/Xno= github.com/leodido/go-urn v1.1.0/go.mod h1:+cyI34gQWZcE1eQU7NVgKkkzdXDQHr1dBMtdAPozLkw= +github.com/leoluz/gitops-engine v0.4.1-0.20221104145611-3e05051d9be3 h1:QueLyPTVnAeZuZQa4NV+2HnZvoltq5oQZG0+cHkhIVY= +github.com/leoluz/gitops-engine v0.4.1-0.20221104145611-3e05051d9be3/go.mod h1:WpA/B7tgwfz+sdNE3LqrTrb7ArEY1FOPI2pAGI0hfPc= github.com/libopenstorage/openstorage v1.0.0/go.mod h1:Sp1sIObHjat1BeXhfMqLZ14wnOzEhNx2YQedreMcUyc= github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0= github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE= diff --git a/test/e2e/app_management_ns_test.go b/test/e2e/app_management_ns_test.go index 50319b5a331ca..c56113414b007 100644 --- a/test/e2e/app_management_ns_test.go +++ b/test/e2e/app_management_ns_test.go @@ -1901,15 +1901,11 @@ func TestNamespacedNamespaceAutoCreationWithMetadata(t *testing.T) { Expect(Namespace(updatedNamespace, func(app *Application, ns *v1.Namespace) { assert.Empty(t, app.Status.Conditions) - trackingId := ns.Annotations["argocd.argoproj.io/tracking-id"] - delete(ns.Labels, "kubernetes.io/metadata.name") delete(ns.Labels, "argocd.argoproj.io/tracking-id") delete(ns.Annotations, "argocd.argoproj.io/tracking-id") delete(ns.Annotations, "kubectl.kubernetes.io/last-applied-configuration") - assert.Equal(t, fmt.Sprintf("%s:/Namespace:/%s", app.Name, updatedNamespace), trackingId) - assert.Equal(t, map[string]string{"foo": "bar"}, ns.Labels) assert.Equal(t, map[string]string{"bar": "bat", "argocd.argoproj.io/sync-options": "ServerSideApply=true"}, ns.Annotations) assert.Equal(t, map[string]string{"foo": "bar"}, app.Spec.SyncPolicy.ManagedNamespaceMetadata.Labels) @@ -1927,15 +1923,12 @@ func TestNamespacedNamespaceAutoCreationWithMetadata(t *testing.T) { Then(). Expect(Success("")). Expect(Namespace(updatedNamespace, func(app *Application, ns *v1.Namespace) { - trackingId := ns.Annotations["argocd.argoproj.io/tracking-id"] delete(ns.Labels, "kubernetes.io/metadata.name") delete(ns.Labels, "argocd.argoproj.io/tracking-id") delete(ns.Annotations, "kubectl.kubernetes.io/last-applied-configuration") delete(ns.Annotations, "argocd.argoproj.io/tracking-id") - assert.Equal(t, fmt.Sprintf("%s:/Namespace:/%s", app.Name, updatedNamespace), trackingId) - assert.Equal(t, map[string]string{"new": "label"}, ns.Labels) assert.Equal(t, map[string]string{"bar": "bat", "argocd.argoproj.io/sync-options": "ServerSideApply=true"}, ns.Annotations) assert.Equal(t, map[string]string{"new": "label"}, app.Spec.SyncPolicy.ManagedNamespaceMetadata.Labels) @@ -1950,15 +1943,11 @@ func TestNamespacedNamespaceAutoCreationWithMetadata(t *testing.T) { Then(). Expect(Success("")). Expect(Namespace(updatedNamespace, func(app *Application, ns *v1.Namespace) { - trackingId := ns.Annotations["argocd.argoproj.io/tracking-id"] - delete(ns.Labels, "kubernetes.io/metadata.name") delete(ns.Labels, "argocd.argoproj.io/tracking-id") delete(ns.Annotations, "argocd.argoproj.io/tracking-id") delete(ns.Annotations, "kubectl.kubernetes.io/last-applied-configuration") - assert.Equal(t, fmt.Sprintf("%s:/Namespace:/%s", app.Name, updatedNamespace), trackingId) - assert.Equal(t, map[string]string{"new": "label"}, ns.Labels) assert.Equal(t, map[string]string{"new": "custom-annotation", "argocd.argoproj.io/sync-options": "ServerSideApply=true"}, ns.Annotations) assert.Equal(t, map[string]string{"new": "label"}, app.Spec.SyncPolicy.ManagedNamespaceMetadata.Labels) @@ -2004,18 +1993,12 @@ func TestNamespacedNamespaceAutoCreationWithMetadataAndNsManifest(t *testing.T) Then(). Expect(Success("")). Expect(Namespace(namespace, func(app *Application, ns *v1.Namespace) { - //assert.NotEmpty(t, app.Status.Conditions) - - //trackingId := ns.Annotations["argocd.argoproj.io/tracking-id"] - delete(ns.Labels, "kubernetes.io/metadata.name") delete(ns.Labels, "argocd.argoproj.io/tracking-id") delete(ns.Labels, "kubectl.kubernetes.io/last-applied-configuration") delete(ns.Annotations, "argocd.argoproj.io/tracking-id") delete(ns.Annotations, "kubectl.kubernetes.io/last-applied-configuration") - //assert.Equal(t, fmt.Sprintf("%s:/Namespace:/%s/%s", AppNamespace(), namespace, namespace), trackingId) - // The application namespace manifest takes precedence over what is in managedNamespaceMetadata assert.Equal(t, map[string]string{"test": "true"}, ns.Labels) assert.Equal(t, map[string]string{"foo": "bar", "something": "else"}, ns.Annotations) @@ -2091,8 +2074,6 @@ metadata: Then(). Expect(Success("")). Expect(Namespace(updatedNamespace, func(app *Application, ns *v1.Namespace) { - trackingId := ns.Annotations["argocd.argoproj.io/tracking-id"] - assert.Empty(t, app.Status.Conditions) delete(ns.Labels, "kubernetes.io/metadata.name") @@ -2100,8 +2081,6 @@ metadata: delete(ns.Annotations, "argocd.argoproj.io/tracking-id") delete(ns.Annotations, "kubectl.kubernetes.io/last-applied-configuration") - assert.Equal(t, fmt.Sprintf("%s:/Namespace:/%s", app.Name, updatedNamespace), trackingId) - assert.Equal(t, map[string]string{"test": "true", "foo": "bar"}, ns.Labels) assert.Equal(t, map[string]string{"argocd.argoproj.io/sync-options": "ServerSideApply=true", "something": "whatevs", "bar": "bat"}, ns.Annotations) })). @@ -2114,7 +2093,6 @@ metadata: Then(). Expect(Success("")). Expect(Namespace(updatedNamespace, func(app *Application, ns *v1.Namespace) { - trackingId := ns.Annotations["argocd.argoproj.io/tracking-id"] assert.Empty(t, app.Status.Conditions) @@ -2123,8 +2101,6 @@ metadata: delete(ns.Annotations, "kubectl.kubernetes.io/last-applied-configuration") delete(ns.Annotations, "argocd.argoproj.io/tracking-id") - assert.Equal(t, fmt.Sprintf("%s:/Namespace:/%s", app.Name, updatedNamespace), trackingId) - assert.Equal(t, map[string]string{"test": "true", "foo": "bar"}, ns.Labels) assert.Equal(t, map[string]string{"argocd.argoproj.io/sync-options": "ServerSideApply=true", "something": "hmm", "bar": "bat"}, ns.Annotations) assert.Equal(t, map[string]string{"something": "hmm", "bar": "bat"}, app.Spec.SyncPolicy.ManagedNamespaceMetadata.Annotations) @@ -2138,7 +2114,6 @@ metadata: Then(). Expect(Success("")). Expect(Namespace(updatedNamespace, func(app *Application, ns *v1.Namespace) { - trackingId := ns.Annotations["argocd.argoproj.io/tracking-id"] assert.Empty(t, app.Status.Conditions) @@ -2147,8 +2122,6 @@ metadata: delete(ns.Annotations, "kubectl.kubernetes.io/last-applied-configuration") delete(ns.Annotations, "argocd.argoproj.io/tracking-id") - assert.Equal(t, fmt.Sprintf("%s:/Namespace:/%s", app.Name, updatedNamespace), trackingId) - assert.Equal(t, map[string]string{"test": "true", "foo": "bar"}, ns.Labels) assert.Equal(t, map[string]string{"argocd.argoproj.io/sync-options": "ServerSideApply=true", "bar": "bat"}, ns.Annotations) assert.Equal(t, map[string]string{"bar": "bat"}, app.Spec.SyncPolicy.ManagedNamespaceMetadata.Annotations) From 193c0e0672ad0eea9e98e12a632535df082df41c Mon Sep 17 00:00:00 2001 From: Arthur Busser <22616578+busser@users.noreply.github.com> Date: Tue, 8 Nov 2022 22:07:19 +0100 Subject: [PATCH 039/304] chore: add Pigment to list of users (#11127) Signed-off-by: Arthur Busser Signed-off-by: Arthur Busser Signed-off-by: emirot --- USERS.md | 1 + 1 file changed, 1 insertion(+) diff --git a/USERS.md b/USERS.md index 5971da34fbdac..a5a1700dee1af 100644 --- a/USERS.md +++ b/USERS.md @@ -163,6 +163,7 @@ Currently, the following organizations are **officially** using Argo CD: 1. [PagerDuty](https://www.pagerduty.com/) 1. [PayPay](https://paypay.ne.jp/) 1. [Peloton Interactive](https://www.onepeloton.com/) +1. [Pigment](https://www.gopigment.com/) 1. [Pipefy](https://www.pipefy.com/) 1. [Pismo](https://pismo.io/) 1. [Polarpoint.io](https://polarpoint.io) From 1fa45a91de6616934ff080b915b0cfbed66513dc Mon Sep 17 00:00:00 2001 From: Jesse Suen Date: Tue, 8 Nov 2022 13:52:00 -0800 Subject: [PATCH 040/304] fix: retry token creation/deletion upon project conflict errors (#11199) Signed-off-by: Jesse Suen Signed-off-by: emirot --- server/project/project.go | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/server/project/project.go b/server/project/project.go index f593905118c0c..d077b3bbc2b8e 100644 --- a/server/project/project.go +++ b/server/project/project.go @@ -20,6 +20,7 @@ import ( "k8s.io/apimachinery/pkg/fields" "k8s.io/client-go/kubernetes" "k8s.io/client-go/tools/cache" + "k8s.io/client-go/util/retry" "github.com/argoproj/argo-cd/v2/pkg/apiclient/project" "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" @@ -75,6 +76,16 @@ func validateProject(proj *v1alpha1.AppProject) error { // CreateToken creates a new token to access a project func (s *Server) CreateToken(ctx context.Context, q *project.ProjectTokenCreateRequest) (*project.ProjectTokenResponse, error) { + var resp *project.ProjectTokenResponse + err := retry.RetryOnConflict(retry.DefaultBackoff, func() error { + var createErr error + resp, createErr = s.createToken(ctx, q) + return createErr + }) + return resp, err +} + +func (s *Server) createToken(ctx context.Context, q *project.ProjectTokenCreateRequest) (*project.ProjectTokenResponse, error) { prj, err := s.appclientset.ArgoprojV1alpha1().AppProjects(s.ns).Get(ctx, q.Project, metav1.GetOptions{}) if err != nil { return nil, err @@ -146,6 +157,16 @@ func (s *Server) CreateToken(ctx context.Context, q *project.ProjectTokenCreateR // DeleteToken deletes a token in a project func (s *Server) DeleteToken(ctx context.Context, q *project.ProjectTokenDeleteRequest) (*project.EmptyResponse, error) { + var resp *project.EmptyResponse + err := retry.RetryOnConflict(retry.DefaultBackoff, func() error { + var deleteErr error + resp, deleteErr = s.deleteToken(ctx, q) + return deleteErr + }) + return resp, err +} + +func (s *Server) deleteToken(ctx context.Context, q *project.ProjectTokenDeleteRequest) (*project.EmptyResponse, error) { prj, err := s.appclientset.ArgoprojV1alpha1().AppProjects(s.ns).Get(ctx, q.Project, metav1.GetOptions{}) if err != nil { return nil, err From f318bb40627e3d51df94eed914f70eebe423de3f Mon Sep 17 00:00:00 2001 From: Leonardo Luz Almeida Date: Tue, 8 Nov 2022 17:46:44 -0500 Subject: [PATCH 041/304] fix: point gitops-engine to current master (#11230) Signed-off-by: Leonardo Luz Almeida Signed-off-by: Leonardo Luz Almeida Signed-off-by: emirot --- go.mod | 3 +-- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index 613d3a719489d..c070ebf1c9b9a 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( github.com/Masterminds/semver/v3 v3.1.1 github.com/TomOnTime/utfutil v0.0.0-20180511104225-09c41003ee1d github.com/alicebob/miniredis/v2 v2.14.2 - github.com/argoproj/gitops-engine v0.7.1-0.20221103192913-b371e3bfc5e9 + github.com/argoproj/gitops-engine v0.7.1-0.20221108210551-e284fd71cb96 github.com/argoproj/notifications-engine v0.3.1-0.20220812180936-4d8552b0775f github.com/argoproj/pkg v0.11.1-0.20211203175135-36c59d8fafe0 github.com/aws/aws-sdk-go v1.38.49 @@ -252,7 +252,6 @@ require ( ) replace ( - github.com/argoproj/gitops-engine => github.com/leoluz/gitops-engine v0.4.1-0.20221104145611-3e05051d9be3 // https://github.com/golang/go/issues/33546#issuecomment-519656923 github.com/go-check/check => github.com/go-check/check v0.0.0-20180628173108-788fd7840127 diff --git a/go.sum b/go.sum index a269852a18b9b..e6781456a78de 100644 --- a/go.sum +++ b/go.sum @@ -142,6 +142,8 @@ github.com/antonmedv/expr v1.8.9/go.mod h1:5qsM3oLGDND7sDmQGDXHkYfkjYMUX14qsgqmH github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= github.com/apache/thrift v0.13.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= github.com/appscode/go v0.0.0-20190808133642-1d4ef1f1c1e0/go.mod h1:iy07dV61Z7QQdCKJCIvUoDL21u6AIceRhZzyleh2ymc= +github.com/argoproj/gitops-engine v0.7.1-0.20221108210551-e284fd71cb96 h1:4CQn3gY9aAsQwHWGnADGyfGfBjE+yEw4zoy5SN7uuZc= +github.com/argoproj/gitops-engine v0.7.1-0.20221108210551-e284fd71cb96/go.mod h1:WpA/B7tgwfz+sdNE3LqrTrb7ArEY1FOPI2pAGI0hfPc= github.com/argoproj/notifications-engine v0.3.1-0.20220812180936-4d8552b0775f h1:xTts6TJ/SBbY9zV8qpueokUd3+SlJN6Abt4W6lAjOKM= github.com/argoproj/notifications-engine v0.3.1-0.20220812180936-4d8552b0775f/go.mod h1:R3zlopt+/juYlebQc9Jarn9vBQ2xZruWOWjUNkfGY9M= github.com/argoproj/pkg v0.11.1-0.20211203175135-36c59d8fafe0 h1:Cfp7rO/HpVxnwlRqJe0jHiBbZ77ZgXhB6HWlYD02Xdc= @@ -749,8 +751,6 @@ github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/ktrysmt/go-bitbucket v0.9.40 h1:LcvdyW7u58vfbUi9bCQB+ihyqDzoy+9WBq/odmBsXrg= github.com/ktrysmt/go-bitbucket v0.9.40/go.mod h1:FWxy2UK7GlK5b0NSJGc5hPqnssVlkNnsChvyuOf/Xno= github.com/leodido/go-urn v1.1.0/go.mod h1:+cyI34gQWZcE1eQU7NVgKkkzdXDQHr1dBMtdAPozLkw= -github.com/leoluz/gitops-engine v0.4.1-0.20221104145611-3e05051d9be3 h1:QueLyPTVnAeZuZQa4NV+2HnZvoltq5oQZG0+cHkhIVY= -github.com/leoluz/gitops-engine v0.4.1-0.20221104145611-3e05051d9be3/go.mod h1:WpA/B7tgwfz+sdNE3LqrTrb7ArEY1FOPI2pAGI0hfPc= github.com/libopenstorage/openstorage v1.0.0/go.mod h1:Sp1sIObHjat1BeXhfMqLZ14wnOzEhNx2YQedreMcUyc= github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0= github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE= From 4f8c2c2f8a623a1fc011fa52929e30167604d9cf Mon Sep 17 00:00:00 2001 From: Justin Marquis <34fathombelow@protonmail.com> Date: Wed, 9 Nov 2022 05:22:06 -0800 Subject: [PATCH 042/304] fix: use non distroless image for dex (#11219) * fix: use non distroless image for dex Signed-off-by: Justin Marquis <34fathombelow@protonmail.com> * change image in ci workflow Signed-off-by: Justin Marquis <34fathombelow@protonmail.com> Signed-off-by: Justin Marquis <34fathombelow@protonmail.com> Signed-off-by: emirot --- .github/workflows/ci-build.yaml | 2 +- manifests/base/dex/argocd-dex-server-deployment.yaml | 2 +- manifests/ha/install.yaml | 2 +- manifests/ha/namespace-install.yaml | 2 +- manifests/install.yaml | 2 +- manifests/namespace-install.yaml | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ci-build.yaml b/.github/workflows/ci-build.yaml index eae73376178f1..397c98d72bc74 100644 --- a/.github/workflows/ci-build.yaml +++ b/.github/workflows/ci-build.yaml @@ -412,7 +412,7 @@ jobs: git config --global user.email "john.doe@example.com" - name: Pull Docker image required for tests run: | - docker pull ghcr.io/dexidp/dex:v2.35.3-distroless + docker pull ghcr.io/dexidp/dex:v2.35.3 docker pull argoproj/argo-cd-ci-builder:v1.0.0 docker pull redis:7.0.5-alpine - name: Create target directory for binaries in the build-process diff --git a/manifests/base/dex/argocd-dex-server-deployment.yaml b/manifests/base/dex/argocd-dex-server-deployment.yaml index 2ac75ed49b789..dd2d37fea62e8 100644 --- a/manifests/base/dex/argocd-dex-server-deployment.yaml +++ b/manifests/base/dex/argocd-dex-server-deployment.yaml @@ -37,7 +37,7 @@ spec: type: RuntimeDefault containers: - name: dex - image: ghcr.io/dexidp/dex:v2.35.3-distroless + image: ghcr.io/dexidp/dex:v2.35.3 imagePullPolicy: Always command: [/shared/argocd-dex, rundex] env: diff --git a/manifests/ha/install.yaml b/manifests/ha/install.yaml index 36fbf572602f2..ed635ee5c74d1 100644 --- a/manifests/ha/install.yaml +++ b/manifests/ha/install.yaml @@ -11256,7 +11256,7 @@ spec: key: dexserver.disable.tls name: argocd-cmd-params-cm optional: true - image: ghcr.io/dexidp/dex:v2.35.3-distroless + image: ghcr.io/dexidp/dex:v2.35.3 imagePullPolicy: Always name: dex ports: diff --git a/manifests/ha/namespace-install.yaml b/manifests/ha/namespace-install.yaml index af6e259295c21..9174dd36fdcdd 100644 --- a/manifests/ha/namespace-install.yaml +++ b/manifests/ha/namespace-install.yaml @@ -1678,7 +1678,7 @@ spec: key: dexserver.disable.tls name: argocd-cmd-params-cm optional: true - image: ghcr.io/dexidp/dex:v2.35.3-distroless + image: ghcr.io/dexidp/dex:v2.35.3 imagePullPolicy: Always name: dex ports: diff --git a/manifests/install.yaml b/manifests/install.yaml index b7f51dda9fc3d..5f0d1be65348e 100644 --- a/manifests/install.yaml +++ b/manifests/install.yaml @@ -10334,7 +10334,7 @@ spec: key: dexserver.disable.tls name: argocd-cmd-params-cm optional: true - image: ghcr.io/dexidp/dex:v2.35.3-distroless + image: ghcr.io/dexidp/dex:v2.35.3 imagePullPolicy: Always name: dex ports: diff --git a/manifests/namespace-install.yaml b/manifests/namespace-install.yaml index 232357ce81083..10ff420a1b4d5 100644 --- a/manifests/namespace-install.yaml +++ b/manifests/namespace-install.yaml @@ -756,7 +756,7 @@ spec: key: dexserver.disable.tls name: argocd-cmd-params-cm optional: true - image: ghcr.io/dexidp/dex:v2.35.3-distroless + image: ghcr.io/dexidp/dex:v2.35.3 imagePullPolicy: Always name: dex ports: From 75dbb1f67b53a2d8aa03146b634706b235b87bb8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?ChangZhuo=20Chen=20=28=E9=99=B3=E6=98=8C=E5=80=AC=29?= Date: Wed, 9 Nov 2022 21:29:22 +0800 Subject: [PATCH 043/304] docs: add example for config management plugins exclusion (#11187) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: ChangZhuo Chen (陳昌倬) Signed-off-by: ChangZhuo Chen (陳昌倬) Signed-off-by: emirot --- docs/user-guide/config-management-plugins.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/user-guide/config-management-plugins.md b/docs/user-guide/config-management-plugins.md index ba115fdab6b63..455ac8a72d0e8 100644 --- a/docs/user-guide/config-management-plugins.md +++ b/docs/user-guide/config-management-plugins.md @@ -262,8 +262,8 @@ If you are actively developing a sidecar-installed CMP, keep a few things in min ## Plugin tar stream exclusions In order to increase the speed of manifest generation, certain files and folders can be excluded from being sent to your -plugin. We recommend excluding your `.git` folder if it isn't necessary. Use Go's -[filepatch.Match](https://pkg.go.dev/path/filepath#Match) syntax. +plugin. We recommend excluding your `.git` folder if it isn't necessary. Use Go's +[filepatch.Match](https://pkg.go.dev/path/filepath#Match) syntax. For example, `.git/*` to exclude `.git` folder. You can set it one of three ways: From a1062c58b77369cd27b4d3af6bcca5edbd18832b Mon Sep 17 00:00:00 2001 From: Alex Eftimie Date: Wed, 9 Nov 2022 20:46:42 +0100 Subject: [PATCH 044/304] fix(ui): show orphaned as gray. fixes: #11180 (#11218) Signed-off-by: Alex Eftimie Signed-off-by: emirot --- .../application-resource-tree/application-resource-tree.scss | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ui/src/app/applications/components/application-resource-tree/application-resource-tree.scss b/ui/src/app/applications/components/application-resource-tree/application-resource-tree.scss index 19e7e3364ecc5..74ad1e53a79fc 100644 --- a/ui/src/app/applications/components/application-resource-tree/application-resource-tree.scss +++ b/ui/src/app/applications/components/application-resource-tree/application-resource-tree.scss @@ -93,7 +93,9 @@ } &--orphaned { - background-color: lighten($argo-color-gray-4, 10%); + @include themify($themes) { + background-color: themed('light-argo-gray-2'); + } } &--load-balancer { From 3bb3ce48088157b5035412d34bdd0d5f8f255692 Mon Sep 17 00:00:00 2001 From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Date: Wed, 9 Nov 2022 16:27:11 -0500 Subject: [PATCH 045/304] docs: fix formatting (#11245) Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: emirot --- docs/user-guide/config-management-plugins.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/user-guide/config-management-plugins.md b/docs/user-guide/config-management-plugins.md index 455ac8a72d0e8..13157e302dc67 100644 --- a/docs/user-guide/config-management-plugins.md +++ b/docs/user-guide/config-management-plugins.md @@ -251,12 +251,12 @@ If you don't need to set any environment variables, you can set an empty plugin If you are actively developing a sidecar-installed CMP, keep a few things in mind: -1) If you are mounting plugin.yaml from a ConfigMap, you will have to restart the repo-server Pod so the plugin will +1. If you are mounting plugin.yaml from a ConfigMap, you will have to restart the repo-server Pod so the plugin will pick up the changes. -2) If you have baked plugin.yaml into your image, you will have to build, push, and force a re-pull of that image on the +2. If you have baked plugin.yaml into your image, you will have to build, push, and force a re-pull of that image on the repo-server Pod so the plugin will pick up the changes. If you are using `:latest`, the Pod will always pull the new image. If you're using a different, static tag, set `imagePullPolicy: Always` on the CMP's sidecar container. -3) CMP errors are cached by the repo-server in Redis. Restarting the repo-server Pod will not clear the cache. Always +3. CMP errors are cached by the repo-server in Redis. Restarting the repo-server Pod will not clear the cache. Always do a "Hard Refresh" when actively developing a CMP so you have the latest output. ## Plugin tar stream exclusions From 99bb8c890dd39659852ee0eefe1d743e87ca8a98 Mon Sep 17 00:00:00 2001 From: Ferenc Horvay <42404290+FerencoVonMatterhorn@users.noreply.github.com> Date: Mon, 14 Nov 2022 14:28:06 +0100 Subject: [PATCH 046/304] fix: add check for trailing/leading whitespace in project role group names (#10919) (#10988) * fix: add check for trailing/leading whitespace in project role group names Signed-off-by: Ferenc * fix: change expected output on whitespace test Signed-off-by: Ferenc * fix: apply requested changes Signed-off-by: Ferenc Signed-off-by: Ferenc Signed-off-by: emirot --- pkg/apis/application/v1alpha1/types.go | 9 ++++++++- pkg/apis/application/v1alpha1/types_test.go | 4 +++- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/pkg/apis/application/v1alpha1/types.go b/pkg/apis/application/v1alpha1/types.go index 29821ab9407e7..d2b45e4110eb3 100644 --- a/pkg/apis/application/v1alpha1/types.go +++ b/pkg/apis/application/v1alpha1/types.go @@ -14,6 +14,7 @@ import ( "strconv" "strings" "time" + "unicode" "github.com/argoproj/gitops-engine/pkg/health" synccommon "github.com/argoproj/gitops-engine/pkg/sync/common" @@ -1618,6 +1619,7 @@ func validateRoleName(name string) error { var invalidChars = regexp.MustCompile("[\"\n\r\t]") func validateGroupName(name string) error { + n := []rune(name) name = strings.TrimSpace(name) if len(name) > 1 && strings.HasPrefix(name, "\"") && strings.HasSuffix(name, "\"") { // Remove surrounding quotes for further inspection of the group name @@ -1625,13 +1627,18 @@ func validateGroupName(name string) error { } else if strings.Contains(name, ",") { return status.Errorf(codes.InvalidArgument, "group '%s' must be quoted", name) } - if name == "" { return status.Errorf(codes.InvalidArgument, "group '%s' is empty", name) } if invalidChars.MatchString(name) { return status.Errorf(codes.InvalidArgument, "group '%s' contains invalid characters", name) } + if len(n) > 1 && unicode.IsSpace(n[0]) { + return status.Errorf(codes.InvalidArgument, "group '%s' contains a leading space", name) + } + if len(n) > 1 && unicode.IsSpace(n[len(n)-1]) { + return status.Errorf(codes.InvalidArgument, "group '%s' contains a trailing space", name) + } return nil } diff --git a/pkg/apis/application/v1alpha1/types_test.go b/pkg/apis/application/v1alpha1/types_test.go index bf7cd8e85d4ce..4326aa0d841bc 100644 --- a/pkg/apis/application/v1alpha1/types_test.go +++ b/pkg/apis/application/v1alpha1/types_test.go @@ -651,6 +651,8 @@ func TestAppProject_ValidateGroupName(t *testing.T) { "my,group", "my\ngroup", "my\rgroup", + " my:group", + "my:group ", } for _, badName := range badGroupNames { p.Spec.Roles[0].Groups = []string{badName} @@ -2935,7 +2937,7 @@ func Test_validateGroupName(t *testing.T) { {"Normal group name", "foo", true}, {"Quoted with commas", "\"foo,bar,baz\"", true}, {"Quoted without commas", "\"foo\"", true}, - {"Quoted with leading and trailing whitespace", " \"foo\" ", true}, + {"Quoted with leading and trailing whitespace", " \"foo\" ", false}, {"Empty group name", "", false}, {"Empty group name with quotes", "\"\"", false}, {"Unquoted with comma", "foo,bar,baz", false}, From 5dc0266cc5bcc68c060ec085733902cd30b6c916 Mon Sep 17 00:00:00 2001 From: Alex Eftimie Date: Mon, 14 Nov 2022 14:50:05 +0100 Subject: [PATCH 047/304] chore(docs): fix build, prepare for google analytics v4 (#10850) (#11248) * fix docs build. prepare for google analytics v4 Signed-off-by: Alex Eftimie * fix build Signed-off-by: Alex Eftimie * fix build codegen check Signed-off-by: Alex Eftimie Signed-off-by: Alex Eftimie Signed-off-by: emirot --- Makefile | 4 ++-- docs/requirements.txt | 2 +- mkdocs.yml | 7 ++++--- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/Makefile b/Makefile index 329326ad360cf..b8d02762ed8f8 100644 --- a/Makefile +++ b/Makefile @@ -512,7 +512,7 @@ build-docs-local: .PHONY: build-docs build-docs: - docker run ${MKDOCS_RUN_ARGS} --rm -it -p 8000:8000 -v ${CURRENT_DIR}:/docs ${MKDOCS_DOCKER_IMAGE} build + docker run ${MKDOCS_RUN_ARGS} --rm -it -v ${CURRENT_DIR}:/docs --entrypoint "" ${MKDOCS_DOCKER_IMAGE} sh -c 'pip install -r docs/requirements.txt; mkdocs build' .PHONY: serve-docs-local serve-docs-local: @@ -520,7 +520,7 @@ serve-docs-local: .PHONY: serve-docs serve-docs: - docker run ${MKDOCS_RUN_ARGS} --rm -it -p 8000:8000 -v ${CURRENT_DIR}:/docs ${MKDOCS_DOCKER_IMAGE} serve -a 0.0.0.0:8000 + docker run ${MKDOCS_RUN_ARGS} --rm -it -p 8000:8000 -v ${CURRENT_DIR}/site:/site -w /site --entrypoint "" ${MKDOCS_DOCKER_IMAGE} python3 -m http.server --bind 0.0.0.0 8000 # Verify that kubectl can connect to your K8s cluster from Docker diff --git a/docs/requirements.txt b/docs/requirements.txt index bc395d2b3a0bd..f83fae49f0e7b 100644 --- a/docs/requirements.txt +++ b/docs/requirements.txt @@ -1,5 +1,5 @@ mkdocs==1.2.3 -mkdocs-material==7.1.7 +mkdocs-material==7.1.8 markdown_include==0.6.0 pygments==2.7.4 jinja2==3.0.3 diff --git a/mkdocs.yml b/mkdocs.yml index 053fa6370e07e..c3c294dcc3830 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -1,10 +1,11 @@ +extra: + analytics: + property: UA-105170809-2 + provider: google extra_css: - assets/versions.css extra_javascript: - assets/versions.js -google_analytics: -- UA-105170809-2 -- auto markdown_extensions: - markdown_include.include - codehilite From 085e05e5cfa91d138f3e2c2c6c6a30c3efd0e516 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 14 Nov 2022 10:22:43 -0500 Subject: [PATCH 048/304] [Bot] Update Snyk reports (#11282) Signed-off-by: CI Signed-off-by: CI Co-authored-by: CI Signed-off-by: emirot --- docs/snyk/index.md | 40 ++-- docs/snyk/master/argocd-iac-install.html | 2 +- .../master/argocd-iac-namespace-install.html | 2 +- docs/snyk/master/argocd-test.html | 2 +- .../ghcr.io_dexidp_dex_v2.35.3.html} | 10 +- docs/snyk/master/haproxy_2.6.2-alpine.html | 2 +- .../quay.io_argoproj_argocd_latest.html | 90 +------ docs/snyk/master/redis_7.0.5-alpine.html | 2 +- docs/snyk/v2.3.11/argocd-iac-install.html | 2 +- .../v2.3.11/argocd-iac-namespace-install.html | 2 +- docs/snyk/v2.3.11/argocd-test.html | 2 +- ...ghcr.io_dexidp_dex_v2.35.3-distroless.html | 2 +- docs/snyk/v2.3.11/haproxy_2.0.29-alpine.html | 2 +- ...argoproj_argocd-applicationset_v0.4.1.html | 3 +- .../quay.io_argoproj_argocd_v2.3.11.html | 16 +- docs/snyk/v2.3.11/redis_6.2.7-alpine.html | 2 +- .../argocd-iac-install.html | 2 +- .../argocd-iac-namespace-install.html | 2 +- .../{v2.4.16 => v2.4.17}/argocd-test.html | 2 +- ...ghcr.io_dexidp_dex_v2.35.3-distroless.html | 2 +- .../haproxy_2.0.29-alpine.html | 2 +- .../quay.io_argoproj_argocd_v2.4.17.html} | 226 +++++++++--------- .../redis_7.0.4-alpine.html | 2 +- .../argocd-iac-install.html | 2 +- .../argocd-iac-namespace-install.html | 2 +- docs/snyk/{v2.5.1 => v2.5.2}/argocd-test.html | 2 +- ...ghcr.io_dexidp_dex_v2.35.3-distroless.html | 2 +- .../haproxy_2.6.2-alpine.html | 2 +- .../quay.io_argoproj_argocd_v2.5.2.html} | 226 +++++++++--------- .../redis_7.0.5-alpine.html | 2 +- 30 files changed, 304 insertions(+), 353 deletions(-) rename docs/snyk/{v2.5.1/ghcr.io_dexidp_dex_v2.35.3-distroless.html => master/ghcr.io_dexidp_dex_v2.35.3.html} (97%) rename docs/snyk/{v2.4.16 => v2.4.17}/argocd-iac-install.html (99%) rename docs/snyk/{v2.4.16 => v2.4.17}/argocd-iac-namespace-install.html (99%) rename docs/snyk/{v2.4.16 => v2.4.17}/argocd-test.html (99%) rename docs/snyk/{master => v2.4.17}/ghcr.io_dexidp_dex_v2.35.3-distroless.html (99%) rename docs/snyk/{v2.4.16 => v2.4.17}/haproxy_2.0.29-alpine.html (99%) rename docs/snyk/{v2.4.16/quay.io_argoproj_argocd_v2.4.16.html => v2.4.17/quay.io_argoproj_argocd_v2.4.17.html} (96%) rename docs/snyk/{v2.4.16 => v2.4.17}/redis_7.0.4-alpine.html (99%) rename docs/snyk/{v2.5.1 => v2.5.2}/argocd-iac-install.html (99%) rename docs/snyk/{v2.5.1 => v2.5.2}/argocd-iac-namespace-install.html (99%) rename docs/snyk/{v2.5.1 => v2.5.2}/argocd-test.html (99%) rename docs/snyk/{v2.4.16 => v2.5.2}/ghcr.io_dexidp_dex_v2.35.3-distroless.html (99%) rename docs/snyk/{v2.5.1 => v2.5.2}/haproxy_2.6.2-alpine.html (99%) rename docs/snyk/{v2.5.1/quay.io_argoproj_argocd_v2.5.1.html => v2.5.2/quay.io_argoproj_argocd_v2.5.2.html} (96%) rename docs/snyk/{v2.5.1 => v2.5.2}/redis_7.0.5-alpine.html (99%) diff --git a/docs/snyk/index.md b/docs/snyk/index.md index c44697e6dd7d8..916d948f27c85 100644 --- a/docs/snyk/index.md +++ b/docs/snyk/index.md @@ -15,38 +15,38 @@ recent minor releases. |---:|:--------:|:----:|:------:|:---:| | [go.mod](master/argocd-test.html) | 0 | 0 | 2 | 0 | | [ui/yarn.lock](master/argocd-test.html) | 0 | 0 | 3 | 0 | -| [dex:v2.35.3-distroless](master/ghcr.io_dexidp_dex_v2.35.3-distroless.html) | 0 | 0 | 0 | 0 | +| [dex:v2.35.3](master/ghcr.io_dexidp_dex_v2.35.3.html) | 0 | 0 | 0 | 0 | | [haproxy:2.6.2-alpine](master/haproxy_2.6.2-alpine.html) | 0 | 0 | 0 | 0 | -| [argocd:latest](master/quay.io_argoproj_argocd_latest.html) | 0 | 0 | 4 | 12 | +| [argocd:latest](master/quay.io_argoproj_argocd_latest.html) | 0 | 0 | 3 | 12 | | [redis:7.0.5-alpine](master/redis_7.0.5-alpine.html) | 0 | 0 | 0 | 0 | | [install.yaml](master/argocd-iac-install.html) | - | - | - | - | | [namespace-install.yaml](master/argocd-iac-namespace-install.html) | - | - | - | - | -### v2.5.1 +### v2.5.2 | | Critical | High | Medium | Low | |---:|:--------:|:----:|:------:|:---:| -| [go.mod](v2.5.1/argocd-test.html) | 0 | 0 | 2 | 0 | -| [ui/yarn.lock](v2.5.1/argocd-test.html) | 0 | 0 | 3 | 0 | -| [dex:v2.35.3-distroless](v2.5.1/ghcr.io_dexidp_dex_v2.35.3-distroless.html) | 0 | 0 | 0 | 0 | -| [haproxy:2.6.2-alpine](v2.5.1/haproxy_2.6.2-alpine.html) | 0 | 0 | 0 | 0 | -| [argocd:v2.5.1](v2.5.1/quay.io_argoproj_argocd_v2.5.1.html) | 0 | 0 | 4 | 12 | -| [redis:7.0.5-alpine](v2.5.1/redis_7.0.5-alpine.html) | 0 | 0 | 0 | 0 | -| [install.yaml](v2.5.1/argocd-iac-install.html) | - | - | - | - | -| [namespace-install.yaml](v2.5.1/argocd-iac-namespace-install.html) | - | - | - | - | +| [go.mod](v2.5.2/argocd-test.html) | 0 | 0 | 2 | 0 | +| [ui/yarn.lock](v2.5.2/argocd-test.html) | 0 | 0 | 3 | 0 | +| [dex:v2.35.3-distroless](v2.5.2/ghcr.io_dexidp_dex_v2.35.3-distroless.html) | 0 | 0 | 0 | 0 | +| [haproxy:2.6.2-alpine](v2.5.2/haproxy_2.6.2-alpine.html) | 0 | 0 | 0 | 0 | +| [argocd:v2.5.2](v2.5.2/quay.io_argoproj_argocd_v2.5.2.html) | 0 | 0 | 4 | 12 | +| [redis:7.0.5-alpine](v2.5.2/redis_7.0.5-alpine.html) | 0 | 0 | 0 | 0 | +| [install.yaml](v2.5.2/argocd-iac-install.html) | - | - | - | - | +| [namespace-install.yaml](v2.5.2/argocd-iac-namespace-install.html) | - | - | - | - | -### v2.4.16 +### v2.4.17 | | Critical | High | Medium | Low | |---:|:--------:|:----:|:------:|:---:| -| [go.mod](v2.4.16/argocd-test.html) | 0 | 0 | 3 | 0 | -| [ui/yarn.lock](v2.4.16/argocd-test.html) | 0 | 0 | 3 | 0 | -| [dex:v2.35.3-distroless](v2.4.16/ghcr.io_dexidp_dex_v2.35.3-distroless.html) | 0 | 0 | 0 | 0 | -| [haproxy:2.0.29-alpine](v2.4.16/haproxy_2.0.29-alpine.html) | 0 | 0 | 0 | 0 | -| [argocd:v2.4.16](v2.4.16/quay.io_argoproj_argocd_v2.4.16.html) | 0 | 0 | 4 | 12 | -| [redis:7.0.4-alpine](v2.4.16/redis_7.0.4-alpine.html) | 0 | 0 | 0 | 0 | -| [install.yaml](v2.4.16/argocd-iac-install.html) | - | - | - | - | -| [namespace-install.yaml](v2.4.16/argocd-iac-namespace-install.html) | - | - | - | - | +| [go.mod](v2.4.17/argocd-test.html) | 0 | 0 | 3 | 0 | +| [ui/yarn.lock](v2.4.17/argocd-test.html) | 0 | 0 | 3 | 0 | +| [dex:v2.35.3-distroless](v2.4.17/ghcr.io_dexidp_dex_v2.35.3-distroless.html) | 0 | 0 | 0 | 0 | +| [haproxy:2.0.29-alpine](v2.4.17/haproxy_2.0.29-alpine.html) | 0 | 0 | 0 | 0 | +| [argocd:v2.4.17](v2.4.17/quay.io_argoproj_argocd_v2.4.17.html) | 0 | 0 | 4 | 12 | +| [redis:7.0.4-alpine](v2.4.17/redis_7.0.4-alpine.html) | 0 | 0 | 0 | 0 | +| [install.yaml](v2.4.17/argocd-iac-install.html) | - | - | - | - | +| [namespace-install.yaml](v2.4.17/argocd-iac-namespace-install.html) | - | - | - | - | ### v2.3.11 diff --git a/docs/snyk/master/argocd-iac-install.html b/docs/snyk/master/argocd-iac-install.html index 8043933e133dd..3e0e632af9b68 100644 --- a/docs/snyk/master/argocd-iac-install.html +++ b/docs/snyk/master/argocd-iac-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 6th 2022, 12:20:07 am

    +

    November 13th 2022, 12:17:45 am

    Scanned the following path: diff --git a/docs/snyk/master/argocd-iac-namespace-install.html b/docs/snyk/master/argocd-iac-namespace-install.html index 0e165bfbce413..8e3f1d3f9495d 100644 --- a/docs/snyk/master/argocd-iac-namespace-install.html +++ b/docs/snyk/master/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 6th 2022, 12:20:18 am

    +

    November 13th 2022, 12:17:56 am

    Scanned the following path: diff --git a/docs/snyk/master/argocd-test.html b/docs/snyk/master/argocd-test.html index 7c660cdef27f4..282bceea72a39 100644 --- a/docs/snyk/master/argocd-test.html +++ b/docs/snyk/master/argocd-test.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 6th 2022, 12:18:17 am

    +

    November 13th 2022, 12:15:47 am

    Scanned the following paths: diff --git a/docs/snyk/v2.5.1/ghcr.io_dexidp_dex_v2.35.3-distroless.html b/docs/snyk/master/ghcr.io_dexidp_dex_v2.35.3.html similarity index 97% rename from docs/snyk/v2.5.1/ghcr.io_dexidp_dex_v2.35.3-distroless.html rename to docs/snyk/master/ghcr.io_dexidp_dex_v2.35.3.html index 8156e01398975..974273e70c53c 100644 --- a/docs/snyk/v2.5.1/ghcr.io_dexidp_dex_v2.35.3-distroless.html +++ b/docs/snyk/master/ghcr.io_dexidp_dex_v2.35.3.html @@ -456,19 +456,19 @@

    Snyk test report

    -

    November 6th 2022, 12:20:35 am

    +

    November 13th 2022, 12:15:59 am

    Scanned the following path:
      -
    • ghcr.io/dexidp/dex:v2.35.3-distroless/dexidp/dex (deb)
      • +
    • ghcr.io/dexidp/dex:v2.35.3/dexidp/dex (apk)
    0 known vulnerabilities
    0 vulnerable dependency paths
    -
    3 dependencies
    +
    14 dependencies
    @@ -477,8 +477,8 @@

    Snyk test report

    Project docker-image|quay.io/argoproj/argocd
    Path quay.io/argoproj/argocd:v2.5.0-rc3/argoproj/argocd
    Path quay.io/argoproj/argocd:v2.5.1/argoproj/argocd
    Package Manager deb
    Manifest Dockerfile
    - - + +
    Project docker-image|ghcr.io/dexidp/dex
    Path ghcr.io/dexidp/dex:v2.35.3-distroless/dexidp/dex
    Package Manager deb
    Path ghcr.io/dexidp/dex:v2.35.3/dexidp/dex
    Package Manager apk
    diff --git a/docs/snyk/master/haproxy_2.6.2-alpine.html b/docs/snyk/master/haproxy_2.6.2-alpine.html index 81eb578252c69..c0e541a739992 100644 --- a/docs/snyk/master/haproxy_2.6.2-alpine.html +++ b/docs/snyk/master/haproxy_2.6.2-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 6th 2022, 12:18:33 am

    +

    November 13th 2022, 12:16:05 am

    Scanned the following path: diff --git a/docs/snyk/master/quay.io_argoproj_argocd_latest.html b/docs/snyk/master/quay.io_argoproj_argocd_latest.html index becab4fa5848e..0d989f03ee144 100644 --- a/docs/snyk/master/quay.io_argoproj_argocd_latest.html +++ b/docs/snyk/master/quay.io_argoproj_argocd_latest.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 6th 2022, 12:18:55 am

    +

    November 13th 2022, 12:16:28 am

    Scanned the following path: @@ -466,8 +466,8 @@

    Snyk test report

    -
    16 known vulnerabilities
    -
    87 vulnerable dependency paths
    +
    15 known vulnerabilities
    +
    86 vulnerable dependency paths
    162 dependencies
    @@ -559,7 +559,7 @@

    References

    -

    CVE-2022-3821

    +

    Off-by-one Error

    @@ -708,12 +708,17 @@

    Detailed paths

    NVD Description

    -

    This vulnerability has not been analyzed by NVD yet.

    +

    Note: Versions mentioned in the description apply to the upstream systemd package.

    +

    An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.

    Remediation

    There is no fixed version for Ubuntu:22.04 systemd.

    References

    @@ -722,79 +727,6 @@

    References

    More about this vulnerability

    -
    -
    -

    Improper Validation of Array Index

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - sqlite3/libsqlite3-0 -
      • - -
    • Introduced through: - - - docker-image|quay.io/argoproj/argocd@latest, gnupg2/gpg@2.2.27-3ubuntu2.1 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - sqlite3/libsqlite3-0@3.37.2-2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply to the upstream sqlite3 package.

    -

    SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 sqlite3.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    -

    CVE-2022-3715

    diff --git a/docs/snyk/master/redis_7.0.5-alpine.html b/docs/snyk/master/redis_7.0.5-alpine.html index c72a9561a361b..7cc0ced083e09 100644 --- a/docs/snyk/master/redis_7.0.5-alpine.html +++ b/docs/snyk/master/redis_7.0.5-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 6th 2022, 12:19:00 am

    +

    November 13th 2022, 12:16:34 am

    Scanned the following path: diff --git a/docs/snyk/v2.3.11/argocd-iac-install.html b/docs/snyk/v2.3.11/argocd-iac-install.html index 2e3cb1be8f46e..652a7facdcb77 100644 --- a/docs/snyk/v2.3.11/argocd-iac-install.html +++ b/docs/snyk/v2.3.11/argocd-iac-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 6th 2022, 12:26:48 am

    +

    November 13th 2022, 12:24:38 am

    Scanned the following path: diff --git a/docs/snyk/v2.3.11/argocd-iac-namespace-install.html b/docs/snyk/v2.3.11/argocd-iac-namespace-install.html index ea523157b8032..e5bda109c35e4 100644 --- a/docs/snyk/v2.3.11/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.3.11/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 6th 2022, 12:27:28 am

    +

    November 13th 2022, 12:25:19 am

    Scanned the following path: diff --git a/docs/snyk/v2.3.11/argocd-test.html b/docs/snyk/v2.3.11/argocd-test.html index ecfc60402a6b7..7ecf031ffa43c 100644 --- a/docs/snyk/v2.3.11/argocd-test.html +++ b/docs/snyk/v2.3.11/argocd-test.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 6th 2022, 12:24:52 am

    +

    November 13th 2022, 12:22:26 am

    Scanned the following paths: diff --git a/docs/snyk/v2.3.11/ghcr.io_dexidp_dex_v2.35.3-distroless.html b/docs/snyk/v2.3.11/ghcr.io_dexidp_dex_v2.35.3-distroless.html index 2940998c38028..070bb1fd51215 100644 --- a/docs/snyk/v2.3.11/ghcr.io_dexidp_dex_v2.35.3-distroless.html +++ b/docs/snyk/v2.3.11/ghcr.io_dexidp_dex_v2.35.3-distroless.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 6th 2022, 12:24:56 am

    +

    November 13th 2022, 12:22:32 am

    Scanned the following path: diff --git a/docs/snyk/v2.3.11/haproxy_2.0.29-alpine.html b/docs/snyk/v2.3.11/haproxy_2.0.29-alpine.html index 91c38b62b2dd7..29dfb20bc66d4 100644 --- a/docs/snyk/v2.3.11/haproxy_2.0.29-alpine.html +++ b/docs/snyk/v2.3.11/haproxy_2.0.29-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 6th 2022, 12:24:59 am

    +

    November 13th 2022, 12:22:35 am

    Scanned the following path: diff --git a/docs/snyk/v2.3.11/quay.io_argoproj_argocd-applicationset_v0.4.1.html b/docs/snyk/v2.3.11/quay.io_argoproj_argocd-applicationset_v0.4.1.html index e8bde259b8056..9b8b6d58f8b07 100644 --- a/docs/snyk/v2.3.11/quay.io_argoproj_argocd-applicationset_v0.4.1.html +++ b/docs/snyk/v2.3.11/quay.io_argoproj_argocd-applicationset_v0.4.1.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 6th 2022, 12:25:13 am

    +

    November 13th 2022, 12:22:50 am

    Scanned the following path: @@ -3478,6 +3478,7 @@

    References

  • FEDORA
  • FEDORA
  • CONFIRM
    • +
  • FULLDISC
    • diff --git a/docs/snyk/v2.3.11/quay.io_argoproj_argocd_v2.3.11.html b/docs/snyk/v2.3.11/quay.io_argoproj_argocd_v2.3.11.html index 9bb4fe050926a..d14288e8f68fa 100644 --- a/docs/snyk/v2.3.11/quay.io_argoproj_argocd_v2.3.11.html +++ b/docs/snyk/v2.3.11/quay.io_argoproj_argocd_v2.3.11.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 6th 2022, 12:25:43 am

    +

    November 13th 2022, 12:23:30 am

    Scanned the following path: @@ -559,7 +559,7 @@

    References

    -

    CVE-2022-3821

    +

    Off-by-one Error

    @@ -708,12 +708,17 @@

    Detailed paths

    NVD Description

    -

    This vulnerability has not been analyzed by NVD yet.

    +

    Note: Versions mentioned in the description apply to the upstream systemd package.

    +

    An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.

    Remediation

    There is no fixed version for Ubuntu:22.04 systemd.

    References

    @@ -774,10 +779,11 @@

    Detailed paths

    NVD Description

    -

    Note: Versions mentioned in the description apply to the upstream sqlite3 package.

    +

    Note: Versions mentioned in the description apply to the upstream sqlite3 package. + See How to fix? for Ubuntu:22.04 relevant versions.

    SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 sqlite3.

    +

    Upgrade Ubuntu:22.04 sqlite3 to version 3.37.2-2ubuntu0.1 or higher.

    References

    @@ -1601,6 +1605,10 @@

    References

  • MISC
  • MISC
  • MISC
    • +
  • MLIST
    • +
  • FULLDISC
    • +
  • MISC
    • +
  • CONFIRM
    • @@ -7145,6 +7153,7 @@

    References

  • MLIST
  • MLIST
  • FULLDISC
    • +
  • CONFIRM
    • diff --git a/docs/snyk/v2.3.11/quay.io_argoproj_argocd_v2.3.11.html b/docs/snyk/v2.3.11/quay.io_argoproj_argocd_v2.3.11.html index d14288e8f68fa..34bcd8e7894cc 100644 --- a/docs/snyk/v2.3.11/quay.io_argoproj_argocd_v2.3.11.html +++ b/docs/snyk/v2.3.11/quay.io_argoproj_argocd_v2.3.11.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 13th 2022, 12:23:30 am

    +

    December 11th 2022, 12:23:32 am

    Scanned the following path: @@ -466,8 +466,8 @@

    Snyk test report

    -
    16 known vulnerabilities
    -
    87 vulnerable dependency paths
    +
    18 known vulnerabilities
    +
    89 vulnerable dependency paths
    162 dependencies
    @@ -485,79 +485,6 @@

    Snyk test report

    -
    -

    CVE-2022-42800

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - zlib/zlib1g -
      • - -
    • Introduced through: - - - docker-image|quay.io/argoproj/argocd@v2.3.11, meta-common-packages@meta and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 - - meta-common-packages@meta - - zlib/zlib1g@1:1.2.11.dfsg-2ubuntu9.2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply to the upstream zlib package.

    -

    This issue was addressed with improved checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. A user may be able to cause unexpected app termination or arbitrary code execution.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 zlib.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -

    Off-by-one Error

    @@ -719,6 +646,7 @@

    References

  • MISC
  • MISC
  • MISC
    • +
  • FEDORA
    • @@ -803,7 +731,7 @@

    References

    -

    CVE-2022-3715

    +

    Use After Free

    @@ -819,13 +747,13 @@

    CVE-2022-3715

  • Vulnerable module: - bash + expat/libexpat1
  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 and bash@5.1-6ubuntu1 + docker-image|quay.io/argoproj/argocd@v2.3.11, git@1:2.34.1-1ubuntu1.5 and others
    • @@ -839,7 +767,9 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@v2.3.11 - bash@5.1-6ubuntu1 + git@1:2.34.1-1ubuntu1.5 + + expat/libexpat1@2.4.7-1 @@ -851,18 +781,181 @@

    Detailed paths

    NVD Description

    -

    This vulnerability has not been analyzed by NVD yet.

    +

    Note: Versions mentioned in the description apply to the upstream expat package. + See How to fix? for Ubuntu:22.04 relevant versions.

    +

    libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 bash.

    +

    Upgrade Ubuntu:22.04 expat to version 2.4.7-1ubuntu0.1 or higher.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    +
    + +
    +
    +

    Use After Free

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + expat/libexpat1 +
      • + +
    • Introduced through: + + + docker-image|quay.io/argoproj/argocd@v2.3.11, git@1:2.34.1-1ubuntu1.5 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.3.11 + + git@1:2.34.1-1ubuntu1.5 + + expat/libexpat1@2.4.7-1 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply to the upstream expat package. + See How to fix? for Ubuntu:22.04 relevant versions.

    +

    In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.

    +

    Remediation

    +

    Upgrade Ubuntu:22.04 expat to version 2.4.7-1ubuntu0.2 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Insufficient Verification of Data Authenticity

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + ca-certificates +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.3.11 and ca-certificates@20211016 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.3.11 + + ca-certificates@20211016 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply to the upstream ca-certificates package. + See How to fix? for Ubuntu:22.04 relevant versions.

    +

    Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion.

    +

    Remediation

    +

    Upgrade Ubuntu:22.04 ca-certificates to version 20211016ubuntu0.22.04.1 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    @@ -946,10 +1039,11 @@

    Detailed paths

    NVD Description

    -

    Note: Versions mentioned in the description apply to the upstream shadow package.

    +

    Note: Versions mentioned in the description apply to the upstream shadow package. + See How to fix? for Ubuntu:22.04 relevant versions.

    shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 shadow.

    +

    Upgrade Ubuntu:22.04 shadow to version 1:4.8.1-2ubuntu2.1 or higher.

    References

    • ADVISORY
      • @@ -2421,6 +2515,70 @@

      References

    +
    +

    CVE-2022-3715

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + bash +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.3.11 and bash@5.1-6ubuntu1 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.3.11 + + bash@5.1-6ubuntu1 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    This vulnerability has not been analyzed by NVD yet.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 bash.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    diff --git a/docs/snyk/v2.3.11/redis_6.2.7-alpine.html b/docs/snyk/v2.3.11/redis_6.2.7-alpine.html index b926ef79c70c8..35ea6a87a9e6a 100644 --- a/docs/snyk/v2.3.11/redis_6.2.7-alpine.html +++ b/docs/snyk/v2.3.11/redis_6.2.7-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 13th 2022, 12:23:36 am

    +

    December 11th 2022, 12:23:38 am

    Scanned the following path: @@ -468,7 +468,7 @@

    Snyk test report

    0 known vulnerabilities
    0 vulnerable dependency paths
    -
    17 dependencies
    +
    18 dependencies
    diff --git a/docs/snyk/v2.4.17/argocd-iac-install.html b/docs/snyk/v2.4.17/argocd-iac-install.html index c83430081f17d..ce7b3954b2ef1 100644 --- a/docs/snyk/v2.4.17/argocd-iac-install.html +++ b/docs/snyk/v2.4.17/argocd-iac-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 13th 2022, 12:22:02 am

    +

    December 11th 2022, 12:22:10 am

    Scanned the following path: @@ -500,14 +500,15 @@

    Role with dangerous permissions

  • Introduced through: [DocId: 10] - role - rules[0] resources
    • +
  • + Line number: 9063 +
    • @@ -545,14 +546,15 @@

    Role with dangerous permissions

  • Introduced through: [DocId: 11] - role - rules[4] resources
    • +
  • + Line number: 9140 +
    • @@ -590,14 +592,15 @@

    Role with dangerous permissions

  • Introduced through: [DocId: 12] - role - rules[0] resources
    • +
  • + Line number: 9168 +
    • @@ -635,14 +638,15 @@

    Role with dangerous permissions

  • Introduced through: [DocId: 13] - role - rules[3] resources
    • +
  • + Line number: 9212 +
    • @@ -680,14 +684,15 @@

    Role with dangerous permissions

  • Introduced through: [DocId: 13] - role - rules[1] resources
    • +
  • + Line number: 9194 +
    • @@ -725,14 +730,15 @@

    Role with dangerous permissions

  • Introduced through: [DocId: 14] - role - rules[0] resources
    • +
  • + Line number: 9228 +
    • diff --git a/docs/snyk/v2.4.17/argocd-iac-namespace-install.html b/docs/snyk/v2.4.17/argocd-iac-namespace-install.html index bb9b9090b9ea1..47797491c2f83 100644 --- a/docs/snyk/v2.4.17/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.4.17/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 13th 2022, 12:22:13 am

    +

    December 11th 2022, 12:22:20 am

    Scanned the following path: @@ -500,14 +500,15 @@

    Role with dangerous permissions

  • Introduced through: [DocId: 7] - role - rules[0] resources
    • +
  • + Line number: 73 +
    • @@ -545,14 +546,15 @@

    Role with dangerous permissions

  • Introduced through: [DocId: 8] - role - rules[4] resources
    • +
  • + Line number: 150 +
    • @@ -590,14 +592,15 @@

    Role with dangerous permissions

  • Introduced through: [DocId: 9] - role - rules[0] resources
    • +
  • + Line number: 178 +
    • @@ -635,14 +638,15 @@

    Role with dangerous permissions

  • Introduced through: [DocId: 10] - role - rules[3] resources
    • +
  • + Line number: 222 +
    • @@ -680,14 +684,15 @@

    Role with dangerous permissions

  • Introduced through: [DocId: 10] - role - rules[1] resources
    • +
  • + Line number: 204 +
    • @@ -725,14 +730,15 @@

    Role with dangerous permissions

  • Introduced through: [DocId: 11] - role - rules[0] resources
    • +
  • + Line number: 238 +
    • diff --git a/docs/snyk/v2.4.17/argocd-test.html b/docs/snyk/v2.4.17/argocd-test.html index 184dc371fc3a9..95ce60e321cb2 100644 --- a/docs/snyk/v2.4.17/argocd-test.html +++ b/docs/snyk/v2.4.17/argocd-test.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 13th 2022, 12:20:21 am

    +

    December 11th 2022, 12:20:28 am

    Scanned the following paths: @@ -466,8 +466,8 @@

    Snyk test report

    -
    6 known vulnerabilities
    -
    11 vulnerable dependency paths
    +
    10 known vulnerabilities
    +
    133 vulnerable dependency paths
    1648 dependencies
    @@ -476,6 +476,2371 @@

    Snyk test report

    +
    +

    Prototype Poisoning

    +
    + +
    + high severity +
    + +
    + +
      +
    • + Package Manager: npm +
      • +
    • + Vulnerable module: + + qs +
      • + +
    • Introduced through: + + + argo-cd-ui@1.0.0, superagent@3.8.3 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + argo-cd-ui@1.0.0 + + superagent@3.8.3 + + qs@6.10.1 + + + +
      • +
    • + Introduced through: + argo-cd-ui@1.0.0 + + git-url-parse@11.6.0 + + git-up@4.0.5 + + parse-url@6.0.5 + + parse-path@4.0.4 + + qs@6.10.1 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    qs is a querystring parser that supports nesting and arrays, with a depth limit.

    +

    Affected versions of this package are vulnerable to Prototype Poisoning which allows attackers to cause a Node process to hang, processing an Array object whose prototype has been replaced by one with an excessive length value.

    +

    Note: In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as a[__proto__]=b&a[__proto__]&a[length]=100000000.

    +

    Details

    +

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    +

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    +

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    +

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    +

    Two common types of DoS vulnerabilities:

    +
      +

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      +
      • +

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      +
      • +
    +

    Remediation

    +

    Upgrade qs to version 6.2.4, 6.3.3, 6.4.1, 6.5.3, 6.6.1, 6.7.3, 6.8.3, 6.9.7, 6.10.3 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Denial of Service (DoS)

    +
    + +
    + high severity +
    + +
    + +
      +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + golang.org/x/net/http2 +
      • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, k8s.io/client-go/rest@0.23.1 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/rest@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/improbable-eng/grpc-web/go/grpcweb@#16092bd1d58a + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/apimachinery/pkg/util/net@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/soheilhy/cmux@0.1.5 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/cache@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/discovery@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/dynamic@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/transport/spdy@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/pkg/kubeclientmetrics@#36c59d8fafe0 + + k8s.io/client-go/rest@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/testing@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/kubernetes@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/plugin/pkg/client/auth/azure@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/plugin/pkg/client/auth/gcp@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/plugin/pkg/client/auth/oidc@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/record@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/apimachinery/pkg/watch@0.23.1 + + k8s.io/apimachinery/pkg/util/net@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc@1.45.0 + + google.golang.org/grpc/internal/transport@1.45.0 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/kubectl/pkg/util/openapi@0.23.1 + + k8s.io/client-go/discovery@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/listers/core/v1@0.23.1 + + k8s.io/client-go/tools/cache@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/api@#567361917320 + + k8s.io/client-go/tools/cache@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/informers/core/v1@0.23.1 + + k8s.io/client-go/tools/cache@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/informers@0.23.1 + + k8s.io/client-go/tools/cache@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/clientcmd@0.23.1 + + k8s.io/client-go/tools/auth@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/controller@#567361917320 + + k8s.io/client-go/tools/cache@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/discovery/fake@0.23.1 + + k8s.io/client-go/testing@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/kubernetes/fake@0.23.1 + + k8s.io/client-go/testing@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/remotecommand@0.23.1 + + k8s.io/client-go/transport/spdy@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + + k8s.io/apimachinery/pkg/watch@0.23.1 + + k8s.io/apimachinery/pkg/util/net@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/rest@0.23.1 + + k8s.io/client-go/transport@0.23.1 + + k8s.io/apimachinery/pkg/util/net@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.3.0 + + google.golang.org/grpc@1.45.0 + + google.golang.org/grpc/internal/transport@1.45.0 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/auth@1.3.0 + + google.golang.org/grpc@1.45.0 + + google.golang.org/grpc/internal/transport@1.45.0 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/retry@1.3.0 + + google.golang.org/grpc@1.45.0 + + google.golang.org/grpc/internal/transport@1.45.0 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 + + google.golang.org/grpc@1.45.0 + + google.golang.org/grpc/internal/transport@1.45.0 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health/grpc_health_v1@1.45.0 + + google.golang.org/grpc@1.45.0 + + google.golang.org/grpc/internal/transport@1.45.0 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.3.0 + + google.golang.org/grpc@1.45.0 + + google.golang.org/grpc/internal/transport@1.45.0 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/improbable-eng/grpc-web/go/grpcweb@#16092bd1d58a + + google.golang.org/grpc@1.45.0 + + google.golang.org/grpc/internal/transport@1.45.0 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.31.0 + + google.golang.org/grpc@1.45.0 + + google.golang.org/grpc/internal/transport@1.45.0 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.6.3 + + google.golang.org/grpc@1.45.0 + + google.golang.org/grpc/internal/transport@1.45.0 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/cache@0.7.3 + + k8s.io/kubectl/pkg/util/openapi@0.23.1 + + k8s.io/client-go/discovery@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync@0.7.3 + + k8s.io/kubectl/pkg/util/openapi@0.23.1 + + k8s.io/client-go/discovery@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 + + k8s.io/kubectl/pkg/util/openapi@0.23.1 + + k8s.io/client-go/discovery@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/cmd@#567361917320 + + k8s.io/client-go/tools/clientcmd@0.23.1 + + k8s.io/client-go/tools/auth@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/kubectl/pkg/util/term@0.23.1 + + k8s.io/client-go/tools/remotecommand@0.23.1 + + k8s.io/client-go/transport/spdy@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.23.1 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + + k8s.io/apimachinery/pkg/watch@0.23.1 + + k8s.io/apimachinery/pkg/util/net@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/api/rbac/v1@0.23.1 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + + k8s.io/apimachinery/pkg/watch@0.23.1 + + k8s.io/apimachinery/pkg/util/net@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1@0.23.1 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + + k8s.io/apimachinery/pkg/watch@0.23.1 + + k8s.io/apimachinery/pkg/util/net@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/scheme@0.11.0 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + + k8s.io/apimachinery/pkg/watch@0.23.1 + + k8s.io/apimachinery/pkg/util/net@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/api/core/v1@0.23.1 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + + k8s.io/apimachinery/pkg/watch@0.23.1 + + k8s.io/apimachinery/pkg/util/net@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/apimachinery/pkg/api/errors@0.23.1 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + + k8s.io/apimachinery/pkg/watch@0.23.1 + + k8s.io/apimachinery/pkg/util/net@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/apimachinery/pkg/api/equality@0.23.1 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + + k8s.io/apimachinery/pkg/watch@0.23.1 + + k8s.io/apimachinery/pkg/util/net@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/discovery@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + k8s.io/client-go/transport@0.23.1 + + k8s.io/apimachinery/pkg/util/net@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/dynamic@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + k8s.io/client-go/transport@0.23.1 + + k8s.io/apimachinery/pkg/util/net@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/transport/spdy@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + k8s.io/client-go/transport@0.23.1 + + k8s.io/apimachinery/pkg/util/net@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/pkg/kubeclientmetrics@#36c59d8fafe0 + + k8s.io/client-go/rest@0.23.1 + + k8s.io/client-go/transport@0.23.1 + + k8s.io/apimachinery/pkg/util/net@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/testing@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + k8s.io/client-go/transport@0.23.1 + + k8s.io/apimachinery/pkg/util/net@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/kubernetes@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + k8s.io/client-go/transport@0.23.1 + + k8s.io/apimachinery/pkg/util/net@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/plugin/pkg/client/auth/azure@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + k8s.io/client-go/transport@0.23.1 + + k8s.io/apimachinery/pkg/util/net@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/plugin/pkg/client/auth/gcp@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + k8s.io/client-go/transport@0.23.1 + + k8s.io/apimachinery/pkg/util/net@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/plugin/pkg/client/auth/oidc@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + k8s.io/client-go/transport@0.23.1 + + k8s.io/apimachinery/pkg/util/net@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/reflection@1.45.0 + + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.45.0 + + google.golang.org/grpc@1.45.0 + + google.golang.org/grpc/internal/transport@1.45.0 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health@1.45.0 + + google.golang.org/grpc/health/grpc_health_v1@1.45.0 + + google.golang.org/grpc@1.45.0 + + google.golang.org/grpc/internal/transport@1.45.0 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/health@0.7.3 + + github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 + + k8s.io/kubectl/pkg/util/openapi@0.23.1 + + k8s.io/client-go/discovery@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/common@0.7.3 + + github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 + + k8s.io/kubectl/pkg/util/openapi@0.23.1 + + k8s.io/client-go/discovery@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 + + k8s.io/client-go/restmapper@0.23.1 + + k8s.io/client-go/discovery@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/envtest@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/internal/testing/controlplane@0.11.0 + + k8s.io/client-go/tools/clientcmd@0.23.1 + + k8s.io/client-go/tools/auth@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/kubectl/pkg/util/openapi@0.23.1 + + k8s.io/client-go/discovery@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + k8s.io/client-go/transport@0.23.1 + + k8s.io/apimachinery/pkg/util/net@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/apimachinery/pkg/util/managedfields@0.23.1 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.23.1 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + + k8s.io/apimachinery/pkg/watch@0.23.1 + + k8s.io/apimachinery/pkg/util/net@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/common@0.7.3 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.23.1 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + + k8s.io/apimachinery/pkg/watch@0.23.1 + + k8s.io/apimachinery/pkg/util/net@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/hook@0.7.3 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.23.1 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + + k8s.io/apimachinery/pkg/watch@0.23.1 + + k8s.io/apimachinery/pkg/util/net@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/resource@0.7.3 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.23.1 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + + k8s.io/apimachinery/pkg/watch@0.23.1 + + k8s.io/apimachinery/pkg/util/net@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/ignore@0.7.3 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.23.1 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + + k8s.io/apimachinery/pkg/watch@0.23.1 + + k8s.io/apimachinery/pkg/util/net@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@0.7.3 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.23.1 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + + k8s.io/apimachinery/pkg/watch@0.23.1 + + k8s.io/apimachinery/pkg/util/net@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/testing@0.7.3 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.23.1 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + + k8s.io/apimachinery/pkg/watch@0.23.1 + + k8s.io/apimachinery/pkg/util/net@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/record@0.23.1 + + k8s.io/client-go/tools/reference@0.23.1 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + + k8s.io/apimachinery/pkg/watch@0.23.1 + + k8s.io/apimachinery/pkg/util/net@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/cache@0.23.1 + + k8s.io/client-go/tools/pager@0.23.1 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + + k8s.io/apimachinery/pkg/watch@0.23.1 + + k8s.io/apimachinery/pkg/util/net@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.23.1 + + k8s.io/client-go/pkg/apis/clientauthentication@0.23.1 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + + k8s.io/apimachinery/pkg/watch@0.23.1 + + k8s.io/apimachinery/pkg/util/net@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/scheme@0.11.0 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + + k8s.io/apimachinery/pkg/watch@0.23.1 + + k8s.io/apimachinery/pkg/util/net@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/util/retry@0.23.1 + + k8s.io/apimachinery/pkg/api/errors@0.23.1 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + + k8s.io/apimachinery/pkg/watch@0.23.1 + + k8s.io/apimachinery/pkg/util/net@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/kubectl/pkg/util/resource@0.23.1 + + k8s.io/api/core/v1@0.23.1 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + + k8s.io/apimachinery/pkg/watch@0.23.1 + + k8s.io/apimachinery/pkg/util/net@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/health@0.7.3 + + k8s.io/kubectl/pkg/util/podutils@0.23.1 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + + k8s.io/apimachinery/pkg/watch@0.23.1 + + k8s.io/apimachinery/pkg/util/net@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/apimachinery/pkg/api/validation@0.23.1 + + k8s.io/apimachinery/pkg/apis/meta/v1/validation@0.23.1 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + + k8s.io/apimachinery/pkg/watch@0.23.1 + + k8s.io/apimachinery/pkg/util/net@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/portforward@0.23.1 + + k8s.io/api/core/v1@0.23.1 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + + k8s.io/apimachinery/pkg/watch@0.23.1 + + k8s.io/apimachinery/pkg/util/net@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/discovery/fake@0.23.1 + + k8s.io/client-go/testing@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + k8s.io/client-go/transport@0.23.1 + + k8s.io/apimachinery/pkg/util/net@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/kubernetes/fake@0.23.1 + + k8s.io/client-go/testing@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + k8s.io/client-go/transport@0.23.1 + + k8s.io/apimachinery/pkg/util/net@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/remotecommand@0.23.1 + + k8s.io/client-go/transport/spdy@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + k8s.io/client-go/transport@0.23.1 + + k8s.io/apimachinery/pkg/util/net@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.3.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.3.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags@1.3.0 + + google.golang.org/grpc@1.45.0 + + google.golang.org/grpc/internal/transport@1.45.0 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/client@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 + + k8s.io/client-go/restmapper@0.23.1 + + k8s.io/client-go/discovery@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/cache@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 + + k8s.io/client-go/restmapper@0.23.1 + + k8s.io/client-go/discovery@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/cache@0.7.3 + + k8s.io/kubectl/pkg/util/openapi@0.23.1 + + k8s.io/client-go/discovery@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + k8s.io/client-go/transport@0.23.1 + + k8s.io/apimachinery/pkg/util/net@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync@0.7.3 + + k8s.io/kubectl/pkg/util/openapi@0.23.1 + + k8s.io/client-go/discovery@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + k8s.io/client-go/transport@0.23.1 + + k8s.io/apimachinery/pkg/util/net@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 + + k8s.io/kubectl/pkg/util/openapi@0.23.1 + + k8s.io/client-go/discovery@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + k8s.io/client-go/transport@0.23.1 + + k8s.io/apimachinery/pkg/util/net@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 + + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.23.1 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.23.1 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + + k8s.io/apimachinery/pkg/watch@0.23.1 + + k8s.io/apimachinery/pkg/util/net@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/listers/core/v1@0.23.1 + + k8s.io/client-go/tools/cache@0.23.1 + + k8s.io/client-go/tools/pager@0.23.1 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + + k8s.io/apimachinery/pkg/watch@0.23.1 + + k8s.io/apimachinery/pkg/util/net@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/api@#567361917320 + + k8s.io/client-go/tools/cache@0.23.1 + + k8s.io/client-go/tools/pager@0.23.1 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + + k8s.io/apimachinery/pkg/watch@0.23.1 + + k8s.io/apimachinery/pkg/util/net@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/informers/core/v1@0.23.1 + + k8s.io/client-go/tools/cache@0.23.1 + + k8s.io/client-go/tools/pager@0.23.1 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + + k8s.io/apimachinery/pkg/watch@0.23.1 + + k8s.io/apimachinery/pkg/util/net@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/informers@0.23.1 + + k8s.io/client-go/tools/cache@0.23.1 + + k8s.io/client-go/tools/pager@0.23.1 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + + k8s.io/apimachinery/pkg/watch@0.23.1 + + k8s.io/apimachinery/pkg/util/net@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/controller@#567361917320 + + k8s.io/client-go/tools/cache@0.23.1 + + k8s.io/client-go/tools/pager@0.23.1 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + + k8s.io/apimachinery/pkg/watch@0.23.1 + + k8s.io/apimachinery/pkg/util/net@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/kubectl/pkg/util/term@0.23.1 + + k8s.io/client-go/tools/remotecommand@0.23.1 + + k8s.io/client-go/transport/spdy@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + k8s.io/client-go/transport@0.23.1 + + k8s.io/apimachinery/pkg/util/net@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/hook@0.7.3 + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@0.7.3 + + github.com/argoproj/gitops-engine/pkg/sync/common@0.7.3 + + github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 + + k8s.io/kubectl/pkg/util/openapi@0.23.1 + + k8s.io/client-go/discovery@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@0.7.3 + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@0.7.3 + + github.com/argoproj/gitops-engine/pkg/sync/common@0.7.3 + + github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 + + k8s.io/kubectl/pkg/util/openapi@0.23.1 + + k8s.io/client-go/discovery@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/manager@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/webhook@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/metrics@0.11.0 + + k8s.io/client-go/tools/cache@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/event@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/client@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 + + k8s.io/client-go/restmapper@0.23.1 + + k8s.io/client-go/discovery@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/kubernetes/scheme@0.23.1 + + k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 + + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.23.1 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.23.1 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + + k8s.io/apimachinery/pkg/watch@0.23.1 + + k8s.io/apimachinery/pkg/util/net@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/clientcmd@0.23.1 + + k8s.io/client-go/tools/clientcmd/api/latest@0.23.1 + + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.23.1 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.23.1 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + + k8s.io/apimachinery/pkg/watch@0.23.1 + + k8s.io/apimachinery/pkg/util/net@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 + + k8s.io/client-go/restmapper@0.23.1 + + k8s.io/client-go/discovery@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + k8s.io/client-go/transport@0.23.1 + + k8s.io/apimachinery/pkg/util/net@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/ignore@0.7.3 + + github.com/argoproj/gitops-engine/pkg/sync/hook@0.7.3 + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@0.7.3 + + github.com/argoproj/gitops-engine/pkg/sync/common@0.7.3 + + github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 + + k8s.io/kubectl/pkg/util/openapi@0.23.1 + + k8s.io/client-go/discovery@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/handler@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/client@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 + + k8s.io/client-go/restmapper@0.23.1 + + k8s.io/client-go/discovery@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/diff@0.7.3 + + k8s.io/client-go/kubernetes/scheme@0.23.1 + + k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 + + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.23.1 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.23.1 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + + k8s.io/apimachinery/pkg/watch@0.23.1 + + k8s.io/apimachinery/pkg/util/net@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/envtest@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/webhook/conversion@0.11.0 + + k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 + + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.23.1 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.23.1 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + + k8s.io/apimachinery/pkg/watch@0.23.1 + + k8s.io/apimachinery/pkg/util/net@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/cmd@#567361917320 + + k8s.io/client-go/tools/clientcmd@0.23.1 + + k8s.io/client-go/tools/clientcmd/api/latest@0.23.1 + + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.23.1 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.23.1 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + + k8s.io/apimachinery/pkg/watch@0.23.1 + + k8s.io/apimachinery/pkg/util/net@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/client@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 + + k8s.io/client-go/restmapper@0.23.1 + + k8s.io/client-go/discovery@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + k8s.io/client-go/transport@0.23.1 + + k8s.io/apimachinery/pkg/util/net@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/cache@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 + + k8s.io/client-go/restmapper@0.23.1 + + k8s.io/client-go/discovery@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + k8s.io/client-go/transport@0.23.1 + + k8s.io/apimachinery/pkg/util/net@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/event@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/client@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 + + k8s.io/client-go/restmapper@0.23.1 + + k8s.io/client-go/discovery@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + k8s.io/client-go/transport@0.23.1 + + k8s.io/apimachinery/pkg/util/net@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/source@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/source/internal@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/predicate@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/event@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/client@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 + + k8s.io/client-go/restmapper@0.23.1 + + k8s.io/client-go/discovery@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/handler@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/client@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 + + k8s.io/client-go/restmapper@0.23.1 + + k8s.io/client-go/discovery@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + k8s.io/client-go/transport@0.23.1 + + k8s.io/apimachinery/pkg/util/net@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/source@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/source/internal@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/predicate@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/event@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/client@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 + + k8s.io/client-go/restmapper@0.23.1 + + k8s.io/client-go/discovery@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + k8s.io/client-go/transport@0.23.1 + + k8s.io/apimachinery/pkg/util/net@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    +

    Affected versions of this package are vulnerable to Denial of Service (DoS) due to improper checks and limitations for the number of entries in the cache, which can allow an attacker to consume unbounded amounts of memory by sending a small number of very large keys.

    +

    Details

    +

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    +

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    +

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    +

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    +

    Two common types of DoS vulnerabilities:

    +
      +

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      +
      • +

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      +
      • +
    +

    Remediation

    +

    Upgrade golang.org/x/net/http2 to version 0.4.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Denial of Service (DoS)

    +
    + +
    + high severity +
    + +
    + +
      +
    • + Package Manager: npm +
      • +
    • + Vulnerable module: + + decode-uri-component +
      • + +
    • Introduced through: + + + argo-cd-ui@1.0.0, git-url-parse@11.6.0 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + argo-cd-ui@1.0.0 + + git-url-parse@11.6.0 + + git-up@4.0.5 + + parse-url@6.0.5 + + parse-path@4.0.4 + + query-string@6.14.1 + + decode-uri-component@0.2.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Denial of Service (DoS) due to improper input validation, when the hash string # kun%ea%ba%5a%ba is being parsed by decodeUriComponent.

    +

    PoC

    + 
    const decodeUriComponent = require('decode-uri-component');
+        
+        var x = decodeUriComponent('%ea%ba%5a%ba');
+        
+        console.log(x);
+
    +

    Details

    +

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    +

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    +

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    +

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    +

    Two common types of DoS vulnerabilities:

    +
      +

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      +
      • +

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      +
      • +
    +

    Remediation

    +

    Upgrade decode-uri-component to version 0.2.2 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +

    Server-side Request Forgery (SSRF)

    @@ -1113,6 +3478,111 @@

    References

    +
    +

    Insecure Randomness

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + github.com/Masterminds/goutils +
      • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, github.com/argoproj/notifications-engine/pkg/api@#567361917320 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/api@#567361917320 + + github.com/argoproj/notifications-engine/pkg/templates@#567361917320 + + github.com/Masterminds/sprig@2.22.0 + + github.com/Masterminds/goutils@1.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/cmd@#567361917320 + + github.com/argoproj/notifications-engine/pkg/api@#567361917320 + + github.com/argoproj/notifications-engine/pkg/templates@#567361917320 + + github.com/Masterminds/sprig@2.22.0 + + github.com/Masterminds/goutils@1.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/controller@#567361917320 + + github.com/argoproj/notifications-engine/pkg/api@#567361917320 + + github.com/argoproj/notifications-engine/pkg/templates@#567361917320 + + github.com/Masterminds/sprig@2.22.0 + + github.com/Masterminds/goutils@1.1.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    github.com/masterminds/goutils is a provides users with utility functions to manipulate strings in various ways.

    +

    Affected versions of this package are vulnerable to Insecure Randomness when randomly-generated alphanumeric strings contain significantly less entropy than expected, the RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9. This significantly reduces the amount of entropy in short strings generated by these functions.

    +

    Remediation

    +

    Upgrade github.com/masterminds/goutils to version 1.1.1 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    diff --git a/docs/snyk/v2.4.17/ghcr.io_dexidp_dex_v2.35.3-distroless.html b/docs/snyk/v2.4.17/ghcr.io_dexidp_dex_v2.35.3-distroless.html index eee921b8c7af6..3d49eb60e77be 100644 --- a/docs/snyk/v2.4.17/ghcr.io_dexidp_dex_v2.35.3-distroless.html +++ b/docs/snyk/v2.4.17/ghcr.io_dexidp_dex_v2.35.3-distroless.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 13th 2022, 12:20:26 am

    +

    December 11th 2022, 12:20:37 am

    Scanned the following path: diff --git a/docs/snyk/v2.4.17/haproxy_2.0.29-alpine.html b/docs/snyk/v2.4.17/haproxy_2.0.29-alpine.html index 2f3ea3addecaf..289431d7a50f2 100644 --- a/docs/snyk/v2.4.17/haproxy_2.0.29-alpine.html +++ b/docs/snyk/v2.4.17/haproxy_2.0.29-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 13th 2022, 12:20:31 am

    +

    December 11th 2022, 12:20:44 am

    Scanned the following path: diff --git a/docs/snyk/v2.4.17/quay.io_argoproj_argocd_v2.4.17.html b/docs/snyk/v2.4.17/quay.io_argoproj_argocd_v2.4.17.html index e801aebe2ab36..607324adc09de 100644 --- a/docs/snyk/v2.4.17/quay.io_argoproj_argocd_v2.4.17.html +++ b/docs/snyk/v2.4.17/quay.io_argoproj_argocd_v2.4.17.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 13th 2022, 12:20:53 am

    +

    December 11th 2022, 12:21:06 am

    Scanned the following path: @@ -466,8 +466,8 @@

    Snyk test report

    -
    16 known vulnerabilities
    -
    87 vulnerable dependency paths
    +
    18 known vulnerabilities
    +
    89 vulnerable dependency paths
    162 dependencies
    @@ -485,79 +485,6 @@

    Snyk test report

    -
    -

    CVE-2022-42800

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - zlib/zlib1g -
      • - -
    • Introduced through: - - - docker-image|quay.io/argoproj/argocd@v2.4.17, meta-common-packages@meta and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 - - meta-common-packages@meta - - zlib/zlib1g@1:1.2.11.dfsg-2ubuntu9.2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply to the upstream zlib package.

    -

    This issue was addressed with improved checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. A user may be able to cause unexpected app termination or arbitrary code execution.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 zlib.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -

    Off-by-one Error

    @@ -719,6 +646,7 @@

    References

  • MISC
  • MISC
  • MISC
    • +
  • FEDORA
    • @@ -803,7 +731,7 @@

    References

    -

    CVE-2022-3715

    +

    Use After Free

    @@ -819,13 +747,13 @@

    CVE-2022-3715

  • Vulnerable module: - bash + expat/libexpat1
  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 and bash@5.1-6ubuntu1 + docker-image|quay.io/argoproj/argocd@v2.4.17, git@1:2.34.1-1ubuntu1.5 and others
    • @@ -839,7 +767,9 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@v2.4.17 - bash@5.1-6ubuntu1 + git@1:2.34.1-1ubuntu1.5 + + expat/libexpat1@2.4.7-1 @@ -851,18 +781,181 @@

    Detailed paths

    NVD Description

    -

    This vulnerability has not been analyzed by NVD yet.

    +

    Note: Versions mentioned in the description apply to the upstream expat package. + See How to fix? for Ubuntu:22.04 relevant versions.

    +

    libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 bash.

    +

    Upgrade Ubuntu:22.04 expat to version 2.4.7-1ubuntu0.1 or higher.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    +
    + +
    +
    +

    Use After Free

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + expat/libexpat1 +
      • + +
    • Introduced through: + + + docker-image|quay.io/argoproj/argocd@v2.4.17, git@1:2.34.1-1ubuntu1.5 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.4.17 + + git@1:2.34.1-1ubuntu1.5 + + expat/libexpat1@2.4.7-1 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply to the upstream expat package. + See How to fix? for Ubuntu:22.04 relevant versions.

    +

    In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.

    +

    Remediation

    +

    Upgrade Ubuntu:22.04 expat to version 2.4.7-1ubuntu0.2 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Insufficient Verification of Data Authenticity

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + ca-certificates +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.4.17 and ca-certificates@20211016 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.4.17 + + ca-certificates@20211016 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply to the upstream ca-certificates package. + See How to fix? for Ubuntu:22.04 relevant versions.

    +

    Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion.

    +

    Remediation

    +

    Upgrade Ubuntu:22.04 ca-certificates to version 20211016ubuntu0.22.04.1 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    @@ -946,10 +1039,11 @@

    Detailed paths

    NVD Description

    -

    Note: Versions mentioned in the description apply to the upstream shadow package.

    +

    Note: Versions mentioned in the description apply to the upstream shadow package. + See How to fix? for Ubuntu:22.04 relevant versions.

    shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 shadow.

    +

    Upgrade Ubuntu:22.04 shadow to version 1:4.8.1-2ubuntu2.1 or higher.

    References

    • ADVISORY
      • @@ -2421,6 +2515,70 @@

      References

    +
    +

    CVE-2022-3715

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + bash +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.4.17 and bash@5.1-6ubuntu1 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.4.17 + + bash@5.1-6ubuntu1 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    This vulnerability has not been analyzed by NVD yet.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 bash.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    diff --git a/docs/snyk/v2.4.17/redis_7.0.4-alpine.html b/docs/snyk/v2.4.17/redis_7.0.4-alpine.html index bab2bddb8912d..291d217e31669 100644 --- a/docs/snyk/v2.4.17/redis_7.0.4-alpine.html +++ b/docs/snyk/v2.4.17/redis_7.0.4-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 13th 2022, 12:20:59 am

    +

    December 11th 2022, 12:21:12 am

    Scanned the following path: diff --git a/docs/snyk/v2.5.2/argocd-test.html b/docs/snyk/v2.5.2/argocd-test.html deleted file mode 100644 index 7aedc6758f61e..0000000000000 --- a/docs/snyk/v2.5.2/argocd-test.html +++ /dev/null @@ -1,1000 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    November 13th 2022, 12:18:10 am

    -
    -
    - Scanned the following paths: -
      -
    • /argo-cd/argoproj/argo-cd/v2 (gomodules)
    • /argo-cd (yarn)
      • -
    -
    - -
    -
    5 known vulnerabilities
    -
    9 vulnerable dependency paths
    -
    1721 dependencies
    -
    -
    -
    -
    - -
    -
    -
    -

    Server-side Request Forgery (SSRF)

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: npm -
      • -
    • - Vulnerable module: - - parse-url -
      • - -
    • Introduced through: - - - argo-cd-ui@1.0.0, git-url-parse@11.6.0 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - argo-cd-ui@1.0.0 - - git-url-parse@11.6.0 - - git-up@4.0.5 - - parse-url@6.0.5 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    parse-url is an An advanced url parser supporting git urls too.

    -

    Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) due to improper detection of protocol, resource, and pathname fields. Exploiting this vulnerability results in bypassing protocol verification.

    -

    PoC:

    - 
    import parseUrl from "parse-url";
-        import fetch from 'node-fetch';
-        var parsed=parseUrl("http://nnnn@localhost:808:/?id=xss")
-        if(parsed.resource=="localhost"){
-        console.log("internal network access is blocked")
-        }
-        else{
-           const response = await fetch('http://'+parsed.resource+parsed.pathname);
-                console.log(response)
-         }
-
    -

    Remediation

    -

    Upgrade parse-url to version 8.1.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Input Validation

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: npm -
      • -
    • - Vulnerable module: - - parse-url -
      • - -
    • Introduced through: - - - argo-cd-ui@1.0.0, git-url-parse@11.6.0 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - argo-cd-ui@1.0.0 - - git-url-parse@11.6.0 - - git-up@4.0.5 - - parse-url@6.0.5 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    parse-url is an An advanced url parser supporting git urls too.

    -

    Affected versions of this package are vulnerable to Improper Input Validation due to incorrect parsing of URLs. This allows the attacker to craft a malformed URL which can lead to a phishing attack.

    - 
    
-        const parseUrl = require("parse-url");
-        const Url = require("url");
-        
-        const express = require('express');
-        const app = express();
-        
-        var url = "https://www.google.com:x@fakesite.com:x";
-        parsed = parseUrl(url);
-        console.log("[*]`parse-url` output: ")
-        console.log(parsed);
-        
-        parsed2 = Url.parse(url);
-        console.log("[*]`url` output: ")
-        console.log(parsed2)
-        
-        app.get('/', (req, res) => {
-            if (parsed.host == "www.google.com") {
-                res.send("<a href=\'" + parsed2.href + "\'>CLICK ME!</a>")
-            }
-        })
-        
-        app.listen(8888,"0.0.0.0");
-
    -

    Remediation

    -

    Upgrade parse-url to version 8.1.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Regular Expression Denial of Service (ReDoS)

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: npm -
      • -
    • - Vulnerable module: - - minimatch -
      • - -
    • Introduced through: - - - argo-cd-ui@1.0.0, redoc@2.0.0-rc.64 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - argo-cd-ui@1.0.0 - - redoc@2.0.0-rc.64 - - @redocly/openapi-core@1.0.0-beta.82 - - minimatch@3.0.4 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    minimatch is a minimal matching utility.

    -

    Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the braceExpand function in minimatch.js.

    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.

    -

    The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.

    -

    Let’s take the following regular expression as an example:

    - 
    regex = /A(B|C+)+D/
-
    -

    This regular expression accomplishes the following:

    -
      -
    • A The string must start with the letter 'A'
      • -
    • (B|C+)+ The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the + matches one or more times). The + at the end of this section states that we can look for one or more matches of this section.
      • -
    • D Finally, we ensure this section of the string ends with a 'D'
      • -
    -

    The expression would match inputs such as ABBD, ABCCCCD, ABCBCCCD and ACCCCCD

    -

    It most cases, it doesn't take very long for a regex engine to find a match:

    - 
    $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD")'
-        0.04s user 0.01s system 95% cpu 0.052 total
-        
-        $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX")'
-        1.79s user 0.02s system 99% cpu 1.812 total
-
    -

    The entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.

    -

    Most Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as catastrophic backtracking.

    -

    Let's look at how our expression runs into this problem, using a shorter string: "ACCCX". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:

    -
      -
    1. CCC
      2. -
    2. CC+C
      3. -
    3. C+CC
      4. -
    4. C+C+C.
      5. -
    -

    The engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use RegEx 101 debugger to see the engine has to take a total of 38 steps before it can determine the string doesn't match.

    -

    From there, the number of steps the engine must use to validate a string just continues to grow.

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    StringNumber of C'sNumber of steps
    ACCCX338
    ACCCCX471
    ACCCCCX5136
    ACCCCCCCCCCCCCCX1465,553
    -

    By the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.

    -

    Remediation

    -

    Upgrade minimatch to version 3.0.5 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Input Validation

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - go.mongodb.org/mongo-driver/bson/bsonrw -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/go-openapi/runtime/middleware@0.19.4 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-openapi/runtime/middleware@0.19.4 - - github.com/go-openapi/validate@0.19.5 - - github.com/go-openapi/strfmt@0.19.3 - - go.mongodb.org/mongo-driver/bson@1.1.2 - - go.mongodb.org/mongo-driver/bson/bsonrw@1.1.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-openapi/runtime/middleware@0.19.4 - - github.com/go-openapi/validate@0.19.5 - - github.com/go-openapi/strfmt@0.19.3 - - go.mongodb.org/mongo-driver/bson@1.1.2 - - go.mongodb.org/mongo-driver/bson/bsoncodec@1.1.2 - - go.mongodb.org/mongo-driver/bson/bsonrw@1.1.2 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    go.mongodb.org/mongo-driver/bson/bsonrw is a The MongoDB supported driver for Go.

    -

    Affected versions of this package are vulnerable to Improper Input Validation. Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents.

    -

    Remediation

    -

    Upgrade go.mongodb.org/mongo-driver/bson/bsonrw to version 1.5.1 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Insecure Randomness

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - github.com/Masterminds/goutils -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/Masterminds/sprig@2.22.0 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/Masterminds/sprig@2.22.0 - - github.com/Masterminds/goutils@1.1.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#4d8552b0775f - - github.com/argoproj/notifications-engine/pkg/templates@#4d8552b0775f - - github.com/Masterminds/sprig@2.22.0 - - github.com/Masterminds/goutils@1.1.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#4d8552b0775f - - github.com/argoproj/notifications-engine/pkg/api@#4d8552b0775f - - github.com/argoproj/notifications-engine/pkg/templates@#4d8552b0775f - - github.com/Masterminds/sprig@2.22.0 - - github.com/Masterminds/goutils@1.1.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#4d8552b0775f - - github.com/argoproj/notifications-engine/pkg/api@#4d8552b0775f - - github.com/argoproj/notifications-engine/pkg/templates@#4d8552b0775f - - github.com/Masterminds/sprig@2.22.0 - - github.com/Masterminds/goutils@1.1.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    github.com/masterminds/goutils is a provides users with utility functions to manipulate strings in various ways.

    -

    Affected versions of this package are vulnerable to Insecure Randomness via the RandomAlphaNumeric(int) and CryptoRandomAlphaNumeric(int) functions. Small values of int in the functions above will return a smaller subset of results than they should. For example, RandomAlphaNumeric(1) would always return a digit in the 0-9 range, while RandomAlphaNumeric(4) return around ~7 million of the ~13M possible permutations.

    -

    Remediation

    -

    Upgrade github.com/masterminds/goutils to version 1.1.1 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -
    -
    - - - diff --git a/docs/snyk/v2.5.2/argocd-iac-install.html b/docs/snyk/v2.5.4/argocd-iac-install.html similarity index 99% rename from docs/snyk/v2.5.2/argocd-iac-install.html rename to docs/snyk/v2.5.4/argocd-iac-install.html index 1498a28d193d1..2a0c9ee17d981 100644 --- a/docs/snyk/v2.5.2/argocd-iac-install.html +++ b/docs/snyk/v2.5.4/argocd-iac-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 13th 2022, 12:19:49 am

    +

    December 11th 2022, 12:19:55 am

    Scanned the following path: @@ -500,14 +500,15 @@

    Role with dangerous permissions

  • Introduced through: [DocId: 10] - role - rules[0] resources
    • +
  • + Line number: 9318 +
    • @@ -545,14 +546,15 @@

    Role with dangerous permissions

  • Introduced through: [DocId: 11] - role - rules[4] resources
    • +
  • + Line number: 9395 +
    • @@ -590,14 +592,15 @@

    Role with dangerous permissions

  • Introduced through: [DocId: 12] - role - rules[0] resources
    • +
  • + Line number: 9423 +
    • @@ -635,14 +638,15 @@

    Role with dangerous permissions

  • Introduced through: [DocId: 13] - role - rules[3] resources
    • +
  • + Line number: 9467 +
    • @@ -680,14 +684,15 @@

    Role with dangerous permissions

  • Introduced through: [DocId: 13] - role - rules[1] resources
    • +
  • + Line number: 9449 +
    • @@ -725,14 +730,15 @@

    Role with dangerous permissions

  • Introduced through: [DocId: 14] - role - rules[0] resources
    • +
  • + Line number: 9483 +
    • diff --git a/docs/snyk/v2.5.2/argocd-iac-namespace-install.html b/docs/snyk/v2.5.4/argocd-iac-namespace-install.html similarity index 99% rename from docs/snyk/v2.5.2/argocd-iac-namespace-install.html rename to docs/snyk/v2.5.4/argocd-iac-namespace-install.html index c74fded23b2c0..cb15012bf5b04 100644 --- a/docs/snyk/v2.5.2/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.5.4/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 13th 2022, 12:20:00 am

    +

    December 11th 2022, 12:20:08 am

    Scanned the following path: @@ -500,14 +500,15 @@

    Role with dangerous permissions

  • Introduced through: [DocId: 7] - role - rules[0] resources
    • +
  • + Line number: 77 +
    • @@ -545,14 +546,15 @@

    Role with dangerous permissions

  • Introduced through: [DocId: 8] - role - rules[4] resources
    • +
  • + Line number: 154 +
    • @@ -590,14 +592,15 @@

    Role with dangerous permissions

  • Introduced through: [DocId: 9] - role - rules[0] resources
    • +
  • + Line number: 182 +
    • @@ -635,14 +638,15 @@

    Role with dangerous permissions

  • Introduced through: [DocId: 10] - role - rules[3] resources
    • +
  • + Line number: 226 +
    • @@ -680,14 +684,15 @@

    Role with dangerous permissions

  • Introduced through: [DocId: 10] - role - rules[1] resources
    • +
  • + Line number: 208 +
    • @@ -725,14 +730,15 @@

    Role with dangerous permissions

  • Introduced through: [DocId: 11] - role - rules[0] resources
    • +
  • + Line number: 242 +
    • diff --git a/docs/snyk/v2.5.4/argocd-test.html b/docs/snyk/v2.5.4/argocd-test.html new file mode 100644 index 0000000000000..4be4d1f969d5f --- /dev/null +++ b/docs/snyk/v2.5.4/argocd-test.html @@ -0,0 +1,3396 @@ + + + + + + + + + Snyk test report + + + + + + + + + +
    +
    +
    +
    + + + Snyk - Open Source Security + + + + + + + +
    +

    Snyk test report

    + +

    December 11th 2022, 12:18:12 am

    +
    +
    + Scanned the following paths: +
      +
    • /argo-cd/argoproj/argo-cd/v2 (gomodules)
    • /argo-cd (yarn)
      • +
    +
    + +
    +
    8 known vulnerabilities
    +
    131 vulnerable dependency paths
    +
    1721 dependencies
    +
    +
    +
    +
    + +
    +
    +
    +

    Prototype Poisoning

    +
    + +
    + high severity +
    + +
    + +
      +
    • + Package Manager: npm +
      • +
    • + Vulnerable module: + + qs +
      • + +
    • Introduced through: + + + argo-cd-ui@1.0.0, git-url-parse@11.6.0 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + argo-cd-ui@1.0.0 + + git-url-parse@11.6.0 + + git-up@4.0.5 + + parse-url@6.0.5 + + parse-path@4.0.4 + + qs@6.10.1 + + + +
      • +
    • + Introduced through: + argo-cd-ui@1.0.0 + + superagent@7.1.6 + + formidable@2.0.1 + + qs@6.9.3 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    qs is a querystring parser that supports nesting and arrays, with a depth limit.

    +

    Affected versions of this package are vulnerable to Prototype Poisoning which allows attackers to cause a Node process to hang, processing an Array object whose prototype has been replaced by one with an excessive length value.

    +

    Note: In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as a[__proto__]=b&a[__proto__]&a[length]=100000000.

    +

    Details

    +

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    +

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    +

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    +

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    +

    Two common types of DoS vulnerabilities:

    +
      +

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      +
      • +

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      +
      • +
    +

    Remediation

    +

    Upgrade qs to version 6.2.4, 6.3.3, 6.4.1, 6.5.3, 6.6.1, 6.7.3, 6.8.3, 6.9.7, 6.10.3 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Denial of Service (DoS)

    +
    + +
    + high severity +
    + +
    + +
      +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + golang.org/x/net/http2 +
      • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, k8s.io/client-go/rest@0.24.2 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/improbable-eng/grpc-web/go/grpcweb@#16092bd1d58a + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/soheilhy/cmux@0.1.5 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/cache@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/discovery@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/dynamic@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/transport/spdy@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/pkg/kubeclientmetrics@#36c59d8fafe0 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/testing@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/kubernetes@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/plugin/pkg/client/auth/azure@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/plugin/pkg/client/auth/gcp@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/plugin/pkg/client/auth/oidc@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/record@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/apimachinery/pkg/watch@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc@1.45.0 + + google.golang.org/grpc/internal/transport@1.45.0 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/kubectl/pkg/util/openapi@0.24.2 + + k8s.io/client-go/discovery@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/listers/core/v1@0.24.2 + + k8s.io/client-go/tools/cache@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/api@#4d8552b0775f + + k8s.io/client-go/tools/cache@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/informers/core/v1@0.24.2 + + k8s.io/client-go/tools/cache@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/informers@0.24.2 + + k8s.io/client-go/tools/cache@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/clientcmd@0.24.2 + + k8s.io/client-go/tools/auth@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/controller@#4d8552b0775f + + k8s.io/client-go/tools/cache@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/discovery/fake@0.24.2 + + k8s.io/client-go/testing@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/kubernetes/fake@0.24.2 + + k8s.io/client-go/testing@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/remotecommand@0.24.2 + + k8s.io/client-go/transport/spdy@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + + k8s.io/apimachinery/pkg/watch@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/rest@0.24.2 + + k8s.io/client-go/transport@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.3.0 + + google.golang.org/grpc@1.45.0 + + google.golang.org/grpc/internal/transport@1.45.0 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/auth@1.3.0 + + google.golang.org/grpc@1.45.0 + + google.golang.org/grpc/internal/transport@1.45.0 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/retry@1.3.0 + + google.golang.org/grpc@1.45.0 + + google.golang.org/grpc/internal/transport@1.45.0 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 + + google.golang.org/grpc@1.45.0 + + google.golang.org/grpc/internal/transport@1.45.0 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health/grpc_health_v1@1.45.0 + + google.golang.org/grpc@1.45.0 + + google.golang.org/grpc/internal/transport@1.45.0 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.3.0 + + google.golang.org/grpc@1.45.0 + + google.golang.org/grpc/internal/transport@1.45.0 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/improbable-eng/grpc-web/go/grpcweb@#16092bd1d58a + + google.golang.org/grpc@1.45.0 + + google.golang.org/grpc/internal/transport@1.45.0 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.31.0 + + google.golang.org/grpc@1.45.0 + + google.golang.org/grpc/internal/transport@1.45.0 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.6.3 + + google.golang.org/grpc@1.45.0 + + google.golang.org/grpc/internal/transport@1.45.0 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/cache@#98ccd3d43fd9 + + k8s.io/kubectl/pkg/util/openapi@0.24.2 + + k8s.io/client-go/discovery@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync@#98ccd3d43fd9 + + k8s.io/kubectl/pkg/util/openapi@0.24.2 + + k8s.io/client-go/discovery@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube@#98ccd3d43fd9 + + k8s.io/kubectl/pkg/util/openapi@0.24.2 + + k8s.io/client-go/discovery@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/cmd@#4d8552b0775f + + k8s.io/client-go/tools/clientcmd@0.24.2 + + k8s.io/client-go/tools/auth@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/kubectl/pkg/util/term@0.24.2 + + k8s.io/client-go/tools/remotecommand@0.24.2 + + k8s.io/client-go/transport/spdy@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + + k8s.io/apimachinery/pkg/watch@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/api/rbac/v1@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + + k8s.io/apimachinery/pkg/watch@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + + k8s.io/apimachinery/pkg/watch@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/api/core/v1@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + + k8s.io/apimachinery/pkg/watch@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/apimachinery/pkg/api/errors@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + + k8s.io/apimachinery/pkg/watch@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/apimachinery/pkg/api/equality@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + + k8s.io/apimachinery/pkg/watch@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/discovery@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + k8s.io/client-go/transport@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/dynamic@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + k8s.io/client-go/transport@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/transport/spdy@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + k8s.io/client-go/transport@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/pkg/kubeclientmetrics@#36c59d8fafe0 + + k8s.io/client-go/rest@0.24.2 + + k8s.io/client-go/transport@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/testing@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + k8s.io/client-go/transport@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/kubernetes@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + k8s.io/client-go/transport@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/plugin/pkg/client/auth/azure@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + k8s.io/client-go/transport@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/plugin/pkg/client/auth/gcp@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + k8s.io/client-go/transport@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/plugin/pkg/client/auth/oidc@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + k8s.io/client-go/transport@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/reflection@1.45.0 + + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.45.0 + + google.golang.org/grpc@1.45.0 + + google.golang.org/grpc/internal/transport@1.45.0 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health@1.45.0 + + google.golang.org/grpc/health/grpc_health_v1@1.45.0 + + google.golang.org/grpc@1.45.0 + + google.golang.org/grpc/internal/transport@1.45.0 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/health@#98ccd3d43fd9 + + github.com/argoproj/gitops-engine/pkg/utils/kube@#98ccd3d43fd9 + + k8s.io/kubectl/pkg/util/openapi@0.24.2 + + k8s.io/client-go/discovery@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/common@#98ccd3d43fd9 + + github.com/argoproj/gitops-engine/pkg/utils/kube@#98ccd3d43fd9 + + k8s.io/kubectl/pkg/util/openapi@0.24.2 + + k8s.io/client-go/discovery@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 + + k8s.io/client-go/restmapper@0.24.2 + + k8s.io/client-go/discovery@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/envtest@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/internal/testing/controlplane@0.11.0 + + k8s.io/client-go/tools/clientcmd@0.24.2 + + k8s.io/client-go/tools/auth@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/kubectl/pkg/util/openapi@0.24.2 + + k8s.io/client-go/discovery@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + k8s.io/client-go/transport@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/apimachinery/pkg/util/managedfields@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + + k8s.io/apimachinery/pkg/watch@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/resource@#98ccd3d43fd9 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + + k8s.io/apimachinery/pkg/watch@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/common@#98ccd3d43fd9 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + + k8s.io/apimachinery/pkg/watch@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/hook@#98ccd3d43fd9 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + + k8s.io/apimachinery/pkg/watch@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/ignore@#98ccd3d43fd9 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + + k8s.io/apimachinery/pkg/watch@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#98ccd3d43fd9 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + + k8s.io/apimachinery/pkg/watch@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/testing@#98ccd3d43fd9 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + + k8s.io/apimachinery/pkg/watch@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/record@0.24.2 + + k8s.io/client-go/tools/reference@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + + k8s.io/apimachinery/pkg/watch@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/cache@0.24.2 + + k8s.io/client-go/tools/pager@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + + k8s.io/apimachinery/pkg/watch@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.24.2 + + k8s.io/client-go/pkg/apis/clientauthentication@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + + k8s.io/apimachinery/pkg/watch@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/scheme@0.11.0 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + + k8s.io/apimachinery/pkg/watch@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/util/retry@0.24.2 + + k8s.io/apimachinery/pkg/api/errors@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + + k8s.io/apimachinery/pkg/watch@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/kubectl/pkg/util/resource@0.24.2 + + k8s.io/api/core/v1@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + + k8s.io/apimachinery/pkg/watch@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/health@#98ccd3d43fd9 + + k8s.io/kubectl/pkg/util/podutils@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + + k8s.io/apimachinery/pkg/watch@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/apimachinery/pkg/api/validation@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1/validation@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + + k8s.io/apimachinery/pkg/watch@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/portforward@0.24.2 + + k8s.io/api/core/v1@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + + k8s.io/apimachinery/pkg/watch@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/discovery/fake@0.24.2 + + k8s.io/client-go/testing@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + k8s.io/client-go/transport@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/kubernetes/fake@0.24.2 + + k8s.io/client-go/testing@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + k8s.io/client-go/transport@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/remotecommand@0.24.2 + + k8s.io/client-go/transport/spdy@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + k8s.io/client-go/transport@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.3.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.3.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags@1.3.0 + + google.golang.org/grpc@1.45.0 + + google.golang.org/grpc/internal/transport@1.45.0 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/client@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 + + k8s.io/client-go/restmapper@0.24.2 + + k8s.io/client-go/discovery@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/cache@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 + + k8s.io/client-go/restmapper@0.24.2 + + k8s.io/client-go/discovery@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/cache@#98ccd3d43fd9 + + k8s.io/kubectl/pkg/util/openapi@0.24.2 + + k8s.io/client-go/discovery@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + k8s.io/client-go/transport@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync@#98ccd3d43fd9 + + k8s.io/kubectl/pkg/util/openapi@0.24.2 + + k8s.io/client-go/discovery@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + k8s.io/client-go/transport@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube@#98ccd3d43fd9 + + k8s.io/kubectl/pkg/util/openapi@0.24.2 + + k8s.io/client-go/discovery@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + k8s.io/client-go/transport@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/apimachinery/pkg/runtime/serializer@0.24.2 + + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + + k8s.io/apimachinery/pkg/watch@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/listers/core/v1@0.24.2 + + k8s.io/client-go/tools/cache@0.24.2 + + k8s.io/client-go/tools/pager@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + + k8s.io/apimachinery/pkg/watch@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/api@#4d8552b0775f + + k8s.io/client-go/tools/cache@0.24.2 + + k8s.io/client-go/tools/pager@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + + k8s.io/apimachinery/pkg/watch@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/informers/core/v1@0.24.2 + + k8s.io/client-go/tools/cache@0.24.2 + + k8s.io/client-go/tools/pager@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + + k8s.io/apimachinery/pkg/watch@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/informers@0.24.2 + + k8s.io/client-go/tools/cache@0.24.2 + + k8s.io/client-go/tools/pager@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + + k8s.io/apimachinery/pkg/watch@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/controller@#4d8552b0775f + + k8s.io/client-go/tools/cache@0.24.2 + + k8s.io/client-go/tools/pager@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + + k8s.io/apimachinery/pkg/watch@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/kubectl/pkg/util/term@0.24.2 + + k8s.io/client-go/tools/remotecommand@0.24.2 + + k8s.io/client-go/transport/spdy@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + k8s.io/client-go/transport@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/hook@#98ccd3d43fd9 + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#98ccd3d43fd9 + + github.com/argoproj/gitops-engine/pkg/sync/common@#98ccd3d43fd9 + + github.com/argoproj/gitops-engine/pkg/utils/kube@#98ccd3d43fd9 + + k8s.io/kubectl/pkg/util/openapi@0.24.2 + + k8s.io/client-go/discovery@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#98ccd3d43fd9 + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#98ccd3d43fd9 + + github.com/argoproj/gitops-engine/pkg/sync/common@#98ccd3d43fd9 + + github.com/argoproj/gitops-engine/pkg/utils/kube@#98ccd3d43fd9 + + k8s.io/kubectl/pkg/util/openapi@0.24.2 + + k8s.io/client-go/discovery@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/manager@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/webhook@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/metrics@0.11.0 + + k8s.io/client-go/tools/cache@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/event@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/client@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 + + k8s.io/client-go/restmapper@0.24.2 + + k8s.io/client-go/discovery@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/clientcmd@0.24.2 + + k8s.io/client-go/tools/clientcmd/api/latest@0.24.2 + + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + + k8s.io/apimachinery/pkg/watch@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/kubernetes/scheme@0.24.2 + + k8s.io/apimachinery/pkg/runtime/serializer@0.24.2 + + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + + k8s.io/apimachinery/pkg/watch@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 + + k8s.io/client-go/restmapper@0.24.2 + + k8s.io/client-go/discovery@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + k8s.io/client-go/transport@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/ignore@#98ccd3d43fd9 + + github.com/argoproj/gitops-engine/pkg/sync/hook@#98ccd3d43fd9 + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#98ccd3d43fd9 + + github.com/argoproj/gitops-engine/pkg/sync/common@#98ccd3d43fd9 + + github.com/argoproj/gitops-engine/pkg/utils/kube@#98ccd3d43fd9 + + k8s.io/kubectl/pkg/util/openapi@0.24.2 + + k8s.io/client-go/discovery@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/handler@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/client@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 + + k8s.io/client-go/restmapper@0.24.2 + + k8s.io/client-go/discovery@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/diff@#98ccd3d43fd9 + + k8s.io/client-go/kubernetes/scheme@0.24.2 + + k8s.io/apimachinery/pkg/runtime/serializer@0.24.2 + + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + + k8s.io/apimachinery/pkg/watch@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/envtest@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/webhook/conversion@0.11.0 + + k8s.io/apimachinery/pkg/runtime/serializer@0.24.2 + + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + + k8s.io/apimachinery/pkg/watch@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/cmd@#4d8552b0775f + + k8s.io/client-go/tools/clientcmd@0.24.2 + + k8s.io/client-go/tools/clientcmd/api/latest@0.24.2 + + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + + k8s.io/apimachinery/pkg/watch@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#98ccd3d43fd9 + + k8s.io/kubernetes/pkg/apis/storage/install@1.24.2 + + k8s.io/kubernetes/pkg/apis/storage/v1beta1@1.24.2 + + k8s.io/kubernetes/pkg/apis/storage@1.24.2 + + k8s.io/kubernetes/pkg/apis/core@1.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + + k8s.io/apimachinery/pkg/watch@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/client@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 + + k8s.io/client-go/restmapper@0.24.2 + + k8s.io/client-go/discovery@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + k8s.io/client-go/transport@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/cache@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 + + k8s.io/client-go/restmapper@0.24.2 + + k8s.io/client-go/discovery@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + k8s.io/client-go/transport@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/event@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/client@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 + + k8s.io/client-go/restmapper@0.24.2 + + k8s.io/client-go/discovery@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + k8s.io/client-go/transport@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/source@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/source/internal@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/predicate@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/event@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/client@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 + + k8s.io/client-go/restmapper@0.24.2 + + k8s.io/client-go/discovery@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/handler@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/client@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 + + k8s.io/client-go/restmapper@0.24.2 + + k8s.io/client-go/discovery@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + k8s.io/client-go/transport@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/source@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/source/internal@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/predicate@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/event@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/client@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 + + k8s.io/client-go/restmapper@0.24.2 + + k8s.io/client-go/discovery@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + k8s.io/client-go/transport@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    +

    Affected versions of this package are vulnerable to Denial of Service (DoS) due to improper checks and limitations for the number of entries in the cache, which can allow an attacker to consume unbounded amounts of memory by sending a small number of very large keys.

    +

    Details

    +

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    +

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    +

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    +

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    +

    Two common types of DoS vulnerabilities:

    +
      +

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      +
      • +

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      +
      • +
    +

    Remediation

    +

    Upgrade golang.org/x/net/http2 to version 0.4.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Server-side Request Forgery (SSRF)

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: npm +
      • +
    • + Vulnerable module: + + parse-url +
      • + +
    • Introduced through: + + + argo-cd-ui@1.0.0, git-url-parse@11.6.0 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + argo-cd-ui@1.0.0 + + git-url-parse@11.6.0 + + git-up@4.0.5 + + parse-url@6.0.5 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    parse-url is an An advanced url parser supporting git urls too.

    +

    Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) due to improper detection of protocol, resource, and pathname fields. Exploiting this vulnerability results in bypassing protocol verification.

    +

    PoC:

    + 
    import parseUrl from "parse-url";
+        import fetch from 'node-fetch';
+        var parsed=parseUrl("http://nnnn@localhost:808:/?id=xss")
+        if(parsed.resource=="localhost"){
+        console.log("internal network access is blocked")
+        }
+        else{
+           const response = await fetch('http://'+parsed.resource+parsed.pathname);
+                console.log(response)
+         }
+
    +

    Remediation

    +

    Upgrade parse-url to version 8.1.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Improper Input Validation

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: npm +
      • +
    • + Vulnerable module: + + parse-url +
      • + +
    • Introduced through: + + + argo-cd-ui@1.0.0, git-url-parse@11.6.0 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + argo-cd-ui@1.0.0 + + git-url-parse@11.6.0 + + git-up@4.0.5 + + parse-url@6.0.5 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    parse-url is an An advanced url parser supporting git urls too.

    +

    Affected versions of this package are vulnerable to Improper Input Validation due to incorrect parsing of URLs. This allows the attacker to craft a malformed URL which can lead to a phishing attack.

    + 
    
+        const parseUrl = require("parse-url");
+        const Url = require("url");
+        
+        const express = require('express');
+        const app = express();
+        
+        var url = "https://www.google.com:x@fakesite.com:x";
+        parsed = parseUrl(url);
+        console.log("[*]`parse-url` output: ")
+        console.log(parsed);
+        
+        parsed2 = Url.parse(url);
+        console.log("[*]`url` output: ")
+        console.log(parsed2)
+        
+        app.get('/', (req, res) => {
+            if (parsed.host == "www.google.com") {
+                res.send("<a href=\'" + parsed2.href + "\'>CLICK ME!</a>")
+            }
+        })
+        
+        app.listen(8888,"0.0.0.0");
+
    +

    Remediation

    +

    Upgrade parse-url to version 8.1.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Regular Expression Denial of Service (ReDoS)

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: npm +
      • +
    • + Vulnerable module: + + minimatch +
      • + +
    • Introduced through: + + + argo-cd-ui@1.0.0, redoc@2.0.0-rc.64 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + argo-cd-ui@1.0.0 + + redoc@2.0.0-rc.64 + + @redocly/openapi-core@1.0.0-beta.82 + + minimatch@3.0.4 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    minimatch is a minimal matching utility.

    +

    Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the braceExpand function in minimatch.js.

    +

    Details

    +

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.

    +

    The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.

    +

    Let’s take the following regular expression as an example:

    + 
    regex = /A(B|C+)+D/
+
    +

    This regular expression accomplishes the following:

    +
      +
    • A The string must start with the letter 'A'
      • +
    • (B|C+)+ The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the + matches one or more times). The + at the end of this section states that we can look for one or more matches of this section.
      • +
    • D Finally, we ensure this section of the string ends with a 'D'
      • +
    +

    The expression would match inputs such as ABBD, ABCCCCD, ABCBCCCD and ACCCCCD

    +

    It most cases, it doesn't take very long for a regex engine to find a match:

    + 
    $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD")'
+        0.04s user 0.01s system 95% cpu 0.052 total
+        
+        $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX")'
+        1.79s user 0.02s system 99% cpu 1.812 total
+
    +

    The entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.

    +

    Most Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as catastrophic backtracking.

    +

    Let's look at how our expression runs into this problem, using a shorter string: "ACCCX". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:

    +
      +
    1. CCC
      2. +
    2. CC+C
      3. +
    3. C+CC
      4. +
    4. C+C+C.
      5. +
    +

    The engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use RegEx 101 debugger to see the engine has to take a total of 38 steps before it can determine the string doesn't match.

    +

    From there, the number of steps the engine must use to validate a string just continues to grow.

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    StringNumber of C'sNumber of steps
    ACCCX338
    ACCCCX471
    ACCCCCX5136
    ACCCCCCCCCCCCCCX1465,553
    +

    By the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.

    +

    Remediation

    +

    Upgrade minimatch to version 3.0.5 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Improper Input Validation

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + go.mongodb.org/mongo-driver/bson/bsonrw +
      • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, github.com/go-openapi/runtime/middleware@0.19.4 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-openapi/runtime/middleware@0.19.4 + + github.com/go-openapi/validate@0.19.5 + + github.com/go-openapi/strfmt@0.19.3 + + go.mongodb.org/mongo-driver/bson@1.1.2 + + go.mongodb.org/mongo-driver/bson/bsonrw@1.1.2 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-openapi/runtime/middleware@0.19.4 + + github.com/go-openapi/validate@0.19.5 + + github.com/go-openapi/strfmt@0.19.3 + + go.mongodb.org/mongo-driver/bson@1.1.2 + + go.mongodb.org/mongo-driver/bson/bsoncodec@1.1.2 + + go.mongodb.org/mongo-driver/bson/bsonrw@1.1.2 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    go.mongodb.org/mongo-driver/bson/bsonrw is a The MongoDB supported driver for Go.

    +

    Affected versions of this package are vulnerable to Improper Input Validation. Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents.

    +

    Remediation

    +

    Upgrade go.mongodb.org/mongo-driver/bson/bsonrw to version 1.5.1 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Insecure Randomness

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + github.com/Masterminds/goutils +
      • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, github.com/Masterminds/sprig@2.22.0 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/Masterminds/sprig@2.22.0 + + github.com/Masterminds/goutils@1.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/api@#4d8552b0775f + + github.com/argoproj/notifications-engine/pkg/templates@#4d8552b0775f + + github.com/Masterminds/sprig@2.22.0 + + github.com/Masterminds/goutils@1.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/cmd@#4d8552b0775f + + github.com/argoproj/notifications-engine/pkg/api@#4d8552b0775f + + github.com/argoproj/notifications-engine/pkg/templates@#4d8552b0775f + + github.com/Masterminds/sprig@2.22.0 + + github.com/Masterminds/goutils@1.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/controller@#4d8552b0775f + + github.com/argoproj/notifications-engine/pkg/api@#4d8552b0775f + + github.com/argoproj/notifications-engine/pkg/templates@#4d8552b0775f + + github.com/Masterminds/sprig@2.22.0 + + github.com/Masterminds/goutils@1.1.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    github.com/masterminds/goutils is a provides users with utility functions to manipulate strings in various ways.

    +

    Affected versions of this package are vulnerable to Insecure Randomness via the RandomAlphaNumeric(int) and CryptoRandomAlphaNumeric(int) functions. Small values of int in the functions above will return a smaller subset of results than they should. For example, RandomAlphaNumeric(1) would always return a digit in the 0-9 range, while RandomAlphaNumeric(4) return around ~7 million of the ~13M possible permutations.

    +

    Remediation

    +

    Upgrade github.com/masterminds/goutils to version 1.1.1 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Insecure Randomness

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + github.com/Masterminds/goutils +
      • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, github.com/Masterminds/sprig@2.22.0 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/Masterminds/sprig@2.22.0 + + github.com/Masterminds/goutils@1.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/api@#4d8552b0775f + + github.com/argoproj/notifications-engine/pkg/templates@#4d8552b0775f + + github.com/Masterminds/sprig@2.22.0 + + github.com/Masterminds/goutils@1.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/cmd@#4d8552b0775f + + github.com/argoproj/notifications-engine/pkg/api@#4d8552b0775f + + github.com/argoproj/notifications-engine/pkg/templates@#4d8552b0775f + + github.com/Masterminds/sprig@2.22.0 + + github.com/Masterminds/goutils@1.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/controller@#4d8552b0775f + + github.com/argoproj/notifications-engine/pkg/api@#4d8552b0775f + + github.com/argoproj/notifications-engine/pkg/templates@#4d8552b0775f + + github.com/Masterminds/sprig@2.22.0 + + github.com/Masterminds/goutils@1.1.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    github.com/masterminds/goutils is a provides users with utility functions to manipulate strings in various ways.

    +

    Affected versions of this package are vulnerable to Insecure Randomness when randomly-generated alphanumeric strings contain significantly less entropy than expected, the RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9. This significantly reduces the amount of entropy in short strings generated by these functions.

    +

    Remediation

    +

    Upgrade github.com/masterminds/goutils to version 1.1.1 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +
    +
    + + + diff --git a/docs/snyk/v2.5.2/ghcr.io_dexidp_dex_v2.35.3-distroless.html b/docs/snyk/v2.5.4/ghcr.io_dexidp_dex_v2.35.3.html similarity index 97% rename from docs/snyk/v2.5.2/ghcr.io_dexidp_dex_v2.35.3-distroless.html rename to docs/snyk/v2.5.4/ghcr.io_dexidp_dex_v2.35.3.html index 99b71bae68dc4..05fbac446368b 100644 --- a/docs/snyk/v2.5.2/ghcr.io_dexidp_dex_v2.35.3-distroless.html +++ b/docs/snyk/v2.5.4/ghcr.io_dexidp_dex_v2.35.3.html @@ -456,19 +456,19 @@

    Snyk test report

    -

    November 13th 2022, 12:18:18 am

    +

    December 11th 2022, 12:18:16 am

    Scanned the following path:
      -
    • ghcr.io/dexidp/dex:v2.35.3-distroless/dexidp/dex (deb)
      • +
    • ghcr.io/dexidp/dex:v2.35.3/dexidp/dex (apk)
    0 known vulnerabilities
    0 vulnerable dependency paths
    -
    3 dependencies
    +
    14 dependencies
    @@ -477,8 +477,8 @@

    Snyk test report

    - - + +
    Project docker-image|ghcr.io/dexidp/dex
    Path ghcr.io/dexidp/dex:v2.35.3-distroless/dexidp/dex
    Package Manager deb
    Path ghcr.io/dexidp/dex:v2.35.3/dexidp/dex
    Package Manager apk
    diff --git a/docs/snyk/v2.5.2/haproxy_2.6.2-alpine.html b/docs/snyk/v2.5.4/haproxy_2.6.2-alpine.html similarity index 99% rename from docs/snyk/v2.5.2/haproxy_2.6.2-alpine.html rename to docs/snyk/v2.5.4/haproxy_2.6.2-alpine.html index e5127297b1cf6..3b78fccb4f957 100644 --- a/docs/snyk/v2.5.2/haproxy_2.6.2-alpine.html +++ b/docs/snyk/v2.5.4/haproxy_2.6.2-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 13th 2022, 12:18:21 am

    +

    December 11th 2022, 12:18:19 am

    Scanned the following path: diff --git a/docs/snyk/v2.5.2/quay.io_argoproj_argocd_v2.5.2.html b/docs/snyk/v2.5.4/quay.io_argoproj_argocd_v2.5.4.html similarity index 87% rename from docs/snyk/v2.5.2/quay.io_argoproj_argocd_v2.5.2.html rename to docs/snyk/v2.5.4/quay.io_argoproj_argocd_v2.5.4.html index 1576c620cab74..4b1a61a7c71ad 100644 --- a/docs/snyk/v2.5.2/quay.io_argoproj_argocd_v2.5.2.html +++ b/docs/snyk/v2.5.4/quay.io_argoproj_argocd_v2.5.4.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,18 +456,18 @@

    Snyk test report

    -

    November 13th 2022, 12:18:41 am

    +

    December 11th 2022, 12:18:50 am

    Scanned the following path:
      -
    • quay.io/argoproj/argocd:v2.5.2/argoproj/argocd (deb)
      • +
    • quay.io/argoproj/argocd:v2.5.4/argoproj/argocd (deb)
    -
    16 known vulnerabilities
    -
    87 vulnerable dependency paths
    +
    13 known vulnerabilities
    +
    81 vulnerable dependency paths
    162 dependencies
    @@ -477,7 +477,7 @@

    Snyk test report

    - + @@ -485,79 +485,6 @@

    Snyk test report

    -
    -

    CVE-2022-42800

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - zlib/zlib1g -
      • - -
    • Introduced through: - - - docker-image|quay.io/argoproj/argocd@v2.5.2, meta-common-packages@meta and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 - - meta-common-packages@meta - - zlib/zlib1g@1:1.2.11.dfsg-2ubuntu9.2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply to the upstream zlib package.

    -

    This issue was addressed with improved checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. A user may be able to cause unexpected app termination or arbitrary code execution.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 zlib.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -

    Off-by-one Error

    @@ -580,7 +507,7 @@

    Off-by-one Error

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 and systemd/libsystemd0@249.11-0ubuntu3.6 + docker-image|quay.io/argoproj/argocd@v2.5.4 and systemd/libsystemd0@249.11-0ubuntu3.6
    • @@ -593,7 +520,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 systemd/libsystemd0@249.11-0ubuntu3.6 @@ -602,7 +529,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 apt@2.4.8 @@ -613,7 +540,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 procps/libprocps8@2:3.3.17-6ubuntu2 @@ -624,7 +551,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 util-linux@2.37.2-4ubuntu3 @@ -635,7 +562,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 util-linux/bsdutils@1:2.37.2-4ubuntu3 @@ -646,7 +573,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 apt@2.4.8 @@ -659,7 +586,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 systemd/libudev1@249.11-0ubuntu3.6 @@ -668,7 +595,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 libfido2/libfido2-1@1.10.0-1 @@ -679,7 +606,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 util-linux@2.37.2-4ubuntu3 @@ -690,7 +617,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 apt@2.4.8 @@ -719,6 +646,7 @@

      References

    • MISC
    • MISC
    • MISC
      • +
    • FEDORA
    @@ -727,245 +655,6 @@

    References

    More about this vulnerability

    -
    -
    -

    Improper Validation of Array Index

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - sqlite3/libsqlite3-0 -
      • - -
    • Introduced through: - - - docker-image|quay.io/argoproj/argocd@v2.5.2, gnupg2/gpg@2.2.27-3ubuntu2.1 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - sqlite3/libsqlite3-0@3.37.2-2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply to the upstream sqlite3 package. - See How to fix? for Ubuntu:22.04 relevant versions.

    -

    SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.

    -

    Remediation

    -

    Upgrade Ubuntu:22.04 sqlite3 to version 3.37.2-2ubuntu0.1 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2022-3715

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - bash -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.5.2 and bash@5.1-6ubuntu1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 - - bash@5.1-6ubuntu1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    This vulnerability has not been analyzed by NVD yet.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 bash.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Time-of-check Time-of-use (TOCTOU)

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - shadow/passwd -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.5.2 and shadow/passwd@1:4.8.1-2ubuntu2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 - - shadow/passwd@1:4.8.1-2ubuntu2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 - - openssh/openssh-client@1:8.9p1-3 - - shadow/passwd@1:4.8.1-2ubuntu2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 - - shadow/login@1:4.8.1-2ubuntu2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply to the upstream shadow package.

    -

    shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 shadow.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    -

    Uncontrolled Recursion

    @@ -989,7 +678,7 @@

    Uncontrolled Recursion

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 + docker-image|quay.io/argoproj/argocd@v2.5.4 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1
    • @@ -1002,7 +691,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 @@ -1011,7 +700,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 grep@3.7-1build1 @@ -1070,7 +759,7 @@

      Release of Invalid Pointer or Reference

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 and patch@2.7.6-7build2 + docker-image|quay.io/argoproj/argocd@v2.5.4 and patch@2.7.6-7build2
    @@ -1083,7 +772,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 patch@2.7.6-7build2 @@ -1136,7 +825,7 @@

      Double Free

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 and patch@2.7.6-7build2 + docker-image|quay.io/argoproj/argocd@v2.5.4 and patch@2.7.6-7build2
    @@ -1149,7 +838,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 patch@2.7.6-7build2 @@ -1207,7 +896,7 @@

      CVE-2021-41617

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 and openssh/openssh-client@1:8.9p1-3 + docker-image|quay.io/argoproj/argocd@v2.5.4 and openssh/openssh-client@1:8.9p1-3
    @@ -1220,7 +909,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 openssh/openssh-client@1:8.9p1-3 @@ -1283,7 +972,7 @@

      Information Exposure

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 and openssh/openssh-client@1:8.9p1-3 + docker-image|quay.io/argoproj/argocd@v2.5.4 and openssh/openssh-client@1:8.9p1-3
    @@ -1296,7 +985,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 openssh/openssh-client@1:8.9p1-3 @@ -1356,7 +1045,7 @@

      Out-of-bounds Read

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 and ncurses/libtinfo6@6.3-2 + docker-image|quay.io/argoproj/argocd@v2.5.4 and ncurses/libtinfo6@6.3-2
    @@ -1369,7 +1058,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 ncurses/libtinfo6@6.3-2 @@ -1378,7 +1067,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 bash@5.1-6ubuntu1 @@ -1389,7 +1078,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 ncurses/libncursesw6@6.3-2 @@ -1400,7 +1089,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 less@590-1build1 @@ -1411,7 +1100,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 libedit/libedit2@3.1-20210910-1build1 @@ -1422,7 +1111,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 ncurses/libncurses6@6.3-2 @@ -1433,7 +1122,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 ncurses/ncurses-bin@6.3-2 @@ -1444,7 +1133,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 procps@2:3.3.17-6ubuntu2 @@ -1455,7 +1144,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 util-linux@2.37.2-4ubuntu3 @@ -1466,7 +1155,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -1481,7 +1170,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -1496,7 +1185,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 ncurses/libncursesw6@6.3-2 @@ -1505,7 +1194,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 procps@2:3.3.17-6ubuntu2 @@ -1516,7 +1205,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -1531,7 +1220,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 ncurses/libncurses6@6.3-2 @@ -1540,7 +1229,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 procps@2:3.3.17-6ubuntu2 @@ -1551,7 +1240,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 ncurses/ncurses-base@6.3-2 @@ -1560,7 +1249,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 ncurses/ncurses-bin@6.3-2 @@ -1617,7 +1306,7 @@

      Integer Overflow or Wraparound

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 and krb5/libk5crypto3@1.19.2-2 + docker-image|quay.io/argoproj/argocd@v2.5.4 and krb5/libk5crypto3@1.19.2-2
    @@ -1630,7 +1319,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 krb5/libk5crypto3@1.19.2-2 @@ -1639,11 +1328,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 adduser@3.118ubuntu5 - shadow/passwd@1:4.8.1-2ubuntu2 + shadow/passwd@1:4.8.1-2ubuntu2.1 pam/libpam-modules@1.4.0-11ubuntu2 @@ -1660,11 +1349,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 adduser@3.118ubuntu5 - shadow/passwd@1:4.8.1-2ubuntu2 + shadow/passwd@1:4.8.1-2ubuntu2.1 pam/libpam-modules@1.4.0-11ubuntu2 @@ -1683,7 +1372,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 krb5/libkrb5-3@1.19.2-2 @@ -1692,11 +1381,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 adduser@3.118ubuntu5 - shadow/passwd@1:4.8.1-2ubuntu2 + shadow/passwd@1:4.8.1-2ubuntu2.1 pam/libpam-modules@1.4.0-11ubuntu2 @@ -1713,7 +1402,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 krb5/libgssapi-krb5-2@1.19.2-2 @@ -1722,7 +1411,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 openssh/openssh-client@1:8.9p1-3 @@ -1733,7 +1422,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 git@1:2.34.1-1ubuntu1.5 @@ -1746,7 +1435,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 git@1:2.34.1-1ubuntu1.5 @@ -1761,11 +1450,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 adduser@3.118ubuntu5 - shadow/passwd@1:4.8.1-2ubuntu2 + shadow/passwd@1:4.8.1-2ubuntu2.1 pam/libpam-modules@1.4.0-11ubuntu2 @@ -1780,7 +1469,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 meta-common-packages@meta @@ -1838,7 +1527,7 @@

      CVE-2022-3219

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 and gnupg2/gpgv@2.2.27-3ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.5.4 and gnupg2/gpgv@2.2.27-3ubuntu2.1
    @@ -1851,7 +1540,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -1860,7 +1549,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 apt@2.4.8 @@ -1871,7 +1560,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -1882,7 +1571,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -1893,7 +1582,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -1904,7 +1593,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -1917,7 +1606,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -1930,7 +1619,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -1939,7 +1628,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -1950,7 +1639,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -1963,7 +1652,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1 @@ -1972,7 +1661,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -1983,7 +1672,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 @@ -1992,7 +1681,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2003,7 +1692,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -2012,7 +1701,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2023,7 +1712,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2036,7 +1725,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2049,7 +1738,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 gnupg2/gpg-agent@2.2.27-3ubuntu2.1 @@ -2058,7 +1747,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2069,7 +1758,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2082,7 +1771,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2095,7 +1784,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 @@ -2104,7 +1793,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2115,7 +1804,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 @@ -2124,7 +1813,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2135,7 +1824,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 gnupg2/gpgsm@2.2.27-3ubuntu2.1 @@ -2144,7 +1833,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2155,7 +1844,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2206,7 +1895,7 @@

      Allocation of Resources Without Limits or Throttling

      Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 and glibc/libc-bin@2.35-0ubuntu3.1 + docker-image|quay.io/argoproj/argocd@v2.5.4 and glibc/libc-bin@2.35-0ubuntu3.1
    @@ -2219,7 +1908,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 glibc/libc-bin@2.35-0ubuntu3.1 @@ -2228,7 +1917,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 meta-common-packages@meta @@ -2286,7 +1975,7 @@

      Improper Input Validation

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2, git@1:2.34.1-1ubuntu1.5 and others + docker-image|quay.io/argoproj/argocd@v2.5.4, git@1:2.34.1-1ubuntu1.5 and others
    @@ -2298,7 +1987,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 git@1:2.34.1-1ubuntu1.5 @@ -2309,7 +1998,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 git@1:2.34.1-1ubuntu1.5 @@ -2318,7 +2007,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 git-lfs@3.0.2-1 @@ -2374,7 +2063,7 @@

      Improper Input Validation

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 and coreutils@8.32-4.1ubuntu1 + docker-image|quay.io/argoproj/argocd@v2.5.4 and coreutils@8.32-4.1ubuntu1
    @@ -2387,7 +2076,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.2 + docker-image|quay.io/argoproj/argocd@v2.5.4 coreutils@8.32-4.1ubuntu1 @@ -2421,6 +2110,70 @@

      References

    +
    +

    CVE-2022-3715

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + bash +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.5.4 and bash@5.1-6ubuntu1 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.4 + + bash@5.1-6ubuntu1 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    This vulnerability has not been analyzed by NVD yet.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 bash.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    diff --git a/docs/snyk/v2.5.2/redis_7.0.5-alpine.html b/docs/snyk/v2.5.4/redis_7.0.5-alpine.html similarity index 99% rename from docs/snyk/v2.5.2/redis_7.0.5-alpine.html rename to docs/snyk/v2.5.4/redis_7.0.5-alpine.html index 317ab91564871..2bd3b01d8d62a 100644 --- a/docs/snyk/v2.5.2/redis_7.0.5-alpine.html +++ b/docs/snyk/v2.5.4/redis_7.0.5-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 13th 2022, 12:18:45 am

    +

    December 11th 2022, 12:18:53 am

    Scanned the following path: @@ -468,7 +468,7 @@

    Snyk test report

    0 known vulnerabilities
    0 vulnerable dependency paths
    -
    17 dependencies
    +
    18 dependencies
    From f58eb79e8bf76f5d0ac7f85187acf750b6c13b05 Mon Sep 17 00:00:00 2001 From: Soumya Ghosh Dastidar <44349253+gdsoumya@users.noreply.github.com> Date: Tue, 13 Dec 2022 08:01:06 +0530 Subject: [PATCH 174/304] feat: show cmpv2 plugins in create app wizard (#11615) * feat: show cmpv2 plugins in create app wizard Signed-off-by: Soumya Ghosh Dastidar * fix: fixed doc formatting and sidecar plugin info Signed-off-by: Soumya Ghosh Dastidar * feat: updated plugin info Signed-off-by: Soumya Ghosh Dastidar Signed-off-by: Soumya Ghosh Dastidar Signed-off-by: emirot --- docs/user-guide/config-management-plugins.md | 103 +-- .../mocks/RepoServerServiceClient.go | 32 + reposerver/apiclient/repository.pb.go | 658 ++++++++++++++---- reposerver/repository/repository.go | 22 + reposerver/repository/repository.proto | 14 + server/server.go | 2 +- server/settings/settings.go | 36 +- 7 files changed, 688 insertions(+), 179 deletions(-) diff --git a/docs/user-guide/config-management-plugins.md b/docs/user-guide/config-management-plugins.md index c4642812b5d94..6dcbe14c7f14b 100644 --- a/docs/user-guide/config-management-plugins.md +++ b/docs/user-guide/config-management-plugins.md @@ -263,7 +263,7 @@ spec: ``` !!! note -The `discover.command` command only has access to the above environment starting with v2.4. + The `discover.command` command only has access to the above environment starting with v2.4. Before reaching the `init.command`, `generate.command`, and `discover.command` commands, Argo CD prefixes all user-supplied environment variables (#3 above) with `ARGOCD_ENV_`. This prevents users from directly setting @@ -275,36 +275,36 @@ for 2.4. 4. (Starting in v2.4) Parameters in the Application spec: - ```yaml - apiVersion: argoproj.io/v1alpha1 - kind: Application - spec: - source: - plugin: - parameters: - - name: values-files - array: [values-dev.yaml] - - name: helm-parameters - map: - image.tag: v1.2.3 - ``` - - The parameters are available as JSON in the `ARGOCD_APP_PARAMETERS` environment variable. The example above would - produce this JSON: - - ```json - [{"name": "values-files", "array": ["values-dev.yaml"]}, {"name": "helm-parameters", "map": {"image.tag": "v1.2.3"}}] - ``` - - !!! note - Parameter announcements, even if they specify defaults, are _not_ sent to the plugin in `ARGOCD_APP_PARAMETERS`. - Only parameters explicitly set in the Application spec are sent to the plugin. It is up to the plugin to apply - the same defaults as the ones announced to the UI. - - The same parameters are also available as individual environment variables. The names of the environment variables - follows this convention: - - ```yaml +```yaml +apiVersion: argoproj.io/v1alpha1 +kind: Application +spec: + source: + plugin: + parameters: + - name: values-files + array: [values-dev.yaml] + - name: helm-parameters + map: + image.tag: v1.2.3 +``` + +The parameters are available as JSON in the `ARGOCD_APP_PARAMETERS` environment variable. The example above would +produce this JSON: + +```json +[{"name": "values-files", "array": ["values-dev.yaml"]}, {"name": "helm-parameters", "map": {"image.tag": "v1.2.3"}}] +``` + +!!! note + Parameter announcements, even if they specify defaults, are _not_ sent to the plugin in `ARGOCD_APP_PARAMETERS`. + Only parameters explicitly set in the Application spec are sent to the plugin. It is up to the plugin to apply + the same defaults as the ones announced to the UI. + +The same parameters are also available as individual environment variables. The names of the environment variables +follows this convention: + +```yaml - name: some-string-param string: some-string-value # PARAM_SOME_STRING_PARAM=some-string-value @@ -318,11 +318,11 @@ for 2.4. map: image.tag: v1.2.3 # PARAM_SOME_MAP_PARAM_IMAGE_TAG=v1.2.3 - ``` +``` -!!! warning Sanitize/escape user input -As part of Argo CD's manifest generation system, config management plugins are treated with a level of trust. Be -sure to escape user input in your plugin to prevent malicious input from causing unwanted behavior. +!!! warning + Sanitize/escape user input. As part of Argo CD's manifest generation system, config management plugins are treated with a level of trust. Be + sure to escape user input in your plugin to prevent malicious input from causing unwanted behavior. ## Using a config management plugin with an Application @@ -446,9 +446,9 @@ spec: args: ["sample args"] ``` -!!!note -The `lockRepo` key is not relevant for sidecar plugins, because sidecar plugins do not share a single source repo -directory when generating manifests. +!!! note + The `lockRepo` key is not relevant for sidecar plugins, because sidecar plugins do not share a single source repo + directory when generating manifests. ### 2. Write discovery rules for your plugin @@ -457,20 +457,21 @@ Sidecar plugins use discovery rules instead of a plugin name to match Applicatio Write rules applicable to your plugin [using the instructions above](#1-write-the-plugin-configuration-file) and add them to your configuration file. -!!!important -After installing your sidecar plugin, you'll need to remove the `name` field from the plugin config in your -Application specs. For example: +!!! note + After installing your sidecar plugin, you may remove the `name` field from the plugin config in your + Application specs for auto-discovery or update the name to `-` + if version was mentioned in the `ConfigManagementPlugin` spec or else just use ``. For example: - ```yaml - apiVersion: argoproj.io/v1alpha1 - kind: Application - metadata: - name: guestbook - spec: - source: - plugin: - name: pluginName # Delete this (and set `plugin: {}` if `name` was the only value). - ``` +```yaml +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: guestbook +spec: + source: + plugin: + name: pluginName # Delete this for auto-discovery (and set `plugin: {}` if `name` was the only value) or use proper sidecar plugin name +``` ### 3. Make sure the plugin has access to the tools it needs diff --git a/reposerver/apiclient/mocks/RepoServerServiceClient.go b/reposerver/apiclient/mocks/RepoServerServiceClient.go index d84edf791147c..fa8a8f295a2fe 100644 --- a/reposerver/apiclient/mocks/RepoServerServiceClient.go +++ b/reposerver/apiclient/mocks/RepoServerServiceClient.go @@ -7,6 +7,8 @@ import ( apiclient "github.com/argoproj/argo-cd/v2/reposerver/apiclient" + emptypb "google.golang.org/protobuf/types/known/emptypb" + grpc "google.golang.org/grpc" mock "github.com/stretchr/testify/mock" @@ -199,6 +201,36 @@ func (_m *RepoServerServiceClient) ListApps(ctx context.Context, in *apiclient.L return r0, r1 } +// ListPlugins provides a mock function with given fields: ctx, in, opts +func (_m *RepoServerServiceClient) ListPlugins(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*apiclient.PluginList, error) { + _va := make([]interface{}, len(opts)) + for _i := range opts { + _va[_i] = opts[_i] + } + var _ca []interface{} + _ca = append(_ca, ctx, in) + _ca = append(_ca, _va...) + ret := _m.Called(_ca...) + + var r0 *apiclient.PluginList + if rf, ok := ret.Get(0).(func(context.Context, *emptypb.Empty, ...grpc.CallOption) *apiclient.PluginList); ok { + r0 = rf(ctx, in, opts...) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*apiclient.PluginList) + } + } + + var r1 error + if rf, ok := ret.Get(1).(func(context.Context, *emptypb.Empty, ...grpc.CallOption) error); ok { + r1 = rf(ctx, in, opts...) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + // ListRefs provides a mock function with given fields: ctx, in, opts func (_m *RepoServerServiceClient) ListRefs(ctx context.Context, in *apiclient.ListRefsRequest, opts ...grpc.CallOption) (*apiclient.Refs, error) { _va := make([]interface{}, len(opts)) diff --git a/reposerver/apiclient/repository.pb.go b/reposerver/apiclient/repository.pb.go index 4c866ac54793f..83f0a12ae8bfa 100644 --- a/reposerver/apiclient/repository.pb.go +++ b/reposerver/apiclient/repository.pb.go @@ -11,6 +11,7 @@ import ( grpc "google.golang.org/grpc" codes "google.golang.org/grpc/codes" status "google.golang.org/grpc/status" + emptypb "google.golang.org/protobuf/types/known/emptypb" io "io" math "math" math_bits "math/bits" @@ -941,6 +942,101 @@ func (m *AppList) GetApps() map[string]string { return nil } +type PluginInfo struct { + Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *PluginInfo) Reset() { *m = PluginInfo{} } +func (m *PluginInfo) String() string { return proto.CompactTextString(m) } +func (*PluginInfo) ProtoMessage() {} +func (*PluginInfo) Descriptor() ([]byte, []int) { + return fileDescriptor_dd8723cfcc820480, []int{13} +} +func (m *PluginInfo) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *PluginInfo) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_PluginInfo.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *PluginInfo) XXX_Merge(src proto.Message) { + xxx_messageInfo_PluginInfo.Merge(m, src) +} +func (m *PluginInfo) XXX_Size() int { + return m.Size() +} +func (m *PluginInfo) XXX_DiscardUnknown() { + xxx_messageInfo_PluginInfo.DiscardUnknown(m) +} + +var xxx_messageInfo_PluginInfo proto.InternalMessageInfo + +func (m *PluginInfo) GetName() string { + if m != nil { + return m.Name + } + return "" +} + +// PluginList returns the list of all cmp v2 plugins running as sidecars +type PluginList struct { + Items []*PluginInfo `protobuf:"bytes,1,rep,name=items,proto3" json:"items,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *PluginList) Reset() { *m = PluginList{} } +func (m *PluginList) String() string { return proto.CompactTextString(m) } +func (*PluginList) ProtoMessage() {} +func (*PluginList) Descriptor() ([]byte, []int) { + return fileDescriptor_dd8723cfcc820480, []int{14} +} +func (m *PluginList) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *PluginList) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_PluginList.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *PluginList) XXX_Merge(src proto.Message) { + xxx_messageInfo_PluginList.Merge(m, src) +} +func (m *PluginList) XXX_Size() int { + return m.Size() +} +func (m *PluginList) XXX_DiscardUnknown() { + xxx_messageInfo_PluginList.DiscardUnknown(m) +} + +var xxx_messageInfo_PluginList proto.InternalMessageInfo + +func (m *PluginList) GetItems() []*PluginInfo { + if m != nil { + return m.Items + } + return nil +} + // RepoServerAppDetailsQuery contains query information for app details request type RepoServerAppDetailsQuery struct { Repo *v1alpha1.Repository `protobuf:"bytes,1,opt,name=repo,proto3" json:"repo,omitempty"` @@ -962,7 +1058,7 @@ func (m *RepoServerAppDetailsQuery) Reset() { *m = RepoServerAppDetailsQ func (m *RepoServerAppDetailsQuery) String() string { return proto.CompactTextString(m) } func (*RepoServerAppDetailsQuery) ProtoMessage() {} func (*RepoServerAppDetailsQuery) Descriptor() ([]byte, []int) { - return fileDescriptor_dd8723cfcc820480, []int{13} + return fileDescriptor_dd8723cfcc820480, []int{15} } func (m *RepoServerAppDetailsQuery) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1077,7 +1173,7 @@ func (m *RepoAppDetailsResponse) Reset() { *m = RepoAppDetailsResponse{} func (m *RepoAppDetailsResponse) String() string { return proto.CompactTextString(m) } func (*RepoAppDetailsResponse) ProtoMessage() {} func (*RepoAppDetailsResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_dd8723cfcc820480, []int{14} + return fileDescriptor_dd8723cfcc820480, []int{16} } func (m *RepoAppDetailsResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1157,7 +1253,7 @@ func (m *RepoServerRevisionMetadataRequest) Reset() { *m = RepoServerRev func (m *RepoServerRevisionMetadataRequest) String() string { return proto.CompactTextString(m) } func (*RepoServerRevisionMetadataRequest) ProtoMessage() {} func (*RepoServerRevisionMetadataRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_dd8723cfcc820480, []int{15} + return fileDescriptor_dd8723cfcc820480, []int{17} } func (m *RepoServerRevisionMetadataRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1226,7 +1322,7 @@ func (m *HelmAppSpec) Reset() { *m = HelmAppSpec{} } func (m *HelmAppSpec) String() string { return proto.CompactTextString(m) } func (*HelmAppSpec) ProtoMessage() {} func (*HelmAppSpec) Descriptor() ([]byte, []int) { - return fileDescriptor_dd8723cfcc820480, []int{16} + return fileDescriptor_dd8723cfcc820480, []int{18} } func (m *HelmAppSpec) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1303,7 +1399,7 @@ func (m *KustomizeAppSpec) Reset() { *m = KustomizeAppSpec{} } func (m *KustomizeAppSpec) String() string { return proto.CompactTextString(m) } func (*KustomizeAppSpec) ProtoMessage() {} func (*KustomizeAppSpec) Descriptor() ([]byte, []int) { - return fileDescriptor_dd8723cfcc820480, []int{17} + return fileDescriptor_dd8723cfcc820480, []int{19} } func (m *KustomizeAppSpec) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1350,7 +1446,7 @@ func (m *DirectoryAppSpec) Reset() { *m = DirectoryAppSpec{} } func (m *DirectoryAppSpec) String() string { return proto.CompactTextString(m) } func (*DirectoryAppSpec) ProtoMessage() {} func (*DirectoryAppSpec) Descriptor() ([]byte, []int) { - return fileDescriptor_dd8723cfcc820480, []int{18} + return fileDescriptor_dd8723cfcc820480, []int{20} } func (m *DirectoryAppSpec) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1410,7 +1506,7 @@ func (m *ParameterAnnouncement) Reset() { *m = ParameterAnnouncement{} } func (m *ParameterAnnouncement) String() string { return proto.CompactTextString(m) } func (*ParameterAnnouncement) ProtoMessage() {} func (*ParameterAnnouncement) Descriptor() ([]byte, []int) { - return fileDescriptor_dd8723cfcc820480, []int{19} + return fileDescriptor_dd8723cfcc820480, []int{21} } func (m *ParameterAnnouncement) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1514,7 +1610,7 @@ func (m *PluginAppSpec) Reset() { *m = PluginAppSpec{} } func (m *PluginAppSpec) String() string { return proto.CompactTextString(m) } func (*PluginAppSpec) ProtoMessage() {} func (*PluginAppSpec) Descriptor() ([]byte, []int) { - return fileDescriptor_dd8723cfcc820480, []int{20} + return fileDescriptor_dd8723cfcc820480, []int{22} } func (m *PluginAppSpec) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1561,7 +1657,7 @@ func (m *HelmChartsRequest) Reset() { *m = HelmChartsRequest{} } func (m *HelmChartsRequest) String() string { return proto.CompactTextString(m) } func (*HelmChartsRequest) ProtoMessage() {} func (*HelmChartsRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_dd8723cfcc820480, []int{21} + return fileDescriptor_dd8723cfcc820480, []int{23} } func (m *HelmChartsRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1609,7 +1705,7 @@ func (m *HelmChart) Reset() { *m = HelmChart{} } func (m *HelmChart) String() string { return proto.CompactTextString(m) } func (*HelmChart) ProtoMessage() {} func (*HelmChart) Descriptor() ([]byte, []int) { - return fileDescriptor_dd8723cfcc820480, []int{22} + return fileDescriptor_dd8723cfcc820480, []int{24} } func (m *HelmChart) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1663,7 +1759,7 @@ func (m *HelmChartsResponse) Reset() { *m = HelmChartsResponse{} } func (m *HelmChartsResponse) String() string { return proto.CompactTextString(m) } func (*HelmChartsResponse) ProtoMessage() {} func (*HelmChartsResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_dd8723cfcc820480, []int{23} + return fileDescriptor_dd8723cfcc820480, []int{25} } func (m *HelmChartsResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1716,6 +1812,8 @@ func init() { proto.RegisterMapType((map[string]bool)(nil), "repository.ListAppsRequest.EnabledSourceTypesEntry") proto.RegisterType((*AppList)(nil), "repository.AppList") proto.RegisterMapType((map[string]string)(nil), "repository.AppList.AppsEntry") + proto.RegisterType((*PluginInfo)(nil), "repository.PluginInfo") + proto.RegisterType((*PluginList)(nil), "repository.PluginList") proto.RegisterType((*RepoServerAppDetailsQuery)(nil), "repository.RepoServerAppDetailsQuery") proto.RegisterMapType((map[string]bool)(nil), "repository.RepoServerAppDetailsQuery.EnabledSourceTypesEntry") proto.RegisterType((*RepoAppDetailsResponse)(nil), "repository.RepoAppDetailsResponse") @@ -1736,115 +1834,120 @@ func init() { } var fileDescriptor_dd8723cfcc820480 = []byte{ - // 1721 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xd4, 0x59, 0x5f, 0x6f, 0x13, 0x57, - 0x16, 0x8f, 0xff, 0xc4, 0xb1, 0x8f, 0x49, 0xe2, 0x5c, 0x92, 0x30, 0x78, 0x43, 0x14, 0x66, 0x77, - 0x51, 0x16, 0x16, 0x5b, 0x09, 0x5a, 0x58, 0xc1, 0x2e, 0x92, 0x09, 0x90, 0x20, 0x08, 0xc9, 0x4e, - 0xd0, 0x56, 0xb4, 0xa8, 0xd5, 0xcd, 0xf8, 0xc6, 0xbe, 0x78, 0xfe, 0x5c, 0x66, 0xee, 0xb8, 0x32, - 0x52, 0x1f, 0x2a, 0xf5, 0x13, 0xf4, 0xa1, 0x5f, 0xa5, 0x8f, 0x7d, 0x6a, 0xc5, 0x63, 0xd5, 0x2f, - 0xd0, 0x8a, 0x97, 0x7e, 0x8d, 0xea, 0xde, 0xf9, 0xeb, 0xf1, 0x38, 0x01, 0x39, 0x04, 0xf5, 0x25, - 0x99, 0x73, 0xee, 0xf9, 0x77, 0xcf, 0x9c, 0x7b, 0xce, 0xef, 0x8e, 0xe1, 0x8a, 0x43, 0x98, 0xed, - 0x12, 0xa7, 0x4f, 0x9c, 0xa6, 0x7c, 0xa4, 0xdc, 0x76, 0x06, 0x89, 0xc7, 0x06, 0x73, 0x6c, 0x6e, - 0x23, 0x88, 0x39, 0xf5, 0x27, 0x1d, 0xca, 0xbb, 0xde, 0x61, 0x43, 0xb7, 0xcd, 0x26, 0x76, 0x3a, - 0x36, 0x73, 0xec, 0x97, 0xf2, 0xe1, 0xba, 0xde, 0x6e, 0xf6, 0x37, 0x9b, 0xac, 0xd7, 0x69, 0x62, - 0x46, 0xdd, 0x26, 0x66, 0xcc, 0xa0, 0x3a, 0xe6, 0xd4, 0xb6, 0x9a, 0xfd, 0x0d, 0x6c, 0xb0, 0x2e, - 0xde, 0x68, 0x76, 0x88, 0x45, 0x1c, 0xcc, 0x49, 0xdb, 0xb7, 0xac, 0x7e, 0x0b, 0x30, 0xbf, 0x8b, - 0x2d, 0x7a, 0x44, 0x5c, 0xae, 0x91, 0x57, 0x1e, 0x71, 0x39, 0x7a, 0x01, 0x45, 0xe1, 0x4f, 0xc9, - 0xad, 0xe5, 0xd6, 0xab, 0x9b, 0x3b, 0x8d, 0xd8, 0x61, 0x23, 0x74, 0x28, 0x1f, 0xbe, 0xd0, 0xdb, - 0x8d, 0xfe, 0x66, 0x83, 0xf5, 0x3a, 0x0d, 0xe1, 0xb0, 0x91, 0x70, 0xd8, 0x08, 0x1d, 0x36, 0xb4, - 0x28, 0x72, 0x4d, 0x5a, 0x45, 0x75, 0x28, 0x3b, 0xa4, 0x4f, 0x5d, 0x6a, 0x5b, 0x4a, 0x7e, 0x2d, - 0xb7, 0x5e, 0xd1, 0x22, 0x1a, 0x29, 0x30, 0x63, 0xd9, 0x5b, 0x58, 0xef, 0x12, 0xa5, 0xb0, 0x96, - 0x5b, 0x2f, 0x6b, 0x21, 0x89, 0xd6, 0xa0, 0x8a, 0x19, 0x7b, 0x82, 0x0f, 0x89, 0xf1, 0x98, 0x0c, - 0x94, 0xa2, 0x54, 0x4c, 0xb2, 0x84, 0x2e, 0x66, 0xec, 0x29, 0x36, 0x89, 0x32, 0x2d, 0x57, 0x43, - 0x12, 0xad, 0x40, 0xc5, 0xc2, 0x26, 0x71, 0x19, 0xd6, 0x89, 0x52, 0x96, 0x6b, 0x31, 0x03, 0x7d, - 0x05, 0x0b, 0x89, 0xc0, 0x0f, 0x6c, 0xcf, 0xd1, 0x89, 0x02, 0x72, 0xeb, 0x7b, 0x93, 0x6d, 0xbd, - 0x95, 0x36, 0xab, 0x8d, 0x7a, 0x42, 0x9f, 0xc3, 0xb4, 0x7c, 0xb9, 0x4a, 0x75, 0xad, 0x70, 0xaa, - 0xd9, 0xf6, 0xcd, 0x22, 0x0b, 0x66, 0x98, 0xe1, 0x75, 0xa8, 0xe5, 0x2a, 0xe7, 0xa4, 0x87, 0x67, - 0x93, 0x79, 0xd8, 0xb2, 0xad, 0x23, 0xda, 0xd9, 0xc5, 0x16, 0xee, 0x10, 0x93, 0x58, 0x7c, 0x5f, - 0x1a, 0xd7, 0x42, 0x27, 0xe8, 0x35, 0xd4, 0x7a, 0x9e, 0xcb, 0x6d, 0x93, 0xbe, 0x26, 0x7b, 0x4c, - 0xe8, 0xba, 0xca, 0xac, 0xcc, 0xe6, 0xd3, 0xc9, 0x1c, 0x3f, 0x4e, 0x59, 0xd5, 0x46, 0xfc, 0x88, - 0x22, 0xe9, 0x79, 0x87, 0xe4, 0xff, 0xc4, 0x91, 0xd5, 0x35, 0xe7, 0x17, 0x49, 0x82, 0xe5, 0x97, - 0x11, 0x0d, 0x28, 0x57, 0x99, 0x5f, 0x2b, 0xf8, 0x65, 0x14, 0xb1, 0xd0, 0x3a, 0xcc, 0xf7, 0x89, - 0x43, 0x8f, 0x06, 0x07, 0xb4, 0x63, 0x61, 0xee, 0x39, 0x44, 0xa9, 0xc9, 0x52, 0x4c, 0xb3, 0x91, - 0x09, 0xb3, 0x5d, 0x62, 0x98, 0x22, 0xe5, 0x5b, 0x0e, 0x69, 0xbb, 0xca, 0x82, 0xcc, 0xef, 0xf6, - 0xe4, 0x6f, 0x50, 0x9a, 0xd3, 0x86, 0xad, 0x8b, 0xc0, 0x2c, 0x5b, 0x0b, 0x4e, 0x8a, 0x7f, 0x46, - 0x90, 0x1f, 0x58, 0x8a, 0x8d, 0xae, 0xc0, 0x1c, 0x77, 0xb0, 0xde, 0xa3, 0x56, 0x67, 0x97, 0xf0, - 0xae, 0xdd, 0x56, 0xce, 0xcb, 0x4c, 0xa4, 0xb8, 0x48, 0x07, 0x44, 0x2c, 0x7c, 0x68, 0x90, 0xb6, - 0x5f, 0x8b, 0xcf, 0x06, 0x8c, 0xb8, 0xca, 0xa2, 0xdc, 0xc5, 0x8d, 0x46, 0xa2, 0x09, 0xa5, 0x1a, - 0x44, 0xe3, 0xc1, 0x88, 0xd6, 0x03, 0x8b, 0x3b, 0x03, 0x2d, 0xc3, 0x1c, 0xea, 0x41, 0x55, 0xec, - 0x23, 0x2c, 0x85, 0x25, 0x59, 0x0a, 0x8f, 0x26, 0xcb, 0xd1, 0x4e, 0x6c, 0x50, 0x4b, 0x5a, 0xaf, - 0x3f, 0x80, 0x0b, 0x63, 0x62, 0x43, 0x35, 0x28, 0xf4, 0xc8, 0x40, 0xf6, 0xb4, 0x8a, 0x26, 0x1e, - 0xd1, 0x22, 0x4c, 0xf7, 0xb1, 0xe1, 0x11, 0xd9, 0x85, 0xca, 0x9a, 0x4f, 0xdc, 0xce, 0xff, 0x3b, - 0xa7, 0xfe, 0x92, 0x03, 0x25, 0xb5, 0xe7, 0x4f, 0x28, 0xef, 0x3e, 0xa4, 0x06, 0x71, 0xd1, 0x2d, - 0x98, 0x71, 0x7c, 0x5e, 0xd0, 0x20, 0xff, 0x72, 0x4c, 0xaa, 0x76, 0xa6, 0xb4, 0x50, 0x1a, 0xdd, - 0x85, 0xb2, 0x49, 0x38, 0x6e, 0x63, 0x8e, 0xa5, 0xcb, 0xea, 0xe6, 0x5a, 0x96, 0xa6, 0xf0, 0xb2, - 0x1b, 0xc8, 0xed, 0x4c, 0x69, 0x91, 0x0e, 0xfa, 0x17, 0x4c, 0xeb, 0x5d, 0xcf, 0xea, 0xc9, 0xd6, - 0x58, 0xdd, 0xbc, 0x34, 0x4e, 0x79, 0x4b, 0x08, 0xed, 0x4c, 0x69, 0xbe, 0xf4, 0xbd, 0x12, 0x14, - 0x19, 0x76, 0xb8, 0xfa, 0x10, 0x16, 0xb3, 0x5c, 0x88, 0x7e, 0xac, 0x77, 0x89, 0xde, 0x73, 0x3d, - 0x33, 0xc8, 0x4e, 0x44, 0x23, 0x04, 0x45, 0x97, 0xbe, 0xf6, 0x33, 0x54, 0xd0, 0xe4, 0xb3, 0xfa, - 0x0f, 0x58, 0x18, 0xf1, 0x26, 0x72, 0xe9, 0xc7, 0x26, 0x2c, 0x9c, 0x0b, 0x5c, 0xab, 0x1e, 0x2c, - 0x3d, 0x93, 0xb9, 0x88, 0x9a, 0xd2, 0x59, 0x4c, 0x18, 0x75, 0x07, 0x96, 0xd3, 0x6e, 0x5d, 0x66, - 0x5b, 0x2e, 0x41, 0x0d, 0x40, 0xf2, 0x14, 0x53, 0xd2, 0x8e, 0x57, 0x65, 0x14, 0x65, 0x2d, 0x63, - 0x45, 0xfd, 0x3a, 0x0f, 0xcb, 0x1a, 0x71, 0x6d, 0xa3, 0x4f, 0xc2, 0x23, 0x76, 0x36, 0x43, 0xf2, - 0x33, 0x28, 0x60, 0xc6, 0x82, 0x32, 0x79, 0x74, 0x6a, 0x63, 0x48, 0x13, 0x56, 0xd1, 0x3f, 0x61, - 0x01, 0x9b, 0x87, 0xb4, 0xe3, 0xd9, 0x9e, 0x1b, 0x6e, 0x4b, 0x16, 0x55, 0x45, 0x1b, 0x5d, 0x50, - 0x75, 0xb8, 0x30, 0x92, 0x82, 0x20, 0x9d, 0xc9, 0x51, 0x9e, 0x4b, 0x8d, 0xf2, 0x4c, 0x27, 0xf9, - 0x71, 0x4e, 0x7e, 0xca, 0x41, 0x2d, 0x3e, 0x3a, 0x81, 0xf9, 0x15, 0xa8, 0x98, 0x01, 0xcf, 0x55, - 0x72, 0xb2, 0x55, 0xc7, 0x8c, 0xe1, 0xa9, 0x9e, 0x4f, 0x4f, 0xf5, 0x65, 0x28, 0xf9, 0xb8, 0x2a, - 0xd8, 0x58, 0x40, 0x0d, 0x85, 0x5c, 0x4c, 0x85, 0xbc, 0x0a, 0xe0, 0x46, 0x6d, 0x43, 0x29, 0xc9, - 0xd5, 0x04, 0x07, 0xa9, 0x70, 0xce, 0x9f, 0x01, 0x1a, 0x71, 0x3d, 0x83, 0x2b, 0x33, 0x52, 0x62, - 0x88, 0xa7, 0xda, 0x30, 0xff, 0x84, 0x8a, 0x3d, 0x1c, 0xb9, 0x67, 0x53, 0xec, 0x37, 0xa1, 0x28, - 0x9c, 0x89, 0x8d, 0x1d, 0x3a, 0xd8, 0xd2, 0xbb, 0x24, 0xcc, 0x55, 0x44, 0x8b, 0x63, 0xcc, 0x71, - 0xc7, 0x55, 0xf2, 0x92, 0x2f, 0x9f, 0xd5, 0xef, 0xf3, 0x7e, 0xa4, 0x2d, 0xc6, 0xdc, 0x8f, 0x0f, - 0xfc, 0xb2, 0x47, 0x51, 0x61, 0x74, 0x14, 0xa5, 0x42, 0x7e, 0x9f, 0x51, 0x74, 0x5a, 0xd3, 0xc1, - 0x83, 0x99, 0x16, 0x63, 0x22, 0x10, 0xb4, 0x01, 0x45, 0xcc, 0x98, 0x9f, 0xf0, 0x54, 0x47, 0x0e, - 0x44, 0xc4, 0xff, 0x20, 0x24, 0x29, 0x5a, 0xbf, 0x05, 0x95, 0x88, 0x75, 0x92, 0xdb, 0x4a, 0xd2, - 0xed, 0xef, 0x25, 0xb8, 0x28, 0x72, 0x7a, 0x20, 0x0b, 0xb9, 0xc5, 0xd8, 0x7d, 0xc2, 0x31, 0x35, - 0xdc, 0xff, 0x79, 0xc4, 0x19, 0x7c, 0xe0, 0x57, 0xd7, 0x81, 0x92, 0x7f, 0x0e, 0x82, 0x8e, 0x74, - 0xea, 0xc0, 0x38, 0x30, 0x1f, 0xa3, 0xe1, 0xc2, 0x87, 0x41, 0xc3, 0x59, 0xe8, 0xb4, 0x78, 0x46, - 0xe8, 0x74, 0xfc, 0x05, 0x25, 0x71, 0xed, 0x29, 0x0d, 0x5f, 0x7b, 0x32, 0x40, 0xdf, 0xcc, 0xbb, - 0x82, 0xbe, 0x72, 0x26, 0xe8, 0x33, 0x33, 0x4f, 0x5a, 0x45, 0xa6, 0xfb, 0xbf, 0xc9, 0x02, 0x1e, - 0x5b, 0x6b, 0x93, 0xc0, 0x3f, 0xf8, 0x33, 0xc0, 0xbf, 0x6f, 0xe4, 0xd4, 0x67, 0x76, 0xbc, 0xef, - 0x68, 0x24, 0x89, 0x4e, 0x2a, 0x86, 0x83, 0x6f, 0x47, 0x3e, 0xa3, 0x6b, 0x50, 0x14, 0x41, 0x04, - 0xb0, 0xec, 0x42, 0x32, 0x87, 0x22, 0xd2, 0x16, 0x63, 0x07, 0x8c, 0xe8, 0x9a, 0x14, 0x42, 0xb7, - 0xa1, 0x12, 0x15, 0x46, 0x50, 0x79, 0x2b, 0x49, 0x8d, 0xa8, 0x8e, 0x42, 0xb5, 0x58, 0x5c, 0xe8, - 0xb6, 0xa9, 0x43, 0x74, 0x09, 0x5a, 0xa6, 0x47, 0x75, 0xef, 0x87, 0x8b, 0x91, 0x6e, 0x24, 0x8e, - 0x36, 0xa0, 0xe4, 0xdf, 0xd0, 0x64, 0x85, 0x55, 0x37, 0x2f, 0x26, 0x15, 0xfd, 0x3b, 0x5c, 0xa8, - 0x15, 0x08, 0xaa, 0x3f, 0xe6, 0xe0, 0x72, 0x5c, 0x04, 0x61, 0xb5, 0x85, 0xb8, 0xf1, 0xe3, 0xcf, - 0x8c, 0x2b, 0x30, 0x27, 0x81, 0x6a, 0x7c, 0x51, 0xf3, 0xbf, 0x19, 0xa4, 0xb8, 0xea, 0x0f, 0x79, - 0xa8, 0x26, 0x5e, 0x84, 0x78, 0x87, 0x02, 0x27, 0x84, 0xef, 0x50, 0x3c, 0x8b, 0xd1, 0x2f, 0xdf, - 0xbf, 0x84, 0xf8, 0xb2, 0xf9, 0x54, 0xb4, 0x04, 0x07, 0xf5, 0x00, 0x18, 0x76, 0xb0, 0x49, 0x38, - 0x71, 0x44, 0xc7, 0x10, 0xa7, 0xe5, 0xf1, 0xe4, 0x55, 0xbc, 0x1f, 0xda, 0xd4, 0x12, 0xe6, 0x05, - 0x76, 0x91, 0xae, 0xdd, 0xa0, 0x4f, 0x04, 0x14, 0xfa, 0x12, 0xe6, 0x8e, 0xa8, 0x41, 0xf6, 0xe3, - 0x40, 0x4a, 0x32, 0x90, 0xbd, 0xc9, 0x03, 0x79, 0x98, 0xb4, 0xab, 0xa5, 0xdc, 0xa8, 0x57, 0xa1, - 0x96, 0xae, 0x4b, 0x11, 0x24, 0x35, 0x71, 0x27, 0xca, 0x56, 0x40, 0xa9, 0x08, 0x6a, 0xe9, 0x3a, - 0x54, 0x7f, 0xcd, 0xc3, 0x52, 0x64, 0xae, 0x65, 0x59, 0xb6, 0x67, 0xe9, 0xf2, 0xe3, 0x41, 0xe6, - 0xbb, 0x58, 0x84, 0x69, 0x4e, 0xb9, 0x11, 0x8d, 0x40, 0x49, 0x88, 0x1e, 0xc9, 0x6d, 0xdb, 0xe0, - 0x94, 0x05, 0x88, 0x2e, 0x24, 0xfd, 0x1a, 0x79, 0xe5, 0x51, 0x87, 0xb4, 0xe5, 0x89, 0x2a, 0x6b, - 0x11, 0x2d, 0xd6, 0x28, 0x27, 0xa6, 0x04, 0x74, 0x7e, 0x32, 0x23, 0x5a, 0xd6, 0x8f, 0x6d, 0x18, - 0x44, 0x17, 0xe9, 0x48, 0x40, 0xbe, 0x14, 0x57, 0x42, 0x49, 0xee, 0x50, 0xab, 0x13, 0x00, 0xbe, - 0x80, 0x12, 0x71, 0x62, 0xc7, 0xc1, 0x03, 0xa5, 0x2c, 0x13, 0xe0, 0x13, 0xe8, 0x3f, 0x50, 0x30, - 0x31, 0x0b, 0x1a, 0xea, 0xd5, 0xa1, 0x53, 0x96, 0x95, 0x81, 0xc6, 0x2e, 0x66, 0x7e, 0xf7, 0x14, - 0x6a, 0xf5, 0x9b, 0x50, 0x0e, 0x19, 0xef, 0x05, 0x0e, 0x5e, 0xc2, 0xec, 0xd0, 0x21, 0x46, 0xcf, - 0x61, 0x39, 0xae, 0xa8, 0xa4, 0xc3, 0x00, 0xab, 0x5c, 0x3e, 0x31, 0x32, 0x6d, 0x8c, 0x01, 0xf5, - 0x15, 0x2c, 0x88, 0x92, 0xd9, 0xea, 0x62, 0x87, 0x9f, 0x11, 0xc8, 0xbd, 0x03, 0x95, 0xc8, 0x65, - 0x66, 0xcd, 0xd4, 0xa1, 0xdc, 0x0f, 0x3f, 0xea, 0xf8, 0x28, 0x37, 0xa2, 0xd5, 0x16, 0xa0, 0x64, - 0xbc, 0x41, 0x27, 0xbf, 0x06, 0xd3, 0xa2, 0x12, 0x42, 0xec, 0xb6, 0x94, 0x6e, 0xdb, 0x52, 0x5c, - 0xf3, 0x65, 0x36, 0xdf, 0x94, 0x60, 0x21, 0x6e, 0x85, 0xe2, 0x2f, 0xd5, 0x09, 0xda, 0x83, 0xda, - 0x76, 0xf0, 0x39, 0x35, 0xbc, 0xbb, 0xa0, 0xe3, 0x3e, 0x06, 0xd4, 0x57, 0xb2, 0x17, 0xfd, 0x88, - 0xd4, 0x29, 0xa4, 0xc3, 0xc5, 0xb4, 0xc1, 0xf8, 0xbb, 0xc3, 0xdf, 0x8e, 0xb1, 0x1c, 0x49, 0x9d, - 0xe4, 0x62, 0x3d, 0x87, 0x9e, 0xc3, 0xdc, 0xf0, 0xed, 0x18, 0x0d, 0xd5, 0x42, 0xe6, 0x85, 0xbd, - 0xae, 0x1e, 0x27, 0x12, 0xc5, 0xff, 0x02, 0xe6, 0x53, 0x57, 0x45, 0xa4, 0x0e, 0x43, 0x8a, 0xac, - 0xab, 0x74, 0xfd, 0xaf, 0xc7, 0xca, 0x44, 0xd6, 0xef, 0x40, 0x39, 0xbc, 0x5a, 0x0d, 0xa7, 0x39, - 0x75, 0xe1, 0xaa, 0xd7, 0x86, 0xed, 0x1d, 0xb9, 0xea, 0x14, 0xba, 0xeb, 0x2b, 0x0b, 0xe8, 0x3d, - 0xaa, 0x9c, 0xb8, 0x50, 0xd4, 0xcf, 0x67, 0x80, 0x78, 0xb9, 0xb5, 0xd9, 0x6d, 0xc2, 0x63, 0x44, - 0x80, 0xfe, 0xfe, 0x4e, 0x58, 0xa9, 0xae, 0xa6, 0xc5, 0x46, 0x41, 0x85, 0x3a, 0x85, 0xbe, 0xcb, - 0xc1, 0xf9, 0x6d, 0xc2, 0xd3, 0x33, 0x16, 0x5d, 0xcf, 0x76, 0x32, 0x66, 0x16, 0xd7, 0x9f, 0x4e, - 0x7a, 0xec, 0x86, 0xcd, 0xaa, 0x53, 0x68, 0x5f, 0x6e, 0x3b, 0x3e, 0x3e, 0xe8, 0x52, 0xe6, 0x39, - 0x89, 0xb2, 0xb7, 0x3a, 0x6e, 0x39, 0xdc, 0xea, 0xbd, 0xd6, 0x9b, 0xb7, 0xab, 0xb9, 0x9f, 0xdf, - 0xae, 0xe6, 0x7e, 0x7b, 0xbb, 0x9a, 0xfb, 0xf4, 0xc6, 0x09, 0x3f, 0x66, 0x24, 0x7e, 0x1f, 0xc1, - 0x8c, 0xea, 0x06, 0x25, 0x16, 0x3f, 0x2c, 0xc9, 0x9f, 0x2e, 0x6e, 0xfc, 0x11, 0x00, 0x00, 0xff, - 0xff, 0x29, 0x30, 0x6e, 0x69, 0x3e, 0x19, 0x00, 0x00, + // 1797 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xd4, 0x59, 0x4b, 0x6f, 0x1b, 0xc9, + 0x11, 0x16, 0x1f, 0xa2, 0xc8, 0xa2, 0x2d, 0x51, 0x6d, 0x5b, 0x1e, 0x73, 0xbd, 0x02, 0x77, 0x92, + 0x18, 0xca, 0x3e, 0x86, 0xb0, 0x8c, 0xec, 0x06, 0xde, 0x64, 0x03, 0xae, 0xd6, 0xb6, 0x0c, 0x5b, + 0xb6, 0x32, 0x36, 0x12, 0x6c, 0x62, 0x24, 0x68, 0x0e, 0x9b, 0xc3, 0x5e, 0xce, 0xa3, 0x3d, 0xd3, + 0xc3, 0x80, 0x06, 0x72, 0x08, 0x90, 0x4b, 0xae, 0x39, 0xe4, 0xaf, 0xe4, 0x98, 0x53, 0x82, 0x1c, + 0x83, 0xfc, 0x81, 0x04, 0xbe, 0xe4, 0x6f, 0x04, 0xdd, 0xd3, 0xf3, 0xe0, 0x70, 0x28, 0xef, 0x82, + 0x5a, 0x19, 0x7b, 0x91, 0xba, 0xaa, 0xab, 0xab, 0xaa, 0x6b, 0xaa, 0xab, 0xbe, 0x6e, 0xc2, 0xad, + 0x80, 0x30, 0x3f, 0x24, 0xc1, 0x8c, 0x04, 0x7d, 0x39, 0xa4, 0xdc, 0x0f, 0xe6, 0xb9, 0xa1, 0xc1, + 0x02, 0x9f, 0xfb, 0x08, 0x32, 0x4e, 0xf7, 0xb1, 0x4d, 0xf9, 0x24, 0x1a, 0x1a, 0x96, 0xef, 0xf6, + 0x71, 0x60, 0xfb, 0x2c, 0xf0, 0xbf, 0x92, 0x83, 0x8f, 0xac, 0x51, 0x7f, 0x76, 0xd8, 0x67, 0x53, + 0xbb, 0x8f, 0x19, 0x0d, 0xfb, 0x98, 0x31, 0x87, 0x5a, 0x98, 0x53, 0xdf, 0xeb, 0xcf, 0x6e, 0x63, + 0x87, 0x4d, 0xf0, 0xed, 0xbe, 0x4d, 0x3c, 0x12, 0x60, 0x4e, 0x46, 0xb1, 0xe6, 0xee, 0x3b, 0xb6, + 0xef, 0xdb, 0x0e, 0xe9, 0x4b, 0x6a, 0x18, 0x8d, 0xfb, 0xc4, 0x65, 0x5c, 0x99, 0xd5, 0xff, 0x0c, + 0xb0, 0x73, 0x82, 0x3d, 0x3a, 0x26, 0x21, 0x37, 0xc9, 0xcb, 0x88, 0x84, 0x1c, 0xbd, 0x80, 0xba, + 0x70, 0x46, 0xab, 0xf4, 0x2a, 0x07, 0xed, 0xc3, 0x63, 0x23, 0xf3, 0xc6, 0x48, 0xbc, 0x91, 0x83, + 0xdf, 0x5a, 0x23, 0x63, 0x76, 0x68, 0xb0, 0xa9, 0x6d, 0x08, 0x6f, 0x8c, 0x9c, 0x37, 0x46, 0xe2, + 0x8d, 0x61, 0xa6, 0xdb, 0x32, 0xa5, 0x56, 0xd4, 0x85, 0x66, 0x40, 0x66, 0x34, 0xa4, 0xbe, 0xa7, + 0x55, 0x7b, 0x95, 0x83, 0x96, 0x99, 0xd2, 0x48, 0x83, 0x2d, 0xcf, 0x3f, 0xc2, 0xd6, 0x84, 0x68, + 0xb5, 0x5e, 0xe5, 0xa0, 0x69, 0x26, 0x24, 0xea, 0x41, 0x1b, 0x33, 0xf6, 0x18, 0x0f, 0x89, 0xf3, + 0x88, 0xcc, 0xb5, 0xba, 0x5c, 0x98, 0x67, 0x89, 0xb5, 0x98, 0xb1, 0x27, 0xd8, 0x25, 0xda, 0xa6, + 0x9c, 0x4d, 0x48, 0x74, 0x13, 0x5a, 0x1e, 0x76, 0x49, 0xc8, 0xb0, 0x45, 0xb4, 0xa6, 0x9c, 0xcb, + 0x18, 0xe8, 0xf7, 0xb0, 0x9b, 0x73, 0xfc, 0x99, 0x1f, 0x05, 0x16, 0xd1, 0x40, 0x6e, 0xfd, 0xe9, + 0x7a, 0x5b, 0x1f, 0x14, 0xd5, 0x9a, 0xcb, 0x96, 0xd0, 0x6f, 0x60, 0x53, 0x7e, 0x79, 0xad, 0xdd, + 0xab, 0x9d, 0x6b, 0xb4, 0x63, 0xb5, 0xc8, 0x83, 0x2d, 0xe6, 0x44, 0x36, 0xf5, 0x42, 0xed, 0x92, + 0xb4, 0xf0, 0x7c, 0x3d, 0x0b, 0x47, 0xbe, 0x37, 0xa6, 0xf6, 0x09, 0xf6, 0xb0, 0x4d, 0x5c, 0xe2, + 0xf1, 0x53, 0xa9, 0xdc, 0x4c, 0x8c, 0xa0, 0x57, 0xd0, 0x99, 0x46, 0x21, 0xf7, 0x5d, 0xfa, 0x8a, + 0x3c, 0x65, 0x62, 0x6d, 0xa8, 0x5d, 0x96, 0xd1, 0x7c, 0xb2, 0x9e, 0xe1, 0x47, 0x05, 0xad, 0xe6, + 0x92, 0x1d, 0x91, 0x24, 0xd3, 0x68, 0x48, 0x7e, 0x41, 0x02, 0x99, 0x5d, 0xdb, 0x71, 0x92, 0xe4, + 0x58, 0x71, 0x1a, 0x51, 0x45, 0x85, 0xda, 0x4e, 0xaf, 0x16, 0xa7, 0x51, 0xca, 0x42, 0x07, 0xb0, + 0x33, 0x23, 0x01, 0x1d, 0xcf, 0x9f, 0x51, 0xdb, 0xc3, 0x3c, 0x0a, 0x88, 0xd6, 0x91, 0xa9, 0x58, + 0x64, 0x23, 0x17, 0x2e, 0x4f, 0x88, 0xe3, 0x8a, 0x90, 0x1f, 0x05, 0x64, 0x14, 0x6a, 0xbb, 0x32, + 0xbe, 0x0f, 0xd6, 0xff, 0x82, 0x52, 0x9d, 0xb9, 0xa8, 0x5d, 0x38, 0xe6, 0xf9, 0xa6, 0x3a, 0x29, + 0xf1, 0x19, 0x41, 0xb1, 0x63, 0x05, 0x36, 0xba, 0x05, 0xdb, 0x3c, 0xc0, 0xd6, 0x94, 0x7a, 0xf6, + 0x09, 0xe1, 0x13, 0x7f, 0xa4, 0x5d, 0x91, 0x91, 0x28, 0x70, 0x91, 0x05, 0x88, 0x78, 0x78, 0xe8, + 0x90, 0x51, 0x9c, 0x8b, 0xcf, 0xe7, 0x8c, 0x84, 0xda, 0x55, 0xb9, 0x8b, 0x3b, 0x46, 0xae, 0x42, + 0x15, 0x0a, 0x84, 0x71, 0x6f, 0x69, 0xd5, 0x3d, 0x8f, 0x07, 0x73, 0xb3, 0x44, 0x1d, 0x9a, 0x42, + 0x5b, 0xec, 0x23, 0x49, 0x85, 0x6b, 0x32, 0x15, 0x1e, 0xae, 0x17, 0xa3, 0xe3, 0x4c, 0xa1, 0x99, + 0xd7, 0xde, 0xbd, 0x07, 0xd7, 0x57, 0xf8, 0x86, 0x3a, 0x50, 0x9b, 0x92, 0xb9, 0xac, 0x69, 0x2d, + 0x53, 0x0c, 0xd1, 0x55, 0xd8, 0x9c, 0x61, 0x27, 0x22, 0xb2, 0x0a, 0x35, 0xcd, 0x98, 0xb8, 0x5b, + 0xfd, 0x71, 0x45, 0xff, 0x77, 0x05, 0xb4, 0xc2, 0x9e, 0x7f, 0x49, 0xf9, 0xe4, 0x3e, 0x75, 0x48, + 0x88, 0x3e, 0x81, 0xad, 0x20, 0xe6, 0xa9, 0x02, 0xf9, 0xce, 0x19, 0xa1, 0x3a, 0xde, 0x30, 0x13, + 0x69, 0xf4, 0x19, 0x34, 0x5d, 0xc2, 0xf1, 0x08, 0x73, 0x2c, 0x4d, 0xb6, 0x0f, 0x7b, 0x65, 0x2b, + 0x85, 0x95, 0x13, 0x25, 0x77, 0xbc, 0x61, 0xa6, 0x6b, 0xd0, 0x8f, 0x60, 0xd3, 0x9a, 0x44, 0xde, + 0x54, 0x96, 0xc6, 0xf6, 0xe1, 0xbb, 0xab, 0x16, 0x1f, 0x09, 0xa1, 0xe3, 0x0d, 0x33, 0x96, 0xfe, + 0xbc, 0x01, 0x75, 0x86, 0x03, 0xae, 0xdf, 0x87, 0xab, 0x65, 0x26, 0x44, 0x3d, 0xb6, 0x26, 0xc4, + 0x9a, 0x86, 0x91, 0xab, 0xa2, 0x93, 0xd2, 0x08, 0x41, 0x3d, 0xa4, 0xaf, 0xe2, 0x08, 0xd5, 0x4c, + 0x39, 0xd6, 0x7f, 0x08, 0xbb, 0x4b, 0xd6, 0x44, 0x2c, 0x63, 0xdf, 0x84, 0x86, 0x4b, 0xca, 0xb4, + 0x1e, 0xc1, 0xb5, 0xe7, 0x32, 0x16, 0x69, 0x51, 0xba, 0x88, 0x0e, 0xa3, 0x1f, 0xc3, 0x5e, 0xd1, + 0x6c, 0xc8, 0x7c, 0x2f, 0x24, 0xc8, 0x00, 0x24, 0x4f, 0x31, 0x25, 0xa3, 0x6c, 0x56, 0x7a, 0xd1, + 0x34, 0x4b, 0x66, 0xf4, 0x3f, 0x54, 0x61, 0xcf, 0x24, 0xa1, 0xef, 0xcc, 0x48, 0x72, 0xc4, 0x2e, + 0xa6, 0x49, 0xfe, 0x1a, 0x6a, 0x98, 0x31, 0x95, 0x26, 0x0f, 0xcf, 0xad, 0x0d, 0x99, 0x42, 0x2b, + 0xfa, 0x10, 0x76, 0xb1, 0x3b, 0xa4, 0x76, 0xe4, 0x47, 0x61, 0xb2, 0x2d, 0x99, 0x54, 0x2d, 0x73, + 0x79, 0x42, 0xb7, 0xe0, 0xfa, 0x52, 0x08, 0x54, 0x38, 0xf3, 0xad, 0xbc, 0x52, 0x68, 0xe5, 0xa5, + 0x46, 0xaa, 0xab, 0x8c, 0xfc, 0xa3, 0x02, 0x9d, 0xec, 0xe8, 0x28, 0xf5, 0x37, 0xa1, 0xe5, 0x2a, + 0x5e, 0xa8, 0x55, 0x64, 0xa9, 0xce, 0x18, 0x8b, 0x5d, 0xbd, 0x5a, 0xec, 0xea, 0x7b, 0xd0, 0x88, + 0x41, 0x97, 0xda, 0x98, 0xa2, 0x16, 0x5c, 0xae, 0x17, 0x5c, 0xde, 0x07, 0x08, 0xd3, 0xb2, 0xa1, + 0x35, 0xe4, 0x6c, 0x8e, 0x83, 0x74, 0xb8, 0x14, 0xf7, 0x00, 0x93, 0x84, 0x91, 0xc3, 0xb5, 0x2d, + 0x29, 0xb1, 0xc0, 0xd3, 0x7d, 0xd8, 0x79, 0x4c, 0xc5, 0x1e, 0xc6, 0xe1, 0xc5, 0x24, 0xfb, 0xc7, + 0x50, 0x17, 0xc6, 0xc4, 0xc6, 0x86, 0x01, 0xf6, 0xac, 0x09, 0x49, 0x62, 0x95, 0xd2, 0xe2, 0x18, + 0x73, 0x6c, 0x87, 0x5a, 0x55, 0xf2, 0xe5, 0x58, 0xff, 0x6b, 0x35, 0xf6, 0x74, 0xc0, 0x58, 0xf8, + 0xf6, 0x81, 0x5f, 0x79, 0x2b, 0xaa, 0x2d, 0xb7, 0xa2, 0x82, 0xcb, 0xdf, 0xa4, 0x15, 0x9d, 0x57, + 0x77, 0x88, 0x60, 0x6b, 0xc0, 0x98, 0x70, 0x04, 0xdd, 0x86, 0x3a, 0x66, 0x2c, 0x0e, 0x78, 0xa1, + 0x22, 0x2b, 0x11, 0xf1, 0x5f, 0xb9, 0x24, 0x45, 0xbb, 0x9f, 0x40, 0x2b, 0x65, 0xbd, 0xc9, 0x6c, + 0x2b, 0x6f, 0xb6, 0x07, 0x10, 0x63, 0xad, 0x87, 0xde, 0xd8, 0x17, 0x9f, 0x54, 0x24, 0xbb, 0x5a, + 0x2a, 0xc7, 0xfa, 0xdd, 0x44, 0x42, 0xfa, 0xf6, 0x21, 0x6c, 0x52, 0x4e, 0xdc, 0xc4, 0xb9, 0xbd, + 0xbc, 0x73, 0x99, 0x22, 0x33, 0x16, 0xd2, 0xff, 0xd7, 0x80, 0x1b, 0xe2, 0x8b, 0x3d, 0x93, 0xc7, + 0x64, 0xc0, 0xd8, 0x17, 0x84, 0x63, 0xea, 0x84, 0x3f, 0x8f, 0x48, 0x30, 0xff, 0x96, 0x13, 0xc3, + 0x86, 0x46, 0x7c, 0xca, 0x54, 0xbd, 0x3b, 0x77, 0xd8, 0xad, 0xd4, 0x67, 0x58, 0xbb, 0xf6, 0xed, + 0x60, 0xed, 0x32, 0xec, 0x5b, 0xbf, 0x20, 0xec, 0xbb, 0xfa, 0xfa, 0x93, 0xbb, 0x54, 0x35, 0x16, + 0x2f, 0x55, 0x25, 0x90, 0x72, 0xeb, 0xeb, 0x42, 0xca, 0x66, 0x29, 0xa4, 0x74, 0x4b, 0xcf, 0x71, + 0x4b, 0x86, 0xfb, 0xa7, 0xf9, 0x0c, 0x5c, 0x99, 0x6b, 0xeb, 0x80, 0x4b, 0xf8, 0x2e, 0x80, 0xcb, + 0x3f, 0x4a, 0x4c, 0xc1, 0xfc, 0x6c, 0xdf, 0x69, 0xc3, 0x13, 0x75, 0x5a, 0xb4, 0x1e, 0x75, 0xa8, + 0xc5, 0x18, 0x7d, 0x00, 0x75, 0xe1, 0x84, 0x02, 0x7d, 0xd7, 0xf3, 0x31, 0x14, 0x9e, 0x0e, 0x18, + 0x7b, 0xc6, 0x88, 0x65, 0x4a, 0x21, 0x74, 0x17, 0x5a, 0x69, 0x62, 0xa8, 0xcc, 0xbb, 0x99, 0x5f, + 0x91, 0xe6, 0x51, 0xb2, 0x2c, 0x13, 0x17, 0x6b, 0x47, 0x34, 0x20, 0x96, 0x84, 0x44, 0x9b, 0xcb, + 0x6b, 0xbf, 0x48, 0x26, 0xd3, 0xb5, 0xa9, 0x38, 0xba, 0x0d, 0x8d, 0xf8, 0xfe, 0x27, 0x33, 0xac, + 0x7d, 0x78, 0x63, 0xb9, 0xd8, 0x24, 0xab, 0x94, 0xa0, 0xfe, 0xf7, 0x0a, 0xbc, 0x97, 0x25, 0x41, + 0x92, 0x6d, 0x09, 0x2a, 0x7d, 0xfb, 0x1d, 0xe9, 0x16, 0x6c, 0x4b, 0x18, 0x9c, 0x5d, 0x03, 0xe3, + 0x17, 0x89, 0x02, 0x57, 0xff, 0x5b, 0x15, 0xda, 0xb9, 0x0f, 0x51, 0x56, 0x98, 0x05, 0xb0, 0x90, + 0xdf, 0x5f, 0x5e, 0x20, 0x64, 0xf1, 0x69, 0x99, 0x39, 0x0e, 0x9a, 0x02, 0x30, 0x1c, 0x60, 0x97, + 0x70, 0x12, 0x88, 0x8a, 0x21, 0x4e, 0xcb, 0xa3, 0xf5, 0xb3, 0xf8, 0x34, 0xd1, 0x69, 0xe6, 0xd4, + 0x0b, 0x64, 0x24, 0x4d, 0x87, 0xaa, 0x4e, 0x28, 0x0a, 0xfd, 0x0e, 0xb6, 0xc7, 0xd4, 0x21, 0xa7, + 0x99, 0x23, 0x0d, 0xe9, 0xc8, 0xd3, 0xf5, 0x1d, 0xb9, 0x9f, 0xd7, 0x6b, 0x16, 0xcc, 0xe8, 0xef, + 0x43, 0xa7, 0x98, 0x97, 0xc2, 0x49, 0xea, 0x62, 0x3b, 0x8d, 0x96, 0xa2, 0x74, 0x04, 0x9d, 0x62, + 0x1e, 0xea, 0xff, 0xa9, 0xc2, 0xb5, 0x54, 0xdd, 0xc0, 0xf3, 0xfc, 0xc8, 0xb3, 0xe4, 0xd3, 0x44, + 0xe9, 0xb7, 0xb8, 0x0a, 0x9b, 0x9c, 0x72, 0x27, 0x6d, 0xb0, 0x92, 0x10, 0x35, 0x92, 0xfb, 0xbe, + 0xc3, 0x29, 0x53, 0x78, 0x31, 0x21, 0xe3, 0x1c, 0x79, 0x19, 0xd1, 0x80, 0x8c, 0xe4, 0x89, 0x6a, + 0x9a, 0x29, 0x2d, 0xe6, 0x44, 0xf7, 0x94, 0x70, 0x31, 0x0e, 0x66, 0x4a, 0xcb, 0xfc, 0xf1, 0x1d, + 0x87, 0x58, 0x22, 0x1c, 0x39, 0x40, 0x59, 0xe0, 0x4a, 0xa0, 0xca, 0x03, 0xea, 0xd9, 0x0a, 0x4e, + 0x2a, 0x4a, 0xf8, 0x89, 0x83, 0x00, 0xcf, 0xb5, 0xa6, 0x0c, 0x40, 0x4c, 0xa0, 0x9f, 0x40, 0xcd, + 0xc5, 0x4c, 0x15, 0xd4, 0xf7, 0x17, 0x4e, 0x59, 0x59, 0x04, 0x8c, 0x13, 0xcc, 0xe2, 0xea, 0x29, + 0x96, 0x75, 0x3f, 0x86, 0x66, 0xc2, 0xf8, 0x46, 0xd0, 0xe3, 0x2b, 0xb8, 0xbc, 0x70, 0x88, 0xd1, + 0x97, 0xb0, 0x97, 0x65, 0x54, 0xde, 0xa0, 0x02, 0x1b, 0xef, 0xbd, 0xd1, 0x33, 0x73, 0x85, 0x02, + 0xfd, 0x25, 0xec, 0x8a, 0x94, 0x39, 0x9a, 0xe0, 0x80, 0x5f, 0x10, 0x84, 0xfe, 0x14, 0x5a, 0xa9, + 0xc9, 0xd2, 0x9c, 0xe9, 0x42, 0x73, 0x96, 0x3c, 0x19, 0xc5, 0x18, 0x3a, 0xa5, 0xf5, 0x01, 0xa0, + 0xbc, 0xbf, 0xaa, 0x92, 0x7f, 0xb0, 0x08, 0xbe, 0xae, 0x15, 0xcb, 0xb6, 0x14, 0x57, 0xd8, 0xeb, + 0xf0, 0x4f, 0x5b, 0xb0, 0x9b, 0x95, 0x42, 0xf1, 0x97, 0x5a, 0x04, 0x3d, 0x85, 0xce, 0x03, 0xf5, + 0x92, 0x9b, 0xdc, 0x8c, 0xd0, 0x59, 0x4f, 0x0d, 0xdd, 0x9b, 0xe5, 0x93, 0xb1, 0x47, 0xfa, 0x06, + 0xb2, 0xe0, 0x46, 0x51, 0x61, 0xf6, 0xaa, 0xf1, 0xfd, 0x33, 0x34, 0xa7, 0x52, 0x6f, 0x32, 0x71, + 0x50, 0x41, 0x5f, 0xc2, 0xf6, 0xe2, 0xdd, 0x1b, 0x2d, 0xe4, 0x42, 0xe9, 0x73, 0x40, 0x57, 0x3f, + 0x4b, 0x24, 0xf5, 0xff, 0x05, 0xec, 0x14, 0x2e, 0xa2, 0x48, 0x5f, 0x84, 0x14, 0x65, 0x17, 0xf5, + 0xee, 0xf7, 0xce, 0x94, 0x49, 0xb5, 0x7f, 0x0a, 0xcd, 0xe4, 0xe2, 0xb6, 0x18, 0xe6, 0xc2, 0x75, + 0xae, 0xdb, 0x59, 0xd4, 0x37, 0x0e, 0xf5, 0x0d, 0xf4, 0x59, 0xbc, 0x58, 0x00, 0xfb, 0xe5, 0xc5, + 0xb9, 0xeb, 0x4a, 0xf7, 0x4a, 0xc9, 0x15, 0x41, 0xdf, 0x40, 0x3f, 0x83, 0xb6, 0x18, 0x9d, 0xaa, + 0x37, 0xd4, 0x3d, 0x23, 0x7e, 0xb2, 0x37, 0x92, 0x27, 0x7b, 0xe3, 0x9e, 0xcb, 0xf8, 0xbc, 0x5b, + 0x82, 0xe1, 0x95, 0x82, 0x17, 0x70, 0xf9, 0x01, 0xe1, 0x19, 0xa4, 0x40, 0x3f, 0xf8, 0x5a, 0x60, + 0xab, 0xab, 0x17, 0xc5, 0x96, 0x51, 0x89, 0xbe, 0x81, 0xfe, 0x52, 0x81, 0x2b, 0x0f, 0x08, 0x2f, + 0x36, 0x69, 0xf4, 0x51, 0xb9, 0x91, 0x15, 0xcd, 0xbc, 0xfb, 0x64, 0xdd, 0x73, 0xbb, 0xa8, 0x56, + 0xdf, 0x40, 0xa7, 0x72, 0xdb, 0xd9, 0xf9, 0x43, 0xef, 0x96, 0x1e, 0xb4, 0x34, 0xfc, 0xfb, 0xab, + 0xa6, 0x93, 0xad, 0x7e, 0x3e, 0xf8, 0xe7, 0xeb, 0xfd, 0xca, 0xbf, 0x5e, 0xef, 0x57, 0xfe, 0xfb, + 0x7a, 0xbf, 0xf2, 0xab, 0x3b, 0x6f, 0xf8, 0x21, 0x26, 0xf7, 0xdb, 0x0e, 0x66, 0xd4, 0x72, 0x28, + 0xf1, 0xf8, 0xb0, 0x21, 0xbf, 0xda, 0x9d, 0xff, 0x07, 0x00, 0x00, 0xff, 0xff, 0x86, 0x50, 0xb1, + 0xb6, 0xfa, 0x19, 0x00, 0x00, } // Reference imports to suppress errors if they are not otherwise used. @@ -1871,6 +1974,8 @@ type RepoServerServiceClient interface { ListRefs(ctx context.Context, in *ListRefsRequest, opts ...grpc.CallOption) (*Refs, error) // ListApps returns a list of apps in the repo ListApps(ctx context.Context, in *ListAppsRequest, opts ...grpc.CallOption) (*AppList, error) + // ListPlugins returns a list of cmp v2 plugins running as sidecar to reposerver + ListPlugins(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*PluginList, error) // Generate manifest for application in specified repo name and revision GetAppDetails(ctx context.Context, in *RepoServerAppDetailsQuery, opts ...grpc.CallOption) (*RepoAppDetailsResponse, error) // Get the meta-data (author, date, tags, message) for a specific revision of the repo @@ -1966,6 +2071,15 @@ func (c *repoServerServiceClient) ListApps(ctx context.Context, in *ListAppsRequ return out, nil } +func (c *repoServerServiceClient) ListPlugins(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*PluginList, error) { + out := new(PluginList) + err := c.cc.Invoke(ctx, "/repository.RepoServerService/ListPlugins", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + func (c *repoServerServiceClient) GetAppDetails(ctx context.Context, in *RepoServerAppDetailsQuery, opts ...grpc.CallOption) (*RepoAppDetailsResponse, error) { out := new(RepoAppDetailsResponse) err := c.cc.Invoke(ctx, "/repository.RepoServerService/GetAppDetails", in, out, opts...) @@ -2007,6 +2121,8 @@ type RepoServerServiceServer interface { ListRefs(context.Context, *ListRefsRequest) (*Refs, error) // ListApps returns a list of apps in the repo ListApps(context.Context, *ListAppsRequest) (*AppList, error) + // ListPlugins returns a list of cmp v2 plugins running as sidecar to reposerver + ListPlugins(context.Context, *emptypb.Empty) (*PluginList, error) // Generate manifest for application in specified repo name and revision GetAppDetails(context.Context, *RepoServerAppDetailsQuery) (*RepoAppDetailsResponse, error) // Get the meta-data (author, date, tags, message) for a specific revision of the repo @@ -2037,6 +2153,9 @@ func (*UnimplementedRepoServerServiceServer) ListRefs(ctx context.Context, req * func (*UnimplementedRepoServerServiceServer) ListApps(ctx context.Context, req *ListAppsRequest) (*AppList, error) { return nil, status.Errorf(codes.Unimplemented, "method ListApps not implemented") } +func (*UnimplementedRepoServerServiceServer) ListPlugins(ctx context.Context, req *emptypb.Empty) (*PluginList, error) { + return nil, status.Errorf(codes.Unimplemented, "method ListPlugins not implemented") +} func (*UnimplementedRepoServerServiceServer) GetAppDetails(ctx context.Context, req *RepoServerAppDetailsQuery) (*RepoAppDetailsResponse, error) { return nil, status.Errorf(codes.Unimplemented, "method GetAppDetails not implemented") } @@ -2167,6 +2286,24 @@ func _RepoServerService_ListApps_Handler(srv interface{}, ctx context.Context, d return interceptor(ctx, in, info, handler) } +func _RepoServerService_ListPlugins_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(emptypb.Empty) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(RepoServerServiceServer).ListPlugins(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/repository.RepoServerService/ListPlugins", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(RepoServerServiceServer).ListPlugins(ctx, req.(*emptypb.Empty)) + } + return interceptor(ctx, in, info, handler) +} + func _RepoServerService_GetAppDetails_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { in := new(RepoServerAppDetailsQuery) if err := dec(in); err != nil { @@ -2245,6 +2382,10 @@ var _RepoServerService_serviceDesc = grpc.ServiceDesc{ MethodName: "ListApps", Handler: _RepoServerService_ListApps_Handler, }, + { + MethodName: "ListPlugins", + Handler: _RepoServerService_ListPlugins_Handler, + }, { MethodName: "GetAppDetails", Handler: _RepoServerService_GetAppDetails_Handler, @@ -3116,6 +3257,81 @@ func (m *AppList) MarshalToSizedBuffer(dAtA []byte) (int, error) { return len(dAtA) - i, nil } +func (m *PluginInfo) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *PluginInfo) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *PluginInfo) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + if len(m.Name) > 0 { + i -= len(m.Name) + copy(dAtA[i:], m.Name) + i = encodeVarintRepository(dAtA, i, uint64(len(m.Name))) + i-- + dAtA[i] = 0xa + } + return len(dAtA) - i, nil +} + +func (m *PluginList) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *PluginList) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *PluginList) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + if len(m.Items) > 0 { + for iNdEx := len(m.Items) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.Items[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintRepository(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + } + } + return len(dAtA) - i, nil +} + func (m *RepoServerAppDetailsQuery) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) @@ -4202,6 +4418,40 @@ func (m *AppList) Size() (n int) { return n } +func (m *PluginInfo) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.Name) + if l > 0 { + n += 1 + l + sovRepository(uint64(l)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *PluginList) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if len(m.Items) > 0 { + for _, e := range m.Items { + l = e.Size() + n += 1 + l + sovRepository(uint64(l)) + } + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + func (m *RepoServerAppDetailsQuery) Size() (n int) { if m == nil { return 0 @@ -6838,6 +7088,174 @@ func (m *AppList) Unmarshal(dAtA []byte) error { } return nil } +func (m *PluginInfo) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowRepository + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: PluginInfo: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: PluginInfo: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowRepository + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthRepository + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthRepository + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Name = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipRepository(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthRepository + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *PluginList) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowRepository + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: PluginList: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: PluginList: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Items", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowRepository + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthRepository + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthRepository + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Items = append(m.Items, &PluginInfo{}) + if err := m.Items[len(m.Items)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipRepository(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthRepository + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} func (m *RepoServerAppDetailsQuery) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 diff --git a/reposerver/repository/repository.go b/reposerver/repository/repository.go index 80d81f42b51b0..98f2a4da2ecf6 100644 --- a/reposerver/repository/repository.go +++ b/reposerver/repository/repository.go @@ -17,6 +17,8 @@ import ( "strings" "time" + "github.com/golang/protobuf/ptypes/empty" + kubeyaml "k8s.io/apimachinery/pkg/util/yaml" "k8s.io/apimachinery/pkg/api/resource" @@ -229,6 +231,26 @@ func (s *Service) ListApps(ctx context.Context, q *apiclient.ListAppsRequest) (* return &res, nil } +// ListPlugins lists the contents of a GitHub repo +func (s *Service) ListPlugins(ctx context.Context, _ *empty.Empty) (*apiclient.PluginList, error) { + pluginSockFilePath := common.GetPluginSockFilePath() + + sockFiles, err := os.ReadDir(pluginSockFilePath) + if err != nil { + return nil, fmt.Errorf("failed to get plugins from dir %v, error=%w", pluginSockFilePath, err) + } + + plugins := []*apiclient.PluginInfo{} + for _, file := range sockFiles { + if file.Type() == os.ModeSocket { + plugins = append(plugins, &apiclient.PluginInfo{Name: strings.TrimSuffix(file.Name(), ".sock")}) + } + } + + res := apiclient.PluginList{Items: plugins} + return &res, nil +} + type operationSettings struct { sem *semaphore.Weighted noCache bool diff --git a/reposerver/repository/repository.proto b/reposerver/repository/repository.proto index d5b00ff841ee2..d2610d600a87a 100644 --- a/reposerver/repository/repository.proto +++ b/reposerver/repository/repository.proto @@ -4,6 +4,7 @@ option go_package = "github.com/argoproj/argo-cd/v2/reposerver/apiclient"; package repository; import "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1/generated.proto"; +import "google/protobuf/empty.proto"; // ManifestRequest is a query for manifest generation. message ManifestRequest { @@ -107,6 +108,15 @@ message AppList { map apps = 1; } +message PluginInfo { + string name = 1; +} + +// PluginList returns the list of all cmp v2 plugins running as sidecars +message PluginList { + repeated PluginInfo items = 1; +} + // RepoServerAppDetailsQuery contains query information for app details request message RepoServerAppDetailsQuery { github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.Repository repo = 1; @@ -230,6 +240,10 @@ service RepoServerService { rpc ListApps(ListAppsRequest) returns (AppList) { } + // ListPlugins returns a list of cmp v2 plugins running as sidecar to reposerver + rpc ListPlugins(google.protobuf.Empty) returns (PluginList) { + } + // Generate manifest for application in specified repo name and revision rpc GetAppDetails(RepoServerAppDetailsQuery) returns (RepoAppDetailsResponse) { } diff --git a/server/server.go b/server/server.go index ec257a0512187..ab5b3a6cff12a 100644 --- a/server/server.go +++ b/server/server.go @@ -779,7 +779,7 @@ func newArgoCDServiceSet(a *ArgoCDServer) *ArgoCDServiceSet { applicationSetService := applicationset.NewServer(a.db, a.KubeClientset, a.enf, a.Cache, a.AppClientset, a.appLister, a.appsetInformer, a.appsetLister, a.projLister, a.settingsMgr, a.Namespace, projectLock) projectService := project.NewServer(a.Namespace, a.KubeClientset, a.AppClientset, a.enf, projectLock, a.sessionMgr, a.policyEnforcer, a.projInformer, a.settingsMgr, a.db) appsInAnyNamespaceEnabled := len(a.ArgoCDServerOpts.ApplicationNamespaces) > 0 - settingsService := settings.NewServer(a.settingsMgr, a, a.DisableAuth, appsInAnyNamespaceEnabled) + settingsService := settings.NewServer(a.settingsMgr, a.RepoClientset, a, a.DisableAuth, appsInAnyNamespaceEnabled) accountService := account.NewServer(a.sessionMgr, a.settingsMgr, a.enf) notificationService := notification.NewServer(a.apiFactory) diff --git a/server/settings/settings.go b/server/settings/settings.go index 59e7f999df59d..ba8a582e58cdd 100644 --- a/server/settings/settings.go +++ b/server/settings/settings.go @@ -2,6 +2,11 @@ package settings import ( "context" + "fmt" + + "github.com/argoproj/argo-cd/v2/reposerver/apiclient" + ioutil "github.com/argoproj/argo-cd/v2/util/io" + "github.com/golang/protobuf/ptypes/empty" "github.com/ghodss/yaml" @@ -15,6 +20,7 @@ import ( // Server provides a Settings service type Server struct { mgr *settings.SettingsManager + repoClient apiclient.Clientset authenticator Authenticator disableAuth bool appsInAnyNamespaceEnabled bool @@ -25,8 +31,8 @@ type Authenticator interface { } // NewServer returns a new instance of the Settings service -func NewServer(mgr *settings.SettingsManager, authenticator Authenticator, disableAuth, appsInAnyNamespaceEnabled bool) *Server { - return &Server{mgr: mgr, authenticator: authenticator, disableAuth: disableAuth, appsInAnyNamespaceEnabled: appsInAnyNamespaceEnabled} +func NewServer(mgr *settings.SettingsManager, repoClient apiclient.Clientset, authenticator Authenticator, disableAuth, appsInAnyNamespaceEnabled bool) *Server { + return &Server{mgr: mgr, repoClient: repoClient, authenticator: authenticator, disableAuth: disableAuth, appsInAnyNamespaceEnabled: appsInAnyNamespaceEnabled} } // Get returns Argo CD settings @@ -56,7 +62,7 @@ func (s *Server) Get(ctx context.Context, q *settingspkg.SettingsQuery) (*settin if err != nil { return nil, err } - plugins, err := s.plugins() + plugins, err := s.plugins(ctx) if err != nil { return nil, err } @@ -152,16 +158,32 @@ func (s *Server) Get(ctx context.Context, q *settingspkg.SettingsQuery) (*settin return &set, nil } -func (s *Server) plugins() ([]*settingspkg.Plugin, error) { +func (s *Server) plugins(ctx context.Context) ([]*settingspkg.Plugin, error) { in, err := s.mgr.GetConfigManagementPlugins() if err != nil { return nil, err } - out := make([]*settingspkg.Plugin, len(in)) - for i, p := range in { - out[i] = &settingspkg.Plugin{Name: p.Name} + closer, client, err := s.repoClient.NewRepoServerClient() + if err != nil { + return nil, fmt.Errorf("error creating repo server client: %w", err) + } + defer ioutil.Close(closer) + pluginList, err := client.ListPlugins(ctx, &empty.Empty{}) + if err != nil { + return nil, fmt.Errorf("failed to list sidecar plugins from reposerver: %w", err) } + out := []*settingspkg.Plugin{} + for _, p := range in { + out = append(out, &settingspkg.Plugin{Name: p.Name}) + + } + if pluginList != nil && len(pluginList.Items) > 0 { + for _, p := range pluginList.Items { + out = append(out, &settingspkg.Plugin{Name: p.Name}) + } + } + return out, nil } From e379a9b745921f741bdf069587f036516c82f93b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 13 Dec 2022 04:09:49 +0000 Subject: [PATCH 175/304] chore(deps): bump github.com/ktrysmt/go-bitbucket from 0.9.54 to 0.9.55 (#11678) Bumps [github.com/ktrysmt/go-bitbucket](https://github.com/ktrysmt/go-bitbucket) from 0.9.54 to 0.9.55. - [Release notes](https://github.com/ktrysmt/go-bitbucket/releases) - [Commits](https://github.com/ktrysmt/go-bitbucket/compare/v0.9.54...v0.9.55) --- updated-dependencies: - dependency-name: github.com/ktrysmt/go-bitbucket dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: emirot --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 7265d29a1fbf2..e499eab369c24 100644 --- a/go.mod +++ b/go.mod @@ -52,7 +52,7 @@ require ( github.com/itchyny/gojq v0.12.9 github.com/jeremywohl/flatten v1.0.1 github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 - github.com/ktrysmt/go-bitbucket v0.9.54 + github.com/ktrysmt/go-bitbucket v0.9.55 github.com/malexdev/utfutil v0.0.0-20180510171754-00c8d4a8e7a8 // indirect github.com/mattn/go-isatty v0.0.16 github.com/mattn/go-zglob v0.0.4 diff --git a/go.sum b/go.sum index abe46c6bbe8e4..c0db5467c35c1 100644 --- a/go.sum +++ b/go.sum @@ -729,8 +729,8 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= -github.com/ktrysmt/go-bitbucket v0.9.54 h1:QRuLyUCuxsWs+7EL5YLbvT6oijNWSmk2C4/yp1yIjM0= -github.com/ktrysmt/go-bitbucket v0.9.54/go.mod h1:aB/IUpoFE65X84soIfgUPT53bzp/jfYoffLN2mg3bFc= +github.com/ktrysmt/go-bitbucket v0.9.55 h1:eOrF7wWmG4wz5iPr7ymgyWLoti2OfmrhU2tmT6yhAu8= +github.com/ktrysmt/go-bitbucket v0.9.55/go.mod h1:y5wrrDHCGUFAtuC43GyLBeFigq7rwrh4HqeDOOyZT+A= github.com/leodido/go-urn v1.1.0/go.mod h1:+cyI34gQWZcE1eQU7NVgKkkzdXDQHr1dBMtdAPozLkw= github.com/libopenstorage/openstorage v1.0.0/go.mod h1:Sp1sIObHjat1BeXhfMqLZ14wnOzEhNx2YQedreMcUyc= github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0= From 18e661ddcb8144b7c7b130188ac1e7610a6ed5e8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 13 Dec 2022 08:24:45 -0500 Subject: [PATCH 176/304] chore(deps): bump actions/checkout from 3.1.0 to 3.2.0 (#11679) Bumps [actions/checkout](https://github.com/actions/checkout) from 3.1.0 to 3.2.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8...755da8c3cf115ac066823e79a1e1788f8940201b) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: emirot --- .github/workflows/ci-build.yaml | 18 +++++++++--------- .github/workflows/codeql.yml | 2 +- .github/workflows/image.yaml | 2 +- .github/workflows/release.yaml | 2 +- .github/workflows/update-snyk.yaml | 2 +- 5 files changed, 13 insertions(+), 13 deletions(-) diff --git a/.github/workflows/ci-build.yaml b/.github/workflows/ci-build.yaml index fe763170daf33..0c0ddd60c5888 100644 --- a/.github/workflows/ci-build.yaml +++ b/.github/workflows/ci-build.yaml @@ -27,7 +27,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout code - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 - name: Setup Golang uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613 # v3.4.0 with: @@ -45,7 +45,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout code - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 - name: Setup Golang uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613 # v3.4.0 with: @@ -69,7 +69,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout code - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 - name: Setup Golang uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613 # v3.4.0 with: @@ -92,7 +92,7 @@ jobs: - name: Create checkout directory run: mkdir -p ~/go/src/github.com/argoproj - name: Checkout code - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 - name: Create symlink in GOPATH run: ln -s $(pwd) ~/go/src/github.com/argoproj/argo-cd - name: Setup Golang @@ -155,7 +155,7 @@ jobs: - name: Create checkout directory run: mkdir -p ~/go/src/github.com/argoproj - name: Checkout code - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 - name: Create symlink in GOPATH run: ln -s $(pwd) ~/go/src/github.com/argoproj/argo-cd - name: Setup Golang @@ -206,7 +206,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout code - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 - name: Setup Golang uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613 # v3.4.0 with: @@ -250,7 +250,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout code - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 - name: Setup NodeJS uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516 # v3.5.1 with: @@ -287,7 +287,7 @@ jobs: sonar_secret: ${{ secrets.SONAR_TOKEN }} steps: - name: Checkout code - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 with: fetch-depth: 0 - name: Restore node dependency cache @@ -366,7 +366,7 @@ jobs: GITLAB_TOKEN: ${{ secrets.E2E_TEST_GITLAB_TOKEN }} steps: - name: Checkout code - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 - name: Setup Golang uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613 # v3.4.0 with: diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 1b057e92a7f1e..fc9039dcab10c 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -29,7 +29,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL diff --git a/.github/workflows/image.yaml b/.github/workflows/image.yaml index 2ca494171a813..332d1c118aab8 100644 --- a/.github/workflows/image.yaml +++ b/.github/workflows/image.yaml @@ -32,7 +32,7 @@ jobs: - uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613 # v3.4.0 with: go-version: ${{ env.GOLANG_VERSION }} - - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 with: path: src/github.com/argoproj/argo-cd diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 92bec58d8384d..d24f9e5c4afef 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -43,7 +43,7 @@ jobs: GIT_EMAIL: argoproj@gmail.com steps: - name: Checkout code - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 with: fetch-depth: 0 token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/update-snyk.yaml b/.github/workflows/update-snyk.yaml index 3bed04f42a02c..02c83f6fab78a 100644 --- a/.github/workflows/update-snyk.yaml +++ b/.github/workflows/update-snyk.yaml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout code - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 with: token: ${{ secrets.GITHUB_TOKEN }} - name: Build reports From 8238d8db53d74395755decf0f5b3b751463b83fb Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Tue, 13 Dec 2022 15:29:44 +0100 Subject: [PATCH 177/304] chore: add Mercedes-Benz Tech Innovation to user list (#11682) Signed-off-by: Marco Lecheler Signed-off-by: Marco Lecheler Signed-off-by: emirot --- USERS.md | 1 + 1 file changed, 1 insertion(+) diff --git a/USERS.md b/USERS.md index cc398ecfb3f93..78eb50894ce53 100644 --- a/USERS.md +++ b/USERS.md @@ -135,6 +135,7 @@ Currently, the following organizations are **officially** using Argo CD: 1. [Max Kelsen](https://www.maxkelsen.com/) 1. [MeDirect](https://medirect.com.mt/) 1. [Meican](https://meican.com/) +1. [Mercedes-Benz Tech Innovation](https://www.mercedes-benz-techinnovation.com/) 1. [Metanet](http://www.metanet.co.kr/en/) 1. [MindSpore](https://mindspore.cn) 1. [Mirantis](https://mirantis.com/) From 530bff0beff839313204822a916038e4b4f501b7 Mon Sep 17 00:00:00 2001 From: asingh <11219262+ashutosh16@users.noreply.github.com> Date: Tue, 13 Dec 2022 06:35:04 -0800 Subject: [PATCH 178/304] fix: appname in searchbar (#11493) * fix: appname in searchbar Signed-off-by: ashutosh16 <11219262+ashutosh16@users.noreply.github.com> * fix: appname in searchbar Signed-off-by: ashutosh16 <11219262+ashutosh16@users.noreply.github.com> Signed-off-by: ashutosh16 <11219262+ashutosh16@users.noreply.github.com> Signed-off-by: emirot --- .../components/applications-list/applications-list.tsx | 5 +++-- .../components/applications-list/applications-tiles.tsx | 4 ++-- .../application-selector/application-selector.tsx | 6 +++--- 3 files changed, 8 insertions(+), 7 deletions(-) diff --git a/ui/src/app/applications/components/applications-list/applications-list.tsx b/ui/src/app/applications/components/applications-list/applications-list.tsx index 9b5e66417a2b4..42ee2da8a6899 100644 --- a/ui/src/app/applications/components/applications-list/applications-list.tsx +++ b/ui/src/app/applications/components/applications-list/applications-list.tsx @@ -7,7 +7,7 @@ import {RouteComponentProps} from 'react-router'; import {combineLatest, from, merge, Observable} from 'rxjs'; import {bufferTime, delay, filter, map, mergeMap, repeat, retryWhen} from 'rxjs/operators'; import {AddAuthToToolbar, ClusterCtx, DataLoader, EmptyState, ObservableQuery, Page, Paginate, Query, Spinner} from '../../../shared/components'; -import {Consumer, Context, ContextApis} from '../../../shared/context'; +import {AuthSettingsCtx, Consumer, Context, ContextApis} from '../../../shared/context'; import * as models from '../../../shared/models'; import {AppsListViewKey, AppsListPreferences, AppsListViewType, HealthStatusBarPreferences, services} from '../../../shared/services'; import {ApplicationCreatePanel} from '../application-create-panel/application-create-panel'; @@ -197,6 +197,7 @@ const SearchBar = (props: {content: string; ctx: ContextApis; apps: models.Appli const {useKeybinding} = React.useContext(KeybindingContext); const [isFocused, setFocus] = React.useState(false); + const useAuthSettingsCtx = React.useContext(AuthSettingsCtx); useKeybinding({ keys: Key.SLASH, @@ -265,7 +266,7 @@ const SearchBar = (props: {content: string; ctx: ContextApis; apps: models.Appli }} onChange={e => ctx.navigation.goto('.', {search: e.target.value}, {replace: true})} value={content || ''} - items={apps.map(app => app.metadata.namespace + '/' + app.metadata.name)} + items={apps.map(app => AppUtils.appQualifiedName(app, useAuthSettingsCtx?.appsInAnyNamespaceEnabled))} /> ); }; diff --git a/ui/src/app/applications/components/applications-list/applications-tiles.tsx b/ui/src/app/applications/components/applications-list/applications-tiles.tsx index f54bebef1e33b..e77cc817250a7 100644 --- a/ui/src/app/applications/components/applications-list/applications-tiles.tsx +++ b/ui/src/app/applications/components/applications-list/applications-tiles.tsx @@ -53,7 +53,7 @@ export const ApplicationTiles = ({applications, syncApplication, refreshApplicat const appRef = {ref: React.useRef(null), set: false}; const appContainerRef = React.useRef(null); const appsPerRow = useItemsPerContainer(appRef.ref, appContainerRef); - const authSettingsCtx = React.useContext(AuthSettingsCtx); + const useAuthSettingsCtx = React.useContext(AuthSettingsCtx); const {useKeybinding} = React.useContext(KeybindingContext); @@ -131,7 +131,7 @@ export const ApplicationTiles = ({applications, syncApplication, refreshApplicat - {AppUtils.appQualifiedName(app, authSettingsCtx?.appsInAnyNamespaceEnabled)} + {AppUtils.appQualifiedName(app, useAuthSettingsCtx?.appsInAnyNamespaceEnabled)} diff --git a/ui/src/app/shared/components/application-selector/application-selector.tsx b/ui/src/app/shared/components/application-selector/application-selector.tsx index 6b7b74212bf05..786d39c4cd6cd 100644 --- a/ui/src/app/shared/components/application-selector/application-selector.tsx +++ b/ui/src/app/shared/components/application-selector/application-selector.tsx @@ -6,7 +6,7 @@ import {appInstanceName, appQualifiedName, ComparisonStatusIcon, HealthStatusIco import {AuthSettingsCtx} from '../../context'; export const ApplicationSelector = ({apps, formApi}: {apps: models.Application[]; formApi: FormFunctionProps}) => { - const authSettingsCtx = React.useContext(AuthSettingsCtx); + const useAuthSettingsCtx = React.useContext(AuthSettingsCtx); return ( <>
    Project docker-image|quay.io/argoproj/argocd
    Path quay.io/argoproj/argocd:v2.5.2/argoproj/argocd
    Path quay.io/argoproj/argocd:v2.5.4/argoproj/argocd
    Package Manager deb
    Manifest Dockerfile
    + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    StringNumber of C'sNumber of steps
    ACCCX338
    ACCCCX471
    ACCCCCX5136
    ACCCCCCCCCCCCCCX1465,553
    +

    By the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.

    +

    Remediation

    +

    Upgrade minimatch to version 3.0.5 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Denial of Service (DoS)

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + golang.org/x/net/http2 +
      • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, k8s.io/client-go/rest@0.24.2 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/improbable-eng/grpc-web/go/grpcweb@#16092bd1d58a + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/soheilhy/cmux@0.1.5 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/discovery@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/dynamic@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/transport/spdy@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/pkg/kubeclientmetrics@#27bd8ce31415 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 k8s.io/client-go/testing@0.24.2 @@ -2756,312 +3045,6 @@

      References

    -
    -

    Server-side Request Forgery (SSRF)

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: npm -
      • -
    • - Vulnerable module: - - parse-url -
      • - -
    • Introduced through: - - - argo-cd-ui@1.0.0, git-url-parse@11.6.0 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - argo-cd-ui@1.0.0 - - git-url-parse@11.6.0 - - git-up@4.0.5 - - parse-url@6.0.5 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    parse-url is an An advanced url parser supporting git urls too.

    -

    Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) due to improper detection of protocol, resource, and pathname fields. Exploiting this vulnerability results in bypassing protocol verification.

    -

    PoC:

    - 
    import parseUrl from "parse-url";
-        import fetch from 'node-fetch';
-        var parsed=parseUrl("http://nnnn@localhost:808:/?id=xss")
-        if(parsed.resource=="localhost"){
-        console.log("internal network access is blocked")
-        }
-        else{
-           const response = await fetch('http://'+parsed.resource+parsed.pathname);
-                console.log(response)
-         }
-
    -

    Remediation

    -

    Upgrade parse-url to version 8.1.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Input Validation

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: npm -
      • -
    • - Vulnerable module: - - parse-url -
      • - -
    • Introduced through: - - - argo-cd-ui@1.0.0, git-url-parse@11.6.0 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - argo-cd-ui@1.0.0 - - git-url-parse@11.6.0 - - git-up@4.0.5 - - parse-url@6.0.5 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    parse-url is an An advanced url parser supporting git urls too.

    -

    Affected versions of this package are vulnerable to Improper Input Validation due to incorrect parsing of URLs. This allows the attacker to craft a malformed URL which can lead to a phishing attack.

    - 
    
-        const parseUrl = require("parse-url");
-        const Url = require("url");
-        
-        const express = require('express');
-        const app = express();
-        
-        var url = "https://www.google.com:x@fakesite.com:x";
-        parsed = parseUrl(url);
-        console.log("[*]`parse-url` output: ")
-        console.log(parsed);
-        
-        parsed2 = Url.parse(url);
-        console.log("[*]`url` output: ")
-        console.log(parsed2)
-        
-        app.get('/', (req, res) => {
-            if (parsed.host == "www.google.com") {
-                res.send("<a href=\'" + parsed2.href + "\'>CLICK ME!</a>")
-            }
-        })
-        
-        app.listen(8888,"0.0.0.0");
-
    -

    Remediation

    -

    Upgrade parse-url to version 8.1.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Regular Expression Denial of Service (ReDoS)

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: npm -
      • -
    • - Vulnerable module: - - minimatch -
      • - -
    • Introduced through: - - - argo-cd-ui@1.0.0, redoc@2.0.0-rc.64 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - argo-cd-ui@1.0.0 - - redoc@2.0.0-rc.64 - - @redocly/openapi-core@1.0.0-beta.82 - - minimatch@3.0.4 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    minimatch is a minimal matching utility.

    -

    Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the braceExpand function in minimatch.js.

    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.

    -

    The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.

    -

    Let’s take the following regular expression as an example:

    - 
    regex = /A(B|C+)+D/
-
    -

    This regular expression accomplishes the following:

    -
      -
    • A The string must start with the letter 'A'
      • -
    • (B|C+)+ The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the + matches one or more times). The + at the end of this section states that we can look for one or more matches of this section.
      • -
    • D Finally, we ensure this section of the string ends with a 'D'
      • -
    -

    The expression would match inputs such as ABBD, ABCCCCD, ABCBCCCD and ACCCCCD

    -

    It most cases, it doesn't take very long for a regex engine to find a match:

    - 
    $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD")'
-        0.04s user 0.01s system 95% cpu 0.052 total
-        
-        $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX")'
-        1.79s user 0.02s system 99% cpu 1.812 total
-
    -

    The entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.

    -

    Most Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as catastrophic backtracking.

    -

    Let's look at how our expression runs into this problem, using a shorter string: "ACCCX". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:

    -
      -
    1. CCC
      2. -
    2. CC+C
      3. -
    3. C+CC
      4. -
    4. C+C+C.
      5. -
    -

    The engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use RegEx 101 debugger to see the engine has to take a total of 38 steps before it can determine the string doesn't match.

    -

    From there, the number of steps the engine must use to validate a string just continues to grow.

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    StringNumber of C'sNumber of steps
    ACCCX338
    ACCCCX471
    ACCCCCX5136
    ACCCCCCCCCCCCCCX1465,553
    -

    By the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.

    -

    Remediation

    -

    Upgrade minimatch to version 3.0.5 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    diff --git a/docs/snyk/master/ghcr.io_dexidp_dex_v2.35.3.html b/docs/snyk/master/ghcr.io_dexidp_dex_v2.35.3.html index 12e8e9dc2fb96..e019f47a34679 100644 --- a/docs/snyk/master/ghcr.io_dexidp_dex_v2.35.3.html +++ b/docs/snyk/master/ghcr.io_dexidp_dex_v2.35.3.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    December 11th 2022, 12:15:52 am

    +

    December 16th 2022, 9:16:31 pm

    Scanned the following path: diff --git a/docs/snyk/master/haproxy_2.6.2-alpine.html b/docs/snyk/master/haproxy_2.6.2-alpine.html index d725bd1b474d1..250dd734e2a59 100644 --- a/docs/snyk/master/haproxy_2.6.2-alpine.html +++ b/docs/snyk/master/haproxy_2.6.2-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    December 11th 2022, 12:15:57 am

    +

    December 16th 2022, 9:16:36 pm

    Scanned the following path: diff --git a/docs/snyk/master/quay.io_argoproj_argocd_latest.html b/docs/snyk/master/quay.io_argoproj_argocd_latest.html index f293ce32aed42..ef6b46f3e38d7 100644 --- a/docs/snyk/master/quay.io_argoproj_argocd_latest.html +++ b/docs/snyk/master/quay.io_argoproj_argocd_latest.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    December 11th 2022, 12:16:21 am

    +

    December 16th 2022, 9:17:01 pm

    Scanned the following path: @@ -466,8 +466,8 @@

    Snyk test report

    -
    13 known vulnerabilities
    -
    81 vulnerable dependency paths
    +
    15 known vulnerabilities
    +
    91 vulnerable dependency paths
    162 dependencies
    @@ -655,6 +655,76 @@

    References

    More about this vulnerability

    +
    +
    +

    CVE-2022-46908

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + sqlite3/libsqlite3-0 +
      • + +
    • Introduced through: + + + docker-image|quay.io/argoproj/argocd@latest, gnupg2/gpg@2.2.27-3ubuntu2.1 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + gnupg2/gpg@2.2.27-3ubuntu2.1 + + sqlite3/libsqlite3-0@3.37.2-2ubuntu0.1 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply to the upstream sqlite3 package.

    +

    SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 sqlite3.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    Uncontrolled Recursion

    @@ -873,6 +943,177 @@

    References

    More about this vulnerability

    +
    +
    +

    Improper Locking

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + openssl/libssl3 +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@latest and openssl/libssl3@3.0.2-0ubuntu1.7 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + openssl/libssl3@3.0.2-0ubuntu1.7 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1 + + openssl/libssl3@3.0.2-0ubuntu1.7 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + libfido2/libfido2-1@1.10.0-1 + + openssl/libssl3@3.0.2-0ubuntu1.7 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + openssh/openssh-client@1:8.9p1-3 + + openssl/libssl3@3.0.2-0ubuntu1.7 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + ca-certificates@20211016ubuntu0.22.04.1 + + openssl@3.0.2-0ubuntu1.7 + + openssl/libssl3@3.0.2-0ubuntu1.7 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + git@1:2.34.1-1ubuntu1.5 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.6 + + libssh/libssh-4@0.9.6-2build1 + + openssl/libssl3@3.0.2-0ubuntu1.7 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.1 + + pam/libpam-modules@1.4.0-11ubuntu2 + + libnsl/libnsl2@1.3.0-2build2 + + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + + krb5/libgssapi-krb5-2@1.19.2-2 + + krb5/libkrb5-3@1.19.2-2 + + openssl/libssl3@3.0.2-0ubuntu1.7 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + openssl@3.0.2-0ubuntu1.7 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + ca-certificates@20211016ubuntu0.22.04.1 + + openssl@3.0.2-0ubuntu1.7 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply to the upstream openssl package.

    +

    If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems (most widely: Windows) this results in a denial of service when the affected process hangs. Policy processing being enabled on a publicly facing server is not considered to be a common setup. Policy processing is enabled by passing the -policy&#39; argument to the command line utilities or by calling either X509_VERIFY_PARAM_add0_policy()' or `X509_VERIFY_PARAM_set1_policies()' functions.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 openssl.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    CVE-2021-41617

    diff --git a/docs/snyk/master/redis_7.0.5-alpine.html b/docs/snyk/master/redis_7.0.5-alpine.html index 7cf84960c9178..7598fd171e1f2 100644 --- a/docs/snyk/master/redis_7.0.5-alpine.html +++ b/docs/snyk/master/redis_7.0.5-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    December 11th 2022, 12:16:28 am

    +

    December 16th 2022, 9:17:07 pm

    Scanned the following path: diff --git a/docs/snyk/v2.3.11/argocd-iac-install.html b/docs/snyk/v2.3.12/argocd-iac-install.html similarity index 99% rename from docs/snyk/v2.3.11/argocd-iac-install.html rename to docs/snyk/v2.3.12/argocd-iac-install.html index 4067e8eccc0fc..7ec43df20f1d7 100644 --- a/docs/snyk/v2.3.11/argocd-iac-install.html +++ b/docs/snyk/v2.3.12/argocd-iac-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    December 11th 2022, 12:24:40 am

    +

    December 16th 2022, 9:24:01 pm

    Scanned the following path: diff --git a/docs/snyk/v2.3.11/argocd-iac-namespace-install.html b/docs/snyk/v2.3.12/argocd-iac-namespace-install.html similarity index 99% rename from docs/snyk/v2.3.11/argocd-iac-namespace-install.html rename to docs/snyk/v2.3.12/argocd-iac-namespace-install.html index a2de3838730a2..b3c614a0f3520 100644 --- a/docs/snyk/v2.3.11/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.3.12/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    December 11th 2022, 12:25:20 am

    +

    December 16th 2022, 9:24:33 pm

    Scanned the following path: diff --git a/docs/snyk/v2.3.11/argocd-test.html b/docs/snyk/v2.3.12/argocd-test.html similarity index 97% rename from docs/snyk/v2.3.11/argocd-test.html rename to docs/snyk/v2.3.12/argocd-test.html index b4e5afffae90b..3c9029e366f89 100644 --- a/docs/snyk/v2.3.11/argocd-test.html +++ b/docs/snyk/v2.3.12/argocd-test.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    December 11th 2022, 12:22:35 am

    +

    December 16th 2022, 9:22:22 pm

    Scanned the following paths: @@ -466,8 +466,8 @@

    Snyk test report

    -
    13 known vulnerabilities
    -
    114 vulnerable dependency paths
    +
    12 known vulnerabilities
    +
    113 vulnerable dependency paths
    1467 dependencies
    @@ -766,13 +766,13 @@

    Denial of Service (DoS)

  • Vulnerable module: - golang.org/x/net/http2 + github.com/prometheus/client_golang/prometheus/promhttp
  • Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 and github.com/prometheus/client_golang/prometheus/promhttp@1.11.0 - github.com/argoproj/argo-cd/v2@0.0.0, k8s.io/client-go/rest@0.23.1 and others
    • @@ -786,209 +786,564 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/rest@0.23.1 - - golang.org/x/net/http2@#491a49abca63 + github.com/prometheus/client_golang/prometheus/promhttp@1.11.0 -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@#16092bd1d58a - - golang.org/x/net/http2@#491a49abca63 - - + -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/util/net@0.23.1 - - golang.org/x/net/http2@#491a49abca63 - - +
    • - -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/soheilhy/cmux@0.1.5 - - golang.org/x/net/http2@#491a49abca63 - - +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Denial of Service (DoS) when handling requests with non-standard HTTP methods.

    +

    Note: In order to be affected, an instrumented software must:

    +
      +

    1. use promhttp.InstrumentHandler* middleware except RequestsInFlight

      +
      2. +

    2. not filter any specific methods (e.g GET) before middleware

      +
      3. +

    3. pass metric with method label name to the middleware

      +
      4. +

    4. not have any firewall/LB/proxy that filters away requests with unknown method.

      +
      5. +
    +

    Workarounds:

    +
      +

    1. removing the method label name from counter/gauge used in the InstrumentHandler

      +
      2. +

    2. turning off affected promhttp handlers

      +
      3. +

    3. adding custom middleware before promhttp handler that will sanitize the request method given by Go http.Request

      +
      4. +

    4. using a reverse proxy or web application firewall, configured to only allow a limited set of methods.

      +
      5. +
    +

    Details

    +

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    +

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    +

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    +

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    +

    Two common types of DoS vulnerabilities:

    +
      +

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      +
      • +

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      +
      • +
    +

    Remediation

    +

    Upgrade github.com/prometheus/client_golang/prometheus/promhttp to version 1.11.1 or higher.

    +

    References

    + -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/cache@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - golang.org/x/net/http2@#491a49abca63 - - +
    -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/discovery@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - golang.org/x/net/http2@#491a49abca63 - - +
    +

    More about this vulnerability

    +
    -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/dynamic@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - golang.org/x/net/http2@#491a49abca63 - - +
    • +
    +

    Server-side Request Forgery (SSRF)

    +
    - +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: npm +
      • +
    • + Vulnerable module: + + parse-url +
      • + +
    • Introduced through: + + + argo-cd-ui@1.0.0, git-url-parse@11.1.2 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
    • Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 + argo-cd-ui@1.0.0 - k8s.io/client-go/transport/spdy@0.23.1 + git-url-parse@11.1.2 - k8s.io/client-go/rest@0.23.1 + git-up@4.0.5 - golang.org/x/net/http2@#491a49abca63 + parse-url@6.0.5
      • +
    + +
    + +
    + +

    Overview

    +

    parse-url is an An advanced url parser supporting git urls too.

    +

    Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) due to improper detection of protocol, resource, and pathname fields. Exploiting this vulnerability results in bypassing protocol verification.

    +

    PoC:

    + 
    import parseUrl from "parse-url";
+        import fetch from 'node-fetch';
+        var parsed=parseUrl("http://nnnn@localhost:808:/?id=xss")
+        if(parsed.resource=="localhost"){
+        console.log("internal network access is blocked")
+        }
+        else{
+           const response = await fetch('http://'+parsed.resource+parsed.pathname);
+                console.log(response)
+         }
+
    +

    Remediation

    +

    Upgrade parse-url to version 8.1.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Improper Input Validation

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: npm +
      • +
    • + Vulnerable module: + + parse-url +
      • + +
    • Introduced through: + + + argo-cd-ui@1.0.0, git-url-parse@11.1.2 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
    • Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 + argo-cd-ui@1.0.0 - github.com/argoproj/pkg/kubeclientmetrics@#36c59d8fafe0 + git-url-parse@11.1.2 - k8s.io/client-go/rest@0.23.1 + git-up@4.0.5 - golang.org/x/net/http2@#491a49abca63 + parse-url@6.0.5
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/testing@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - golang.org/x/net/http2@#491a49abca63 - - +
    - -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - golang.org/x/net/http2@#491a49abca63 - - +
    • - -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/azure@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - golang.org/x/net/http2@#491a49abca63 - - +
    + +

    Overview

    +

    parse-url is an An advanced url parser supporting git urls too.

    +

    Affected versions of this package are vulnerable to Improper Input Validation due to incorrect parsing of URLs. This allows the attacker to craft a malformed URL which can lead to a phishing attack.

    + 
    
+        const parseUrl = require("parse-url");
+        const Url = require("url");
         
-
    • + const express = require('express'); + const app = express(); + + var url = "https://www.google.com:x@fakesite.com:x"; + parsed = parseUrl(url); + console.log("[*]`parse-url` output: ") + console.log(parsed); + + parsed2 = Url.parse(url); + console.log("[*]`url` output: ") + console.log(parsed2) + + app.get('/', (req, res) => { + if (parsed.host == "www.google.com") { + res.send("<a href=\'" + parsed2.href + "\'>CLICK ME!</a>") + } + }) + + app.listen(8888,"0.0.0.0"); + +

    Remediation

    +

    Upgrade parse-url to version 8.1.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Information Exposure

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: npm +
      • +
    • + Vulnerable module: + + node-fetch +
      • + +
    • Introduced through: + + + argo-cd-ui@1.0.0, argo-ui@1.0.0 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
    • Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 + argo-cd-ui@1.0.0 - k8s.io/client-go/plugin/pkg/client/auth/gcp@0.23.1 + argo-ui@1.0.0 - k8s.io/client-go/rest@0.23.1 + portable-fetch@3.0.0 - golang.org/x/net/http2@#491a49abca63 + node-fetch@1.7.3
      • +
    + +
    + +
    + +

    Overview

    +

    node-fetch is a light-weight module that brings window.fetch to node.js

    +

    Affected versions of this package are vulnerable to Information Exposure when fetching a remote url with Cookie, if it get a Location response header, it will follow that url and try to fetch that url with provided cookie. This can lead to forwarding secure headers to 3th party.

    +

    Remediation

    +

    Upgrade node-fetch to version 2.6.7, 3.1.1 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Denial of Service

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: npm +
      • +
    • + Vulnerable module: + + node-fetch +
      • + +
    • Introduced through: + + + argo-cd-ui@1.0.0, argo-ui@1.0.0 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
    • Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 + argo-cd-ui@1.0.0 - k8s.io/client-go/plugin/pkg/client/auth/oidc@0.23.1 + argo-ui@1.0.0 - k8s.io/client-go/rest@0.23.1 + portable-fetch@3.0.0 - golang.org/x/net/http2@#491a49abca63 + node-fetch@1.7.3
      • +
    + +
    + +
    + +

    Overview

    +

    node-fetch is a light-weight module that brings window.fetch to node.js

    +

    Affected versions of this package are vulnerable to Denial of Service. Node Fetch did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure.

    +

    Remediation

    +

    Upgrade node-fetch to version 2.6.1, 3.0.0-beta.9 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Regular Expression Denial of Service (ReDoS)

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: npm +
      • +
    • + Vulnerable module: + + minimatch +
      • + +
    • Introduced through: + + argo-cd-ui@1.0.0 and minimatch@3.0.4 + +
      • +
    + +
    + + +

    Detailed paths

    + +
    • Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/watch@0.23.1 - - k8s.io/apimachinery/pkg/util/net@0.23.1 + argo-cd-ui@1.0.0 - golang.org/x/net/http2@#491a49abca63 + minimatch@3.0.4
    • Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 + argo-cd-ui@1.0.0 - google.golang.org/grpc@1.15.0 + redoc@2.0.0-rc.64 - google.golang.org/grpc/internal/transport@1.15.0 + @redocly/openapi-core@1.0.0-beta.82 - golang.org/x/net/http2@#491a49abca63 + minimatch@3.0.4
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/openapi@0.23.1 - - k8s.io/client-go/discovery@0.23.1 +
    + +
    + +
    + +

    Overview

    +

    minimatch is a minimal matching utility.

    +

    Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the braceExpand function in minimatch.js.

    +

    Details

    +

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.

    +

    The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.

    +

    Let’s take the following regular expression as an example:

    + 
    regex = /A(B|C+)+D/
+
    +

    This regular expression accomplishes the following:

    +
      +
    • A The string must start with the letter 'A'
      • +
    • (B|C+)+ The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the + matches one or more times). The + at the end of this section states that we can look for one or more matches of this section.
      • +
    • D Finally, we ensure this section of the string ends with a 'D'
      • +
    +

    The expression would match inputs such as ABBD, ABCCCCD, ABCBCCCD and ACCCCCD

    +

    It most cases, it doesn't take very long for a regex engine to find a match:

    + 
    $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD")'
+        0.04s user 0.01s system 95% cpu 0.052 total
+        
+        $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX")'
+        1.79s user 0.02s system 99% cpu 1.812 total
+
    +

    The entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.

    +

    Most Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as catastrophic backtracking.

    +

    Let's look at how our expression runs into this problem, using a shorter string: "ACCCX". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:

    +
      +
    1. CCC
      2. +
    2. CC+C
      3. +
    3. C+CC
      4. +
    4. C+C+C.
      5. +
    +

    The engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use RegEx 101 debugger to see the engine has to take a total of 38 steps before it can determine the string doesn't match.

    +

    From there, the number of steps the engine must use to validate a string just continues to grow.

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    StringNumber of C'sNumber of steps
    ACCCX338
    ACCCCX471
    ACCCCCX5136
    ACCCCCCCCCCCCCCX1465,553
    +

    By the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.

    +

    Remediation

    +

    Upgrade minimatch to version 3.0.5 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Denial of Service (DoS)

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + golang.org/x/net/http2 +
      • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, k8s.io/client-go/rest@0.23.1 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 k8s.io/client-go/rest@0.23.1 @@ -1001,11 +1356,7 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/listers/core/v1@0.23.1 - - k8s.io/client-go/tools/cache@0.23.1 - - k8s.io/client-go/rest@0.23.1 + github.com/improbable-eng/grpc-web/go/grpcweb@#16092bd1d58a golang.org/x/net/http2@#491a49abca63 @@ -1016,11 +1367,18 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/api@#91deed20b998 + k8s.io/apimachinery/pkg/util/net@0.23.1 - k8s.io/client-go/tools/cache@0.23.1 + golang.org/x/net/http2@#491a49abca63 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/rest@0.23.1 + github.com/soheilhy/cmux@0.1.5 golang.org/x/net/http2@#491a49abca63 @@ -1031,8 +1389,6 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/informers/core/v1@0.23.1 - k8s.io/client-go/tools/cache@0.23.1 k8s.io/client-go/rest@0.23.1 @@ -1046,9 +1402,7 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/informers@0.23.1 - - k8s.io/client-go/tools/cache@0.23.1 + k8s.io/client-go/discovery@0.23.1 k8s.io/client-go/rest@0.23.1 @@ -1061,9 +1415,7 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/tools/clientcmd@0.23.1 - - k8s.io/client-go/tools/auth@0.23.1 + k8s.io/client-go/dynamic@0.23.1 k8s.io/client-go/rest@0.23.1 @@ -1076,9 +1428,7 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/controller@#91deed20b998 - - k8s.io/client-go/tools/cache@0.23.1 + k8s.io/client-go/transport/spdy@0.23.1 k8s.io/client-go/rest@0.23.1 @@ -1091,9 +1441,7 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/discovery/fake@0.23.1 - - k8s.io/client-go/testing@0.23.1 + github.com/argoproj/pkg/kubeclientmetrics@#36c59d8fafe0 k8s.io/client-go/rest@0.23.1 @@ -1106,8 +1454,6 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/kubernetes/fake@0.23.1 - k8s.io/client-go/testing@0.23.1 k8s.io/client-go/rest@0.23.1 @@ -1121,9 +1467,7 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/tools/remotecommand@0.23.1 - - k8s.io/client-go/transport/spdy@0.23.1 + k8s.io/client-go/kubernetes@0.23.1 k8s.io/client-go/rest@0.23.1 @@ -1136,11 +1480,9 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 - - k8s.io/apimachinery/pkg/watch@0.23.1 + k8s.io/client-go/plugin/pkg/client/auth/azure@0.23.1 - k8s.io/apimachinery/pkg/util/net@0.23.1 + k8s.io/client-go/rest@0.23.1 golang.org/x/net/http2@#491a49abca63 @@ -1151,11 +1493,9 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/transport@0.23.1 + k8s.io/client-go/plugin/pkg/client/auth/gcp@0.23.1 - k8s.io/apimachinery/pkg/util/net@0.23.1 + k8s.io/client-go/rest@0.23.1 golang.org/x/net/http2@#491a49abca63 @@ -1166,11 +1506,9 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/grpc-ecosystem/go-grpc-middleware@1.3.0 - - google.golang.org/grpc@1.15.0 + k8s.io/client-go/plugin/pkg/client/auth/oidc@0.23.1 - google.golang.org/grpc/internal/transport@1.15.0 + k8s.io/client-go/rest@0.23.1 golang.org/x/net/http2@#491a49abca63 @@ -1181,11 +1519,9 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.3.0 - - google.golang.org/grpc@1.15.0 + k8s.io/apimachinery/pkg/watch@0.23.1 - google.golang.org/grpc/internal/transport@1.15.0 + k8s.io/apimachinery/pkg/util/net@0.23.1 golang.org/x/net/http2@#491a49abca63 @@ -1196,8 +1532,6 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/improbable-eng/grpc-web/go/grpcweb@#16092bd1d58a - google.golang.org/grpc@1.15.0 google.golang.org/grpc/internal/transport@1.15.0 @@ -1211,11 +1545,11 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - google.golang.org/grpc/health/grpc_health_v1@1.15.0 + k8s.io/kubectl/pkg/util/openapi@0.23.1 - google.golang.org/grpc@1.15.0 + k8s.io/client-go/discovery@0.23.1 - google.golang.org/grpc/internal/transport@1.15.0 + k8s.io/client-go/rest@0.23.1 golang.org/x/net/http2@#491a49abca63 @@ -1226,11 +1560,11 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.3.0 + k8s.io/client-go/listers/core/v1@0.23.1 - google.golang.org/grpc@1.15.0 + k8s.io/client-go/tools/cache@0.23.1 - google.golang.org/grpc/internal/transport@1.15.0 + k8s.io/client-go/rest@0.23.1 golang.org/x/net/http2@#491a49abca63 @@ -1241,11 +1575,11 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 + github.com/argoproj/notifications-engine/pkg/api@#91deed20b998 - google.golang.org/grpc@1.15.0 + k8s.io/client-go/tools/cache@0.23.1 - google.golang.org/grpc/internal/transport@1.15.0 + k8s.io/client-go/rest@0.23.1 golang.org/x/net/http2@#491a49abca63 @@ -1256,11 +1590,11 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.3.0 + k8s.io/client-go/informers/core/v1@0.23.1 - google.golang.org/grpc@1.15.0 + k8s.io/client-go/tools/cache@0.23.1 - google.golang.org/grpc/internal/transport@1.15.0 + k8s.io/client-go/rest@0.23.1 golang.org/x/net/http2@#491a49abca63 @@ -1271,11 +1605,9 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/cache@0.6.2 - - k8s.io/kubectl/pkg/util/openapi@0.23.1 + k8s.io/client-go/informers@0.23.1 - k8s.io/client-go/discovery@0.23.1 + k8s.io/client-go/tools/cache@0.23.1 k8s.io/client-go/rest@0.23.1 @@ -1288,11 +1620,9 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/sync@0.6.2 - - k8s.io/kubectl/pkg/util/openapi@0.23.1 + k8s.io/client-go/tools/clientcmd@0.23.1 - k8s.io/client-go/discovery@0.23.1 + k8s.io/client-go/tools/auth@0.23.1 k8s.io/client-go/rest@0.23.1 @@ -1305,11 +1635,9 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/utils/kube@0.6.2 - - k8s.io/kubectl/pkg/util/openapi@0.23.1 + github.com/argoproj/notifications-engine/pkg/controller@#91deed20b998 - k8s.io/client-go/discovery@0.23.1 + k8s.io/client-go/tools/cache@0.23.1 k8s.io/client-go/rest@0.23.1 @@ -1322,11 +1650,9 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/cmd@#91deed20b998 - - k8s.io/client-go/tools/clientcmd@0.23.1 + k8s.io/client-go/discovery/fake@0.23.1 - k8s.io/client-go/tools/auth@0.23.1 + k8s.io/client-go/testing@0.23.1 k8s.io/client-go/rest@0.23.1 @@ -1339,11 +1665,9 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/kubectl/pkg/util/term@0.23.1 - - k8s.io/client-go/tools/remotecommand@0.23.1 + k8s.io/client-go/kubernetes/fake@0.23.1 - k8s.io/client-go/transport/spdy@0.23.1 + k8s.io/client-go/testing@0.23.1 k8s.io/client-go/rest@0.23.1 @@ -1356,13 +1680,11 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.23.1 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + k8s.io/client-go/tools/remotecommand@0.23.1 - k8s.io/apimachinery/pkg/watch@0.23.1 + k8s.io/client-go/transport/spdy@0.23.1 - k8s.io/apimachinery/pkg/util/net@0.23.1 + k8s.io/client-go/rest@0.23.1 golang.org/x/net/http2@#491a49abca63 @@ -1373,8 +1695,245 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/api/rbac/v1@0.23.1 - + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + + k8s.io/apimachinery/pkg/watch@0.23.1 + + k8s.io/apimachinery/pkg/util/net@0.23.1 + + golang.org/x/net/http2@#491a49abca63 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/rest@0.23.1 + + k8s.io/client-go/transport@0.23.1 + + k8s.io/apimachinery/pkg/util/net@0.23.1 + + golang.org/x/net/http2@#491a49abca63 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.3.0 + + google.golang.org/grpc@1.15.0 + + google.golang.org/grpc/internal/transport@1.15.0 + + golang.org/x/net/http2@#491a49abca63 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.3.0 + + google.golang.org/grpc@1.15.0 + + google.golang.org/grpc/internal/transport@1.15.0 + + golang.org/x/net/http2@#491a49abca63 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/improbable-eng/grpc-web/go/grpcweb@#16092bd1d58a + + google.golang.org/grpc@1.15.0 + + google.golang.org/grpc/internal/transport@1.15.0 + + golang.org/x/net/http2@#491a49abca63 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health/grpc_health_v1@1.15.0 + + google.golang.org/grpc@1.15.0 + + google.golang.org/grpc/internal/transport@1.15.0 + + golang.org/x/net/http2@#491a49abca63 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/auth@1.3.0 + + google.golang.org/grpc@1.15.0 + + google.golang.org/grpc/internal/transport@1.15.0 + + golang.org/x/net/http2@#491a49abca63 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 + + google.golang.org/grpc@1.15.0 + + google.golang.org/grpc/internal/transport@1.15.0 + + golang.org/x/net/http2@#491a49abca63 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/retry@1.3.0 + + google.golang.org/grpc@1.15.0 + + google.golang.org/grpc/internal/transport@1.15.0 + + golang.org/x/net/http2@#491a49abca63 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/cache@0.6.2 + + k8s.io/kubectl/pkg/util/openapi@0.23.1 + + k8s.io/client-go/discovery@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + golang.org/x/net/http2@#491a49abca63 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync@0.6.2 + + k8s.io/kubectl/pkg/util/openapi@0.23.1 + + k8s.io/client-go/discovery@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + golang.org/x/net/http2@#491a49abca63 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube@0.6.2 + + k8s.io/kubectl/pkg/util/openapi@0.23.1 + + k8s.io/client-go/discovery@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + golang.org/x/net/http2@#491a49abca63 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/cmd@#91deed20b998 + + k8s.io/client-go/tools/clientcmd@0.23.1 + + k8s.io/client-go/tools/auth@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + golang.org/x/net/http2@#491a49abca63 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/kubectl/pkg/util/term@0.23.1 + + k8s.io/client-go/tools/remotecommand@0.23.1 + + k8s.io/client-go/transport/spdy@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + golang.org/x/net/http2@#491a49abca63 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.23.1 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + + k8s.io/apimachinery/pkg/watch@0.23.1 + + k8s.io/apimachinery/pkg/util/net@0.23.1 + + golang.org/x/net/http2@#491a49abca63 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/api/rbac/v1@0.23.1 + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 k8s.io/apimachinery/pkg/watch@0.23.1 @@ -2284,592 +2843,86 @@

      Detailed paths

      k8s.io/kubectl/pkg/util/openapi@0.23.1 - k8s.io/client-go/discovery@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - golang.org/x/net/http2@#491a49abca63 - -       - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/diff@0.6.2 - - k8s.io/client-go/kubernetes/scheme@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.23.1 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.23.1 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 - - k8s.io/apimachinery/pkg/watch@0.23.1 - - k8s.io/apimachinery/pkg/util/net@0.23.1 - - golang.org/x/net/http2@#491a49abca63 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/envtest@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/webhook/conversion@0.11.0 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.23.1 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.23.1 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 - - k8s.io/apimachinery/pkg/watch@0.23.1 - - k8s.io/apimachinery/pkg/util/net@0.23.1 - - golang.org/x/net/http2@#491a49abca63 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#91deed20b998 - - k8s.io/client-go/tools/clientcmd@0.23.1 - - k8s.io/client-go/tools/clientcmd/api/latest@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.23.1 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.23.1 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 - - k8s.io/apimachinery/pkg/watch@0.23.1 - - k8s.io/apimachinery/pkg/util/net@0.23.1 - - golang.org/x/net/http2@#491a49abca63 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    -

    Affected versions of this package are vulnerable to Denial of Service (DoS) due to improper checks and limitations for the number of entries in the cache, which can allow an attacker to consume unbounded amounts of memory by sending a small number of very large keys.

    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    -

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    -

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    -

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    -

    Two common types of DoS vulnerabilities:

    -
      -

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      -
      • -

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      -
      • -
    -

    Remediation

    -

    Upgrade golang.org/x/net/http2 to version 0.4.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Denial of Service (DoS)

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: npm -
      • -
    • - Vulnerable module: - - decode-uri-component -
      • - -
    • Introduced through: - - - argo-cd-ui@1.0.0, git-url-parse@11.1.2 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - argo-cd-ui@1.0.0 - - git-url-parse@11.1.2 - - git-up@4.0.5 - - parse-url@6.0.5 - - parse-path@4.0.3 - - query-string@6.14.1 - - decode-uri-component@0.2.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Denial of Service (DoS) due to improper input validation, when the hash string # kun%ea%ba%5a%ba is being parsed by decodeUriComponent.

    -

    PoC

    - 
    const decodeUriComponent = require('decode-uri-component');
-        
-        var x = decodeUriComponent('%ea%ba%5a%ba');
-        
-        console.log(x);
-
    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    -

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    -

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    -

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    -

    Two common types of DoS vulnerabilities:

    -
      -

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      -
      • -

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      -
      • -
    -

    Remediation

    -

    Upgrade decode-uri-component to version 0.2.2 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Server-side Request Forgery (SSRF)

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: npm -
      • -
    • - Vulnerable module: - - parse-url -
      • - -
    • Introduced through: - - - argo-cd-ui@1.0.0, git-url-parse@11.1.2 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - argo-cd-ui@1.0.0 - - git-url-parse@11.1.2 - - git-up@4.0.5 - - parse-url@6.0.5 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    parse-url is an An advanced url parser supporting git urls too.

    -

    Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) due to improper detection of protocol, resource, and pathname fields. Exploiting this vulnerability results in bypassing protocol verification.

    -

    PoC:

    - 
    import parseUrl from "parse-url";
-        import fetch from 'node-fetch';
-        var parsed=parseUrl("http://nnnn@localhost:808:/?id=xss")
-        if(parsed.resource=="localhost"){
-        console.log("internal network access is blocked")
-        }
-        else{
-           const response = await fetch('http://'+parsed.resource+parsed.pathname);
-                console.log(response)
-         }
-
    -

    Remediation

    -

    Upgrade parse-url to version 8.1.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Input Validation

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: npm -
      • -
    • - Vulnerable module: - - parse-url -
      • - -
    • Introduced through: - - - argo-cd-ui@1.0.0, git-url-parse@11.1.2 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - argo-cd-ui@1.0.0 - - git-url-parse@11.1.2 - - git-up@4.0.5 - - parse-url@6.0.5 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    parse-url is an An advanced url parser supporting git urls too.

    -

    Affected versions of this package are vulnerable to Improper Input Validation due to incorrect parsing of URLs. This allows the attacker to craft a malformed URL which can lead to a phishing attack.

    - 
    
-        const parseUrl = require("parse-url");
-        const Url = require("url");
-        
-        const express = require('express');
-        const app = express();
-        
-        var url = "https://www.google.com:x@fakesite.com:x";
-        parsed = parseUrl(url);
-        console.log("[*]`parse-url` output: ")
-        console.log(parsed);
-        
-        parsed2 = Url.parse(url);
-        console.log("[*]`url` output: ")
-        console.log(parsed2)
-        
-        app.get('/', (req, res) => {
-            if (parsed.host == "www.google.com") {
-                res.send("<a href=\'" + parsed2.href + "\'>CLICK ME!</a>")
-            }
-        })
-        
-        app.listen(8888,"0.0.0.0");
-
    -

    Remediation

    -

    Upgrade parse-url to version 8.1.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Information Exposure

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: npm -
      • -
    • - Vulnerable module: - - node-fetch -
      • - -
    • Introduced through: - - - argo-cd-ui@1.0.0, argo-ui@1.0.0 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - argo-cd-ui@1.0.0 - - argo-ui@1.0.0 - - portable-fetch@3.0.0 - - node-fetch@1.7.3 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    node-fetch is a light-weight module that brings window.fetch to node.js

    -

    Affected versions of this package are vulnerable to Information Exposure when fetching a remote url with Cookie, if it get a Location response header, it will follow that url and try to fetch that url with provided cookie. This can lead to forwarding secure headers to 3th party.

    -

    Remediation

    -

    Upgrade node-fetch to version 2.6.7, 3.1.1 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Denial of Service

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: npm -
      • -
    • - Vulnerable module: - - node-fetch -
      • - -
    • Introduced through: - - - argo-cd-ui@1.0.0, argo-ui@1.0.0 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - argo-cd-ui@1.0.0 - - argo-ui@1.0.0 - - portable-fetch@3.0.0 - - node-fetch@1.7.3 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    node-fetch is a light-weight module that brings window.fetch to node.js

    -

    Affected versions of this package are vulnerable to Denial of Service. Node Fetch did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure.

    -

    Remediation

    -

    Upgrade node-fetch to version 2.6.1, 3.0.0-beta.9 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Regular Expression Denial of Service (ReDoS)

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: npm -
      • -
    • - Vulnerable module: - - minimatch -
      • - -
    • Introduced through: - - argo-cd-ui@1.0.0 and minimatch@3.0.4 - -
      • -
    - -
    - + k8s.io/client-go/discovery@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + golang.org/x/net/http2@#491a49abca63 + + -

    Detailed paths

    + +
  • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/diff@0.6.2 + + k8s.io/client-go/kubernetes/scheme@0.23.1 + + k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 + + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.23.1 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.23.1 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + + k8s.io/apimachinery/pkg/watch@0.23.1 + + k8s.io/apimachinery/pkg/util/net@0.23.1 + + golang.org/x/net/http2@#491a49abca63 + + -
      +
    • Introduced through: - argo-cd-ui@1.0.0 + github.com/argoproj/argo-cd/v2@0.0.0 - minimatch@3.0.4 + sigs.k8s.io/controller-runtime/pkg/envtest@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/webhook/conversion@0.11.0 + + k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 + + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.23.1 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.23.1 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + + k8s.io/apimachinery/pkg/watch@0.23.1 + + k8s.io/apimachinery/pkg/util/net@0.23.1 + + golang.org/x/net/http2@#491a49abca63
    • Introduced through: - argo-cd-ui@1.0.0 + github.com/argoproj/argo-cd/v2@0.0.0 - redoc@2.0.0-rc.64 + github.com/argoproj/notifications-engine/pkg/cmd@#91deed20b998 - @redocly/openapi-core@1.0.0-beta.82 + k8s.io/client-go/tools/clientcmd@0.23.1 - minimatch@3.0.4 + k8s.io/client-go/tools/clientcmd/api/latest@0.23.1 + + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.23.1 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.23.1 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 + + k8s.io/apimachinery/pkg/watch@0.23.1 + + k8s.io/apimachinery/pkg/util/net@0.23.1 + + golang.org/x/net/http2@#491a49abca63 @@ -2881,80 +2934,34 @@

      Detailed paths

      Overview

      -

      minimatch is a minimal matching utility.

      -

      Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the braceExpand function in minimatch.js.

      +

      golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

      +

      Affected versions of this package are vulnerable to Denial of Service (DoS) due to improper checks and limitations for the number of entries in the cache, which can allow an attacker to consume unbounded amounts of memory by sending a small number of very large keys.

      Details

      -

      Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.

      -

      The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.

      -

      Let’s take the following regular expression as an example:

      - 
      regex = /A(B|C+)+D/
-
      -

      This regular expression accomplishes the following:

      +

      Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

      +

      Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

      +

      One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

      +

      When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

      +

      Two common types of DoS vulnerabilities:

        -
      • A The string must start with the letter 'A'
        • -
      • (B|C+)+ The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the + matches one or more times). The + at the end of this section states that we can look for one or more matches of this section.
        • -
      • D Finally, we ensure this section of the string ends with a 'D'
        • +

      • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

        +
        • +

      • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

        +
      -

      The expression would match inputs such as ABBD, ABCCCCD, ABCBCCCD and ACCCCCD

      -

      It most cases, it doesn't take very long for a regex engine to find a match:

      - 
      $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD")'
-        0.04s user 0.01s system 95% cpu 0.052 total
-        
-        $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX")'
-        1.79s user 0.02s system 99% cpu 1.812 total
-
      -

      The entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.

      -

      Most Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as catastrophic backtracking.

      -

      Let's look at how our expression runs into this problem, using a shorter string: "ACCCX". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:

      -
        -
      1. CCC
        2. -
      2. CC+C
        3. -
      3. C+CC
        4. -
      4. C+C+C.
        5. -
      -

      The engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use RegEx 101 debugger to see the engine has to take a total of 38 steps before it can determine the string doesn't match.

      -

      From there, the number of steps the engine must use to validate a string just continues to grow.

      - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
      StringNumber of C'sNumber of steps
      ACCCX338
      ACCCCX471
      ACCCCCX5136
      ACCCCCCCCCCCCCCX1465,553
      -

      By the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.

      Remediation

      -

      Upgrade minimatch to version 3.0.5 or higher.

      +

      Upgrade golang.org/x/net/http2 to version 0.4.0 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    • @@ -3051,108 +3058,6 @@

    References

    More about this vulnerability

    -
    -
    -

    Denial of Service (DoS)

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - github.com/prometheus/client_golang/prometheus/promhttp -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/prometheus/client_golang/prometheus/promhttp@1.11.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/prometheus/client_golang/prometheus/promhttp@1.11.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Denial of Service (DoS) when handling requests with non-standard HTTP methods.

    -

    Note: In order to be affected, an instrumented software must:

    -
      -

    1. use promhttp.InstrumentHandler* middleware except RequestsInFlight

      -
      2. -

    2. not filter any specific methods (e.g GET) before middleware

      -
      3. -

    3. pass metric with method label name to the middleware

      -
      4. -

    4. not have any firewall/LB/proxy that filters away requests with unknown method.

      -
      5. -
    -

    Workarounds:

    -
      -

    1. removing the method label name from counter/gauge used in the InstrumentHandler

      -
      2. -

    2. turning off affected promhttp handlers

      -
      3. -

    3. adding custom middleware before promhttp handler that will sanitize the request method given by Go http.Request

      -
      4. -

    4. using a reverse proxy or web application firewall, configured to only allow a limited set of methods.

      -
      5. -
    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    -

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    -

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    -

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    -

    Two common types of DoS vulnerabilities:

    -
      -

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      -
      • -

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      -
      • -
    -

    Remediation

    -

    Upgrade github.com/prometheus/client_golang/prometheus/promhttp to version 1.11.1 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    -

    Insecure Randomness

    diff --git a/docs/snyk/v2.5.4/ghcr.io_dexidp_dex_v2.35.3.html b/docs/snyk/v2.3.12/ghcr.io_dexidp_dex_v2.35.3.html similarity index 99% rename from docs/snyk/v2.5.4/ghcr.io_dexidp_dex_v2.35.3.html rename to docs/snyk/v2.3.12/ghcr.io_dexidp_dex_v2.35.3.html index 05fbac446368b..5de247eb04b9d 100644 --- a/docs/snyk/v2.5.4/ghcr.io_dexidp_dex_v2.35.3.html +++ b/docs/snyk/v2.3.12/ghcr.io_dexidp_dex_v2.35.3.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    December 11th 2022, 12:18:16 am

    +

    December 16th 2022, 9:22:26 pm

    Scanned the following path: diff --git a/docs/snyk/v2.3.11/haproxy_2.0.29-alpine.html b/docs/snyk/v2.3.12/haproxy_2.0.29-alpine.html similarity index 99% rename from docs/snyk/v2.3.11/haproxy_2.0.29-alpine.html rename to docs/snyk/v2.3.12/haproxy_2.0.29-alpine.html index 561f4eee1f201..66f77b29a3ced 100644 --- a/docs/snyk/v2.3.11/haproxy_2.0.29-alpine.html +++ b/docs/snyk/v2.3.12/haproxy_2.0.29-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    December 11th 2022, 12:22:44 am

    +

    December 16th 2022, 9:22:29 pm

    Scanned the following path: diff --git a/docs/snyk/v2.3.11/quay.io_argoproj_argocd-applicationset_v0.4.1.html b/docs/snyk/v2.3.12/quay.io_argoproj_argocd-applicationset_v0.4.1.html similarity index 99% rename from docs/snyk/v2.3.11/quay.io_argoproj_argocd-applicationset_v0.4.1.html rename to docs/snyk/v2.3.12/quay.io_argoproj_argocd-applicationset_v0.4.1.html index 752d1a31a2582..ee06eca849925 100644 --- a/docs/snyk/v2.3.11/quay.io_argoproj_argocd-applicationset_v0.4.1.html +++ b/docs/snyk/v2.3.12/quay.io_argoproj_argocd-applicationset_v0.4.1.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    December 11th 2022, 12:23:00 am

    +

    December 16th 2022, 9:22:43 pm

    Scanned the following path: @@ -1035,6 +1035,7 @@

    References

  • FEDORA
  • MLIST
  • GENTOO
    • +
  • CONFIRM
    • @@ -3391,6 +3392,7 @@

    References

  • FULLDISC
  • FEDORA
  • FEDORA
    • +
  • MLIST
    • @@ -3487,6 +3489,7 @@

    References

  • FEDORA
  • CONFIRM
  • FULLDISC
    • +
  • MLIST
    • @@ -5110,6 +5113,8 @@

    References

  • CONFIRM
  • CONFIRM
  • FULLDISC
    • +
  • FULLDISC
    • +
  • CONFIRM
    • @@ -5184,6 +5189,8 @@

    References

  • CONFIRM
  • CONFIRM
  • FULLDISC
    • +
  • FULLDISC
    • +
  • CONFIRM
    • diff --git a/docs/snyk/v2.3.11/quay.io_argoproj_argocd_v2.3.11.html b/docs/snyk/v2.3.12/quay.io_argoproj_argocd_v2.3.12.html similarity index 87% rename from docs/snyk/v2.3.11/quay.io_argoproj_argocd_v2.3.11.html rename to docs/snyk/v2.3.12/quay.io_argoproj_argocd_v2.3.12.html index 34bcd8e7894cc..c0899cf61ba0a 100644 --- a/docs/snyk/v2.3.11/quay.io_argoproj_argocd_v2.3.11.html +++ b/docs/snyk/v2.3.12/quay.io_argoproj_argocd_v2.3.12.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,18 +456,18 @@

    Snyk test report

    -

    December 11th 2022, 12:23:32 am

    +

    December 16th 2022, 9:23:08 pm

    Scanned the following path:
      -
    • quay.io/argoproj/argocd:v2.3.11/argoproj/argocd (deb)
      • +
    • quay.io/argoproj/argocd:v2.3.12/argoproj/argocd (deb)
    -
    18 known vulnerabilities
    -
    89 vulnerable dependency paths
    +
    15 known vulnerabilities
    +
    91 vulnerable dependency paths
    162 dependencies
    @@ -477,7 +477,7 @@

    Snyk test report

    - + @@ -507,7 +507,7 @@

    Off-by-one Error

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 and systemd/libsystemd0@249.11-0ubuntu3.6 + docker-image|quay.io/argoproj/argocd@v2.3.12 and systemd/libsystemd0@249.11-0ubuntu3.6
    • @@ -520,7 +520,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 systemd/libsystemd0@249.11-0ubuntu3.6 @@ -529,7 +529,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 apt@2.4.8 @@ -540,7 +540,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 procps/libprocps8@2:3.3.17-6ubuntu2 @@ -551,7 +551,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 util-linux@2.37.2-4ubuntu3 @@ -562,7 +562,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 util-linux/bsdutils@1:2.37.2-4ubuntu3 @@ -573,7 +573,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 apt@2.4.8 @@ -586,7 +586,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 systemd/libudev1@249.11-0ubuntu3.6 @@ -595,7 +595,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 libfido2/libfido2-1@1.10.0-1 @@ -606,7 +606,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 util-linux@2.37.2-4ubuntu3 @@ -617,7 +617,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 apt@2.4.8 @@ -657,7 +657,7 @@

      References

      -

      Improper Validation of Array Index

      +

      CVE-2022-46908

      @@ -679,7 +679,7 @@

      Improper Validation of Array Index

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11, gnupg2/gpg@2.2.27-3ubuntu2.1 and others + docker-image|quay.io/argoproj/argocd@v2.3.12, gnupg2/gpg@2.2.27-3ubuntu2.1 and others
    @@ -691,11 +691,11 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 gnupg2/gpg@2.2.27-3ubuntu2.1 - sqlite3/libsqlite3-0@3.37.2-2 + sqlite3/libsqlite3-0@3.37.2-2ubuntu0.1 @@ -707,35 +707,31 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply to the upstream sqlite3 package. - See How to fix? for Ubuntu:22.04 relevant versions.

      -

      SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.

      +

      Note: Versions mentioned in the description apply to the upstream sqlite3 package.

      +

      SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE.

      Remediation

      -

      Upgrade Ubuntu:22.04 sqlite3 to version 3.37.2-2ubuntu0.1 or higher.

      +

      There is no fixed version for Ubuntu:22.04 sqlite3.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

      -
      -

      Use After Free

      +
      +

      Uncontrolled Recursion

      -
      - medium severity +
      + low severity
      @@ -747,13 +743,13 @@

      Use After Free

    • Vulnerable module: - expat/libexpat1 + pcre3/libpcre3
    • Introduced through: + docker-image|quay.io/argoproj/argocd@v2.3.12 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 - docker-image|quay.io/argoproj/argocd@v2.3.11, git@1:2.34.1-1ubuntu1.5 and others
    @@ -765,11 +761,20 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 - git@1:2.34.1-1ubuntu1.5 + pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.3.12 + + grep@3.7-1build1 - expat/libexpat1@2.4.7-1 + pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 @@ -781,41 +786,33 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply to the upstream expat package. - See How to fix? for Ubuntu:22.04 relevant versions.

      -

      libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.

      +

      Note: Versions mentioned in the description apply to the upstream pcre3 package.

      +

      In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.

      Remediation

      -

      Upgrade Ubuntu:22.04 expat to version 2.4.7-1ubuntu0.1 or higher.

      +

      There is no fixed version for Ubuntu:22.04 pcre3.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

      -
      -

      Use After Free

      +
      +

      Release of Invalid Pointer or Reference

      -
      - medium severity +
      + low severity
      @@ -827,13 +824,13 @@

      Use After Free

    • Vulnerable module: - expat/libexpat1 + patch
    • Introduced through: + docker-image|quay.io/argoproj/argocd@v2.3.12 and patch@2.7.6-7build2 - docker-image|quay.io/argoproj/argocd@v2.3.11, git@1:2.34.1-1ubuntu1.5 and others
    @@ -845,11 +842,9 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 - git@1:2.34.1-1ubuntu1.5 - - expat/libexpat1@2.4.7-1 + patch@2.7.6-7build2 @@ -861,42 +856,29 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply to the upstream expat package. - See How to fix? for Ubuntu:22.04 relevant versions.

      -

      In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.

      +

      Note: Versions mentioned in the description apply to the upstream patch package.

      +

      An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.

      Remediation

      -

      Upgrade Ubuntu:22.04 expat to version 2.4.7-1ubuntu0.2 or higher.

      +

      There is no fixed version for Ubuntu:22.04 patch.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

      -
      -

      Insufficient Verification of Data Authenticity

      +
      +

      Double Free

      -
      - medium severity +
      + low severity
      @@ -908,12 +890,12 @@

      Insufficient Verification of Data Authenticity

    • Vulnerable module: - ca-certificates + patch
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 and ca-certificates@20211016 + docker-image|quay.io/argoproj/argocd@v2.3.12 and patch@2.7.6-7build2
    @@ -926,9 +908,9 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 - ca-certificates@20211016 + patch@2.7.6-7build2 @@ -940,27 +922,30 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply to the upstream ca-certificates package. - See How to fix? for Ubuntu:22.04 relevant versions.

      -

      Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion.

      +

      Note: Versions mentioned in the description apply to the upstream patch package.

      +

      A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.

      Remediation

      -

      Upgrade Ubuntu:22.04 ca-certificates to version 20211016ubuntu0.22.04.1 or higher.

      +

      There is no fixed version for Ubuntu:22.04 patch.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

      -

      Time-of-check Time-of-use (TOCTOU)

      +

      Improper Locking

      @@ -976,12 +961,12 @@

      Time-of-check Time-of-use (TOCTOU)

    • Vulnerable module: - shadow/passwd + openssl/libssl3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 and shadow/passwd@1:4.8.1-2ubuntu2 + docker-image|quay.io/argoproj/argocd@v2.3.12 and openssl/libssl3@3.0.2-0ubuntu1.7
    @@ -994,258 +979,113 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 - shadow/passwd@1:4.8.1-2ubuntu2 + openssl/libssl3@3.0.2-0ubuntu1.7
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 - adduser@3.118ubuntu5 + cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1 - shadow/passwd@1:4.8.1-2ubuntu2 + openssl/libssl3@3.0.2-0ubuntu1.7
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 - openssh/openssh-client@1:8.9p1-3 + libfido2/libfido2-1@1.10.0-1 - shadow/passwd@1:4.8.1-2ubuntu2 + openssl/libssl3@3.0.2-0ubuntu1.7
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 + + openssh/openssh-client@1:8.9p1-3 - shadow/login@1:4.8.1-2ubuntu2 + openssl/libssl3@3.0.2-0ubuntu1.7
      • -
    - - - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply to the upstream shadow package. - See How to fix? for Ubuntu:22.04 relevant versions.

    -

    shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees

    -

    Remediation

    -

    Upgrade Ubuntu:22.04 shadow to version 1:4.8.1-2ubuntu2.1 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - - -
    -

    Uncontrolled Recursion

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - pcre3/libpcre3 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.3.11 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 - pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 + ca-certificates@20211016ubuntu0.22.04.1 + + openssl@3.0.2-0ubuntu1.7 + + openssl/libssl3@3.0.2-0ubuntu1.7
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 - grep@3.7-1build1 + git@1:2.34.1-1ubuntu1.5 - pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.6 + + libssh/libssh-4@0.9.6-2build1 + + openssl/libssl3@3.0.2-0ubuntu1.7
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply to the upstream pcre3 package.

    -

    In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 pcre3.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Release of Invalid Pointer or Reference

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - patch -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.3.11 and patch@2.7.6-7build2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 - patch@2.7.6-7build2 + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.1 + + pam/libpam-modules@1.4.0-11ubuntu2 + + libnsl/libnsl2@1.3.0-2build2 + + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + + krb5/libgssapi-krb5-2@1.19.2-2 + + krb5/libkrb5-3@1.19.2-2 + + openssl/libssl3@3.0.2-0ubuntu1.7
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply to the upstream patch package.

    -

    An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 patch.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Double Free

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - patch -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.3.11 and patch@2.7.6-7build2 - -
      • -
    - -
    - - -

    Detailed paths

    +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.3.12 + + openssl@3.0.2-0ubuntu1.7 + + -
      +
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 - patch@2.7.6-7build2 + ca-certificates@20211016ubuntu0.22.04.1 + + openssl@3.0.2-0ubuntu1.7 @@ -1257,25 +1097,21 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply to the upstream patch package.

      -

      A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.

      +

      Note: Versions mentioned in the description apply to the upstream openssl package.

      +

      If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems (most widely: Windows) this results in a denial of service when the affected process hangs. Policy processing being enabled on a publicly facing server is not considered to be a common setup. Policy processing is enabled by passing the -policy&#39; argument to the command line utilities or by calling either X509_VERIFY_PARAM_add0_policy()' or `X509_VERIFY_PARAM_set1_policies()' functions.

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 patch.

      +

      There is no fixed version for Ubuntu:22.04 openssl.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    • @@ -1301,7 +1137,7 @@

    CVE-2021-41617

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 and openssh/openssh-client@1:8.9p1-3 + docker-image|quay.io/argoproj/argocd@v2.3.12 and openssh/openssh-client@1:8.9p1-3
    • @@ -1314,7 +1150,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 openssh/openssh-client@1:8.9p1-3 @@ -1377,7 +1213,7 @@

      Information Exposure

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 and openssh/openssh-client@1:8.9p1-3 + docker-image|quay.io/argoproj/argocd@v2.3.12 and openssh/openssh-client@1:8.9p1-3
    @@ -1390,7 +1226,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 openssh/openssh-client@1:8.9p1-3 @@ -1450,7 +1286,7 @@

      Out-of-bounds Read

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 and ncurses/libtinfo6@6.3-2 + docker-image|quay.io/argoproj/argocd@v2.3.12 and ncurses/libtinfo6@6.3-2
    @@ -1463,7 +1299,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 ncurses/libtinfo6@6.3-2 @@ -1472,7 +1308,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 bash@5.1-6ubuntu1 @@ -1483,7 +1319,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 ncurses/libncursesw6@6.3-2 @@ -1494,7 +1330,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 less@590-1build1 @@ -1505,7 +1341,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 libedit/libedit2@3.1-20210910-1build1 @@ -1516,7 +1352,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 ncurses/libncurses6@6.3-2 @@ -1527,7 +1363,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 ncurses/ncurses-bin@6.3-2 @@ -1538,7 +1374,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 procps@2:3.3.17-6ubuntu2 @@ -1549,7 +1385,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 util-linux@2.37.2-4ubuntu3 @@ -1560,7 +1396,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -1575,7 +1411,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -1590,7 +1426,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 ncurses/libncursesw6@6.3-2 @@ -1599,7 +1435,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 procps@2:3.3.17-6ubuntu2 @@ -1610,7 +1446,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -1625,7 +1461,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 ncurses/libncurses6@6.3-2 @@ -1634,7 +1470,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 procps@2:3.3.17-6ubuntu2 @@ -1645,7 +1481,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 ncurses/ncurses-base@6.3-2 @@ -1654,7 +1490,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 ncurses/ncurses-bin@6.3-2 @@ -1711,7 +1547,7 @@

      Integer Overflow or Wraparound

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 and krb5/libk5crypto3@1.19.2-2 + docker-image|quay.io/argoproj/argocd@v2.3.12 and krb5/libk5crypto3@1.19.2-2
    @@ -1724,7 +1560,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 krb5/libk5crypto3@1.19.2-2 @@ -1733,11 +1569,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 adduser@3.118ubuntu5 - shadow/passwd@1:4.8.1-2ubuntu2 + shadow/passwd@1:4.8.1-2ubuntu2.1 pam/libpam-modules@1.4.0-11ubuntu2 @@ -1754,11 +1590,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 adduser@3.118ubuntu5 - shadow/passwd@1:4.8.1-2ubuntu2 + shadow/passwd@1:4.8.1-2ubuntu2.1 pam/libpam-modules@1.4.0-11ubuntu2 @@ -1777,7 +1613,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 krb5/libkrb5-3@1.19.2-2 @@ -1786,11 +1622,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 adduser@3.118ubuntu5 - shadow/passwd@1:4.8.1-2ubuntu2 + shadow/passwd@1:4.8.1-2ubuntu2.1 pam/libpam-modules@1.4.0-11ubuntu2 @@ -1807,7 +1643,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 krb5/libgssapi-krb5-2@1.19.2-2 @@ -1816,7 +1652,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 openssh/openssh-client@1:8.9p1-3 @@ -1827,7 +1663,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 git@1:2.34.1-1ubuntu1.5 @@ -1840,7 +1676,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 git@1:2.34.1-1ubuntu1.5 @@ -1855,11 +1691,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 adduser@3.118ubuntu5 - shadow/passwd@1:4.8.1-2ubuntu2 + shadow/passwd@1:4.8.1-2ubuntu2.1 pam/libpam-modules@1.4.0-11ubuntu2 @@ -1874,7 +1710,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 meta-common-packages@meta @@ -1932,7 +1768,7 @@

      CVE-2022-3219

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 and gnupg2/gpgv@2.2.27-3ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.3.12 and gnupg2/gpgv@2.2.27-3ubuntu2.1
    @@ -1945,7 +1781,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -1954,7 +1790,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 apt@2.4.8 @@ -1965,7 +1801,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -1976,7 +1812,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -1987,7 +1823,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -1998,7 +1834,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2011,7 +1847,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2024,7 +1860,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -2033,7 +1869,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2044,7 +1880,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2057,7 +1893,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1 @@ -2066,7 +1902,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2077,7 +1913,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 @@ -2086,7 +1922,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2097,7 +1933,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -2106,7 +1942,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2117,7 +1953,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2130,7 +1966,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2143,7 +1979,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 gnupg2/gpg-agent@2.2.27-3ubuntu2.1 @@ -2152,7 +1988,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2163,7 +1999,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2176,7 +2012,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2189,7 +2025,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 @@ -2198,7 +2034,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2209,7 +2045,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 @@ -2218,7 +2054,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2229,7 +2065,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 gnupg2/gpgsm@2.2.27-3ubuntu2.1 @@ -2238,7 +2074,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2249,7 +2085,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2300,7 +2136,7 @@

      Allocation of Resources Without Limits or Throttling

      Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 and glibc/libc-bin@2.35-0ubuntu3.1 + docker-image|quay.io/argoproj/argocd@v2.3.12 and glibc/libc-bin@2.35-0ubuntu3.1
    @@ -2313,7 +2149,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 glibc/libc-bin@2.35-0ubuntu3.1 @@ -2322,7 +2158,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 meta-common-packages@meta @@ -2380,7 +2216,7 @@

      Improper Input Validation

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11, git@1:2.34.1-1ubuntu1.5 and others + docker-image|quay.io/argoproj/argocd@v2.3.12, git@1:2.34.1-1ubuntu1.5 and others
    @@ -2392,7 +2228,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 git@1:2.34.1-1ubuntu1.5 @@ -2403,7 +2239,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 git@1:2.34.1-1ubuntu1.5 @@ -2412,7 +2248,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 git-lfs@3.0.2-1 @@ -2468,7 +2304,7 @@

      Improper Input Validation

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 and coreutils@8.32-4.1ubuntu1 + docker-image|quay.io/argoproj/argocd@v2.3.12 and coreutils@8.32-4.1ubuntu1
    @@ -2481,7 +2317,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 coreutils@8.32-4.1ubuntu1 @@ -2537,7 +2373,7 @@

      CVE-2022-3715

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 and bash@5.1-6ubuntu1 + docker-image|quay.io/argoproj/argocd@v2.3.12 and bash@5.1-6ubuntu1
    @@ -2550,7 +2386,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.3.11 + docker-image|quay.io/argoproj/argocd@v2.3.12 bash@5.1-6ubuntu1 diff --git a/docs/snyk/v2.3.11/redis_6.2.7-alpine.html b/docs/snyk/v2.3.12/redis_6.2.7-alpine.html similarity index 99% rename from docs/snyk/v2.3.11/redis_6.2.7-alpine.html rename to docs/snyk/v2.3.12/redis_6.2.7-alpine.html index 35ea6a87a9e6a..f42ea08c81282 100644 --- a/docs/snyk/v2.3.11/redis_6.2.7-alpine.html +++ b/docs/snyk/v2.3.12/redis_6.2.7-alpine.html @@ -456,7 +456,7 @@

      Snyk test report

      -

      December 11th 2022, 12:23:38 am

      +

      December 16th 2022, 9:23:13 pm

      Scanned the following path: diff --git a/docs/snyk/v2.4.17/ghcr.io_dexidp_dex_v2.35.3-distroless.html b/docs/snyk/v2.4.17/ghcr.io_dexidp_dex_v2.35.3-distroless.html deleted file mode 100644 index 3d49eb60e77be..0000000000000 --- a/docs/snyk/v2.4.17/ghcr.io_dexidp_dex_v2.35.3-distroless.html +++ /dev/null @@ -1,492 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
      -
      -
      -
      - - - Snyk - Open Source Security - - - - - - - -
      -

      Snyk test report

      - -

      December 11th 2022, 12:20:37 am

      -
      -
      - Scanned the following path: -
        -
      • ghcr.io/dexidp/dex:v2.35.3-distroless/dexidp/dex (deb)
        • -
      -
      - -
      -
      0 known vulnerabilities
      -
      0 vulnerable dependency paths
      -
      3 dependencies
      -
      -
      -
      -
      -
      -
    Project docker-image|quay.io/argoproj/argocd
    Path quay.io/argoproj/argocd:v2.3.11/argoproj/argocd
    Path quay.io/argoproj/argocd:v2.3.12/argoproj/argocd
    Package Manager deb
    Manifest Dockerfile
    - - - - - - -
    Project docker-image|ghcr.io/dexidp/dex
    Path ghcr.io/dexidp/dex:v2.35.3-distroless/dexidp/dex
    Package Manager deb
    - -
    - No known vulnerabilities detected. -
    - - - - diff --git a/docs/snyk/v2.4.17/argocd-iac-install.html b/docs/snyk/v2.4.18/argocd-iac-install.html similarity index 99% rename from docs/snyk/v2.4.17/argocd-iac-install.html rename to docs/snyk/v2.4.18/argocd-iac-install.html index ce7b3954b2ef1..f38dc933f9fe4 100644 --- a/docs/snyk/v2.4.17/argocd-iac-install.html +++ b/docs/snyk/v2.4.18/argocd-iac-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    December 11th 2022, 12:22:10 am

    +

    December 16th 2022, 9:22:00 pm

    Scanned the following path: diff --git a/docs/snyk/v2.4.17/argocd-iac-namespace-install.html b/docs/snyk/v2.4.18/argocd-iac-namespace-install.html similarity index 99% rename from docs/snyk/v2.4.17/argocd-iac-namespace-install.html rename to docs/snyk/v2.4.18/argocd-iac-namespace-install.html index 47797491c2f83..797f20db75f51 100644 --- a/docs/snyk/v2.4.17/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.4.18/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    December 11th 2022, 12:22:20 am

    +

    December 16th 2022, 9:22:08 pm

    Scanned the following path: diff --git a/docs/snyk/v2.4.17/argocd-test.html b/docs/snyk/v2.4.18/argocd-test.html similarity index 97% rename from docs/snyk/v2.4.17/argocd-test.html rename to docs/snyk/v2.4.18/argocd-test.html index 95ce60e321cb2..9801ee47b9a79 100644 --- a/docs/snyk/v2.4.17/argocd-test.html +++ b/docs/snyk/v2.4.18/argocd-test.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    December 11th 2022, 12:20:28 am

    +

    December 16th 2022, 9:20:39 pm

    Scanned the following paths: @@ -466,8 +466,8 @@

    Snyk test report

    -
    10 known vulnerabilities
    -
    133 vulnerable dependency paths
    +
    9 known vulnerabilities
    +
    132 vulnerable dependency paths
    1648 dependencies
    @@ -592,13 +592,13 @@

    Denial of Service (DoS)

  • Vulnerable module: - golang.org/x/net/http2 + github.com/prometheus/client_golang/prometheus/promhttp
  • Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 and github.com/prometheus/client_golang/prometheus/promhttp@1.11.0 - github.com/argoproj/argo-cd/v2@0.0.0, k8s.io/client-go/rest@0.23.1 and others
    • @@ -612,9 +612,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/rest@0.23.1 - - golang.org/x/net/http2@#9d032be2e588 + github.com/prometheus/client_golang/prometheus/promhttp@1.11.0 @@ -623,20 +621,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/improbable-eng/grpc-web/go/grpcweb@#16092bd1d58a - - golang.org/x/net/http2@#9d032be2e588 - - - - -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 + sigs.k8s.io/controller-runtime@0.11.0 - k8s.io/apimachinery/pkg/util/net@0.23.1 + sigs.k8s.io/controller-runtime/pkg/manager@0.11.0 - golang.org/x/net/http2@#9d032be2e588 + github.com/prometheus/client_golang/prometheus/promhttp@1.11.0 @@ -645,123 +634,422 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/soheilhy/cmux@0.1.5 + sigs.k8s.io/controller-runtime@0.11.0 - golang.org/x/net/http2@#9d032be2e588 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 + sigs.k8s.io/controller-runtime/pkg/manager@0.11.0 - k8s.io/client-go/tools/cache@0.23.1 + sigs.k8s.io/controller-runtime/pkg/webhook@0.11.0 - k8s.io/client-go/rest@0.23.1 + sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics@0.11.0 - golang.org/x/net/http2@#9d032be2e588 + github.com/prometheus/client_golang/prometheus/promhttp@1.11.0
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/discovery@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - golang.org/x/net/http2@#9d032be2e588 - - + -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/dynamic@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - golang.org/x/net/http2@#9d032be2e588 - - +
    • - -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/transport/spdy@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - golang.org/x/net/http2@#9d032be2e588 - - +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Denial of Service (DoS) when handling requests with non-standard HTTP methods.

    +

    Note: In order to be affected, an instrumented software must:

    +
      +

    1. use promhttp.InstrumentHandler* middleware except RequestsInFlight

      +
      2. +

    2. not filter any specific methods (e.g GET) before middleware

      +
      3. +

    3. pass metric with method label name to the middleware

      +
      4. +

    4. not have any firewall/LB/proxy that filters away requests with unknown method.

      +
      5. +
    +

    Workarounds:

    +
      +

    1. removing the method label name from counter/gauge used in the InstrumentHandler

      +
      2. +

    2. turning off affected promhttp handlers

      +
      3. +

    3. adding custom middleware before promhttp handler that will sanitize the request method given by Go http.Request

      +
      4. +

    4. using a reverse proxy or web application firewall, configured to only allow a limited set of methods.

      +
      5. +
    +

    Details

    +

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    +

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    +

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    +

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    +

    Two common types of DoS vulnerabilities:

    +
      +

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      +
      • +

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      +
      • +
    +

    Remediation

    +

    Upgrade github.com/prometheus/client_golang/prometheus/promhttp to version 1.11.1 or higher.

    +

    References

    + -
    • +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Server-side Request Forgery (SSRF)

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: npm +
      • +
    • + Vulnerable module: + + parse-url +
      • + +
    • Introduced through: + + + argo-cd-ui@1.0.0, git-url-parse@11.6.0 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
    • Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 + argo-cd-ui@1.0.0 - github.com/argoproj/pkg/kubeclientmetrics@#36c59d8fafe0 + git-url-parse@11.6.0 - k8s.io/client-go/rest@0.23.1 + git-up@4.0.5 - golang.org/x/net/http2@#9d032be2e588 + parse-url@6.0.5
      • +
    + +
    + +
    + +

    Overview

    +

    parse-url is an An advanced url parser supporting git urls too.

    +

    Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) due to improper detection of protocol, resource, and pathname fields. Exploiting this vulnerability results in bypassing protocol verification.

    +

    PoC:

    + 
    import parseUrl from "parse-url";
+        import fetch from 'node-fetch';
+        var parsed=parseUrl("http://nnnn@localhost:808:/?id=xss")
+        if(parsed.resource=="localhost"){
+        console.log("internal network access is blocked")
+        }
+        else{
+           const response = await fetch('http://'+parsed.resource+parsed.pathname);
+                console.log(response)
+         }
+
    +

    Remediation

    +

    Upgrade parse-url to version 8.1.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Improper Input Validation

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: npm +
      • +
    • + Vulnerable module: + + parse-url +
      • + +
    • Introduced through: + + + argo-cd-ui@1.0.0, git-url-parse@11.6.0 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
    • Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 + argo-cd-ui@1.0.0 - k8s.io/client-go/testing@0.23.1 + git-url-parse@11.6.0 - k8s.io/client-go/rest@0.23.1 + git-up@4.0.5 - golang.org/x/net/http2@#9d032be2e588 + parse-url@6.0.5
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - golang.org/x/net/http2@#9d032be2e588 - - +
    - +
    + +
    + +

    Overview

    +

    parse-url is an An advanced url parser supporting git urls too.

    +

    Affected versions of this package are vulnerable to Improper Input Validation due to incorrect parsing of URLs. This allows the attacker to craft a malformed URL which can lead to a phishing attack.

    + 
    
+        const parseUrl = require("parse-url");
+        const Url = require("url");
+        
+        const express = require('express');
+        const app = express();
+        
+        var url = "https://www.google.com:x@fakesite.com:x";
+        parsed = parseUrl(url);
+        console.log("[*]`parse-url` output: ")
+        console.log(parsed);
+        
+        parsed2 = Url.parse(url);
+        console.log("[*]`url` output: ")
+        console.log(parsed2)
+        
+        app.get('/', (req, res) => {
+            if (parsed.host == "www.google.com") {
+                res.send("<a href=\'" + parsed2.href + "\'>CLICK ME!</a>")
+            }
+        })
+        
+        app.listen(8888,"0.0.0.0");
+
    +

    Remediation

    +

    Upgrade parse-url to version 8.1.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Regular Expression Denial of Service (ReDoS)

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: npm +
      • +
    • + Vulnerable module: + + minimatch +
      • + +
    • Introduced through: + + + argo-cd-ui@1.0.0, redoc@2.0.0-rc.64 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
    • Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 + argo-cd-ui@1.0.0 - k8s.io/client-go/plugin/pkg/client/auth/azure@0.23.1 + redoc@2.0.0-rc.64 - k8s.io/client-go/rest@0.23.1 + @redocly/openapi-core@1.0.0-beta.82 - golang.org/x/net/http2@#9d032be2e588 + minimatch@3.0.4
      • +
    + +
    + +
    + +

    Overview

    +

    minimatch is a minimal matching utility.

    +

    Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the braceExpand function in minimatch.js.

    +

    Details

    +

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.

    +

    The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.

    +

    Let’s take the following regular expression as an example:

    + 
    regex = /A(B|C+)+D/
+
    +

    This regular expression accomplishes the following:

    +
      +
    • A The string must start with the letter 'A'
      • +
    • (B|C+)+ The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the + matches one or more times). The + at the end of this section states that we can look for one or more matches of this section.
      • +
    • D Finally, we ensure this section of the string ends with a 'D'
      • +
    +

    The expression would match inputs such as ABBD, ABCCCCD, ABCBCCCD and ACCCCCD

    +

    It most cases, it doesn't take very long for a regex engine to find a match:

    + 
    $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD")'
+        0.04s user 0.01s system 95% cpu 0.052 total
+        
+        $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX")'
+        1.79s user 0.02s system 99% cpu 1.812 total
+
    +

    The entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.

    +

    Most Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as catastrophic backtracking.

    +

    Let's look at how our expression runs into this problem, using a shorter string: "ACCCX". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:

    +
      +
    1. CCC
      2. +
    2. CC+C
      3. +
    3. C+CC
      4. +
    4. C+C+C.
      5. +
    +

    The engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use RegEx 101 debugger to see the engine has to take a total of 38 steps before it can determine the string doesn't match.

    +

    From there, the number of steps the engine must use to validate a string just continues to grow.

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    StringNumber of C'sNumber of steps
    ACCCX338
    ACCCCX471
    ACCCCCX5136
    ACCCCCCCCCCCCCCX1465,553
    +

    By the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.

    +

    Remediation

    +

    Upgrade minimatch to version 3.0.5 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Denial of Service (DoS)

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + golang.org/x/net/http2 +
      • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, k8s.io/client-go/rest@0.23.1 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
    • Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/plugin/pkg/client/auth/gcp@0.23.1 - k8s.io/client-go/rest@0.23.1 golang.org/x/net/http2@#9d032be2e588 @@ -773,9 +1061,7 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/plugin/pkg/client/auth/oidc@0.23.1 - - k8s.io/client-go/rest@0.23.1 + github.com/improbable-eng/grpc-web/go/grpcweb@#16092bd1d58a golang.org/x/net/http2@#9d032be2e588 @@ -786,9 +1072,7 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/tools/record@0.23.1 - - k8s.io/client-go/rest@0.23.1 + k8s.io/apimachinery/pkg/util/net@0.23.1 golang.org/x/net/http2@#9d032be2e588 @@ -799,9 +1083,7 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/apimachinery/pkg/watch@0.23.1 - - k8s.io/apimachinery/pkg/util/net@0.23.1 + github.com/soheilhy/cmux@0.1.5 golang.org/x/net/http2@#9d032be2e588 @@ -812,9 +1094,9 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - google.golang.org/grpc@1.45.0 + k8s.io/client-go/tools/cache@0.23.1 - google.golang.org/grpc/internal/transport@1.45.0 + k8s.io/client-go/rest@0.23.1 golang.org/x/net/http2@#9d032be2e588 @@ -825,8 +1107,6 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/kubectl/pkg/util/openapi@0.23.1 - k8s.io/client-go/discovery@0.23.1 k8s.io/client-go/rest@0.23.1 @@ -840,9 +1120,7 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/listers/core/v1@0.23.1 - - k8s.io/client-go/tools/cache@0.23.1 + k8s.io/client-go/dynamic@0.23.1 k8s.io/client-go/rest@0.23.1 @@ -855,9 +1133,7 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/api@#567361917320 - - k8s.io/client-go/tools/cache@0.23.1 + k8s.io/client-go/transport/spdy@0.23.1 k8s.io/client-go/rest@0.23.1 @@ -870,9 +1146,7 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/informers/core/v1@0.23.1 - - k8s.io/client-go/tools/cache@0.23.1 + github.com/argoproj/pkg/kubeclientmetrics@#36c59d8fafe0 k8s.io/client-go/rest@0.23.1 @@ -885,9 +1159,7 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/informers@0.23.1 - - k8s.io/client-go/tools/cache@0.23.1 + k8s.io/client-go/testing@0.23.1 k8s.io/client-go/rest@0.23.1 @@ -900,9 +1172,7 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/tools/clientcmd@0.23.1 - - k8s.io/client-go/tools/auth@0.23.1 + k8s.io/client-go/kubernetes@0.23.1 k8s.io/client-go/rest@0.23.1 @@ -915,9 +1185,177 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/controller@#567361917320 - - k8s.io/client-go/tools/cache@0.23.1 + k8s.io/client-go/plugin/pkg/client/auth/azure@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/plugin/pkg/client/auth/gcp@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/plugin/pkg/client/auth/oidc@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/record@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/apimachinery/pkg/watch@0.23.1 + + k8s.io/apimachinery/pkg/util/net@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc@1.45.0 + + google.golang.org/grpc/internal/transport@1.45.0 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/kubectl/pkg/util/openapi@0.23.1 + + k8s.io/client-go/discovery@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/listers/core/v1@0.23.1 + + k8s.io/client-go/tools/cache@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/api@#567361917320 + + k8s.io/client-go/tools/cache@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/informers/core/v1@0.23.1 + + k8s.io/client-go/tools/cache@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/informers@0.23.1 + + k8s.io/client-go/tools/cache@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/clientcmd@0.23.1 + + k8s.io/client-go/tools/auth@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/controller@#567361917320 + + k8s.io/client-go/tools/cache@0.23.1 k8s.io/client-go/rest@0.23.1 @@ -2659,406 +3097,51 @@

      Detailed paths

      sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 - - k8s.io/client-go/restmapper@0.23.1 - - k8s.io/client-go/discovery@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/transport@0.23.1 - - k8s.io/apimachinery/pkg/util/net@0.23.1 - - golang.org/x/net/http2@#9d032be2e588 - -       - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/source@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/source/internal@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 - - k8s.io/client-go/restmapper@0.23.1 - - k8s.io/client-go/discovery@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/transport@0.23.1 - - k8s.io/apimachinery/pkg/util/net@0.23.1 - - golang.org/x/net/http2@#9d032be2e588 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    -

    Affected versions of this package are vulnerable to Denial of Service (DoS) due to improper checks and limitations for the number of entries in the cache, which can allow an attacker to consume unbounded amounts of memory by sending a small number of very large keys.

    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    -

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    -

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    -

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    -

    Two common types of DoS vulnerabilities:

    -
      -

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      -
      • -

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      -
      • -
    -

    Remediation

    -

    Upgrade golang.org/x/net/http2 to version 0.4.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Denial of Service (DoS)

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: npm -
      • -
    • - Vulnerable module: - - decode-uri-component -
      • - -
    • Introduced through: - - - argo-cd-ui@1.0.0, git-url-parse@11.6.0 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - argo-cd-ui@1.0.0 - - git-url-parse@11.6.0 - - git-up@4.0.5 - - parse-url@6.0.5 - - parse-path@4.0.4 - - query-string@6.14.1 - - decode-uri-component@0.2.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Denial of Service (DoS) due to improper input validation, when the hash string # kun%ea%ba%5a%ba is being parsed by decodeUriComponent.

    -

    PoC

    - 
    const decodeUriComponent = require('decode-uri-component');
-        
-        var x = decodeUriComponent('%ea%ba%5a%ba');
-        
-        console.log(x);
-
    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    -

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    -

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    -

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    -

    Two common types of DoS vulnerabilities:

    -
      -

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      -
      • -

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      -
      • -
    -

    Remediation

    -

    Upgrade decode-uri-component to version 0.2.2 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Server-side Request Forgery (SSRF)

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: npm -
      • -
    • - Vulnerable module: - - parse-url -
      • - -
    • Introduced through: - - - argo-cd-ui@1.0.0, git-url-parse@11.6.0 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - argo-cd-ui@1.0.0 - - git-url-parse@11.6.0 - - git-up@4.0.5 - - parse-url@6.0.5 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    parse-url is an An advanced url parser supporting git urls too.

    -

    Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) due to improper detection of protocol, resource, and pathname fields. Exploiting this vulnerability results in bypassing protocol verification.

    -

    PoC:

    - 
    import parseUrl from "parse-url";
-        import fetch from 'node-fetch';
-        var parsed=parseUrl("http://nnnn@localhost:808:/?id=xss")
-        if(parsed.resource=="localhost"){
-        console.log("internal network access is blocked")
-        }
-        else{
-           const response = await fetch('http://'+parsed.resource+parsed.pathname);
-                console.log(response)
-         }
-
    -

    Remediation

    -

    Upgrade parse-url to version 8.1.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Input Validation

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: npm -
      • -
    • - Vulnerable module: - - parse-url -
      • - -
    • Introduced through: - - - argo-cd-ui@1.0.0, git-url-parse@11.6.0 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - argo-cd-ui@1.0.0 - - git-url-parse@11.6.0 - - git-up@4.0.5 - - parse-url@6.0.5 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    parse-url is an An advanced url parser supporting git urls too.

    -

    Affected versions of this package are vulnerable to Improper Input Validation due to incorrect parsing of URLs. This allows the attacker to craft a malformed URL which can lead to a phishing attack.

    - 
    
-        const parseUrl = require("parse-url");
-        const Url = require("url");
-        
-        const express = require('express');
-        const app = express();
-        
-        var url = "https://www.google.com:x@fakesite.com:x";
-        parsed = parseUrl(url);
-        console.log("[*]`parse-url` output: ")
-        console.log(parsed);
-        
-        parsed2 = Url.parse(url);
-        console.log("[*]`url` output: ")
-        console.log(parsed2)
-        
-        app.get('/', (req, res) => {
-            if (parsed.host == "www.google.com") {
-                res.send("<a href=\'" + parsed2.href + "\'>CLICK ME!</a>")
-            }
-        })
-        
-        app.listen(8888,"0.0.0.0");
-
    -

    Remediation

    -

    Upgrade parse-url to version 8.1.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Regular Expression Denial of Service (ReDoS)

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: npm -
      • -
    • - Vulnerable module: - - minimatch -
      • - -
    • Introduced through: - - - argo-cd-ui@1.0.0, redoc@2.0.0-rc.64 and others -
      • -
    - -
    - - -

    Detailed paths

    + + k8s.io/client-go/restmapper@0.23.1 + + k8s.io/client-go/discovery@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + k8s.io/client-go/transport@0.23.1 + + k8s.io/apimachinery/pkg/util/net@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 + + -
      +
    • Introduced through: - argo-cd-ui@1.0.0 + github.com/argoproj/argo-cd/v2@0.0.0 - redoc@2.0.0-rc.64 + sigs.k8s.io/controller-runtime/pkg/source@0.11.0 - @redocly/openapi-core@1.0.0-beta.82 + sigs.k8s.io/controller-runtime/pkg/source/internal@0.11.0 - minimatch@3.0.4 + sigs.k8s.io/controller-runtime/pkg/predicate@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/event@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/client@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 + + k8s.io/client-go/restmapper@0.23.1 + + k8s.io/client-go/discovery@0.23.1 + + k8s.io/client-go/rest@0.23.1 + + k8s.io/client-go/transport@0.23.1 + + k8s.io/apimachinery/pkg/util/net@0.23.1 + + golang.org/x/net/http2@#9d032be2e588 @@ -3070,80 +3153,34 @@

      Detailed paths

      Overview

      -

      minimatch is a minimal matching utility.

      -

      Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the braceExpand function in minimatch.js.

      +

      golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

      +

      Affected versions of this package are vulnerable to Denial of Service (DoS) due to improper checks and limitations for the number of entries in the cache, which can allow an attacker to consume unbounded amounts of memory by sending a small number of very large keys.

      Details

      -

      Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.

      -

      The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.

      -

      Let’s take the following regular expression as an example:

      - 
      regex = /A(B|C+)+D/
-
      -

      This regular expression accomplishes the following:

      +

      Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

      +

      Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

      +

      One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

      +

      When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

      +

      Two common types of DoS vulnerabilities:

        -
      • A The string must start with the letter 'A'
        • -
      • (B|C+)+ The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the + matches one or more times). The + at the end of this section states that we can look for one or more matches of this section.
        • -
      • D Finally, we ensure this section of the string ends with a 'D'
        • +

      • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

        +
        • +

      • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

        +
      -

      The expression would match inputs such as ABBD, ABCCCCD, ABCBCCCD and ACCCCCD

      -

      It most cases, it doesn't take very long for a regex engine to find a match:

      - 
      $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD")'
-        0.04s user 0.01s system 95% cpu 0.052 total
-        
-        $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX")'
-        1.79s user 0.02s system 99% cpu 1.812 total
-
      -

      The entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.

      -

      Most Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as catastrophic backtracking.

      -

      Let's look at how our expression runs into this problem, using a shorter string: "ACCCX". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:

      -
        -
      1. CCC
        2. -
      2. CC+C
        3. -
      3. C+CC
        4. -
      4. C+C+C.
        5. -
      -

      The engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use RegEx 101 debugger to see the engine has to take a total of 38 steps before it can determine the string doesn't match.

      -

      From there, the number of steps the engine must use to validate a string just continues to grow.

      - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
      StringNumber of C'sNumber of steps
      ACCCX338
      ACCCCX471
      ACCCCCX5136
      ACCCCCCCCCCCCCCX1465,553
      -

      By the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.

      Remediation

      -

      Upgrade minimatch to version 3.0.5 or higher.

      +

      Upgrade golang.org/x/net/http2 to version 0.4.0 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    @@ -3240,138 +3277,6 @@

    References

    More about this vulnerability

    -
    -
    -

    Denial of Service (DoS)

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - github.com/prometheus/client_golang/prometheus/promhttp -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/prometheus/client_golang/prometheus/promhttp@1.11.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/prometheus/client_golang/prometheus/promhttp@1.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/manager@0.11.0 - - github.com/prometheus/client_golang/prometheus/promhttp@1.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/manager@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/webhook@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics@0.11.0 - - github.com/prometheus/client_golang/prometheus/promhttp@1.11.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Denial of Service (DoS) when handling requests with non-standard HTTP methods.

    -

    Note: In order to be affected, an instrumented software must:

    -
      -

    1. use promhttp.InstrumentHandler* middleware except RequestsInFlight

      -
      2. -

    2. not filter any specific methods (e.g GET) before middleware

      -
      3. -

    3. pass metric with method label name to the middleware

      -
      4. -

    4. not have any firewall/LB/proxy that filters away requests with unknown method.

      -
      5. -
    -

    Workarounds:

    -
      -

    1. removing the method label name from counter/gauge used in the InstrumentHandler

      -
      2. -

    2. turning off affected promhttp handlers

      -
      3. -

    3. adding custom middleware before promhttp handler that will sanitize the request method given by Go http.Request

      -
      4. -

    4. using a reverse proxy or web application firewall, configured to only allow a limited set of methods.

      -
      5. -
    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    -

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    -

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    -

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    -

    Two common types of DoS vulnerabilities:

    -
      -

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      -
      • -

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      -
      • -
    -

    Remediation

    -

    Upgrade github.com/prometheus/client_golang/prometheus/promhttp to version 1.11.1 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    -

    Insecure Randomness

    diff --git a/docs/snyk/v2.3.11/ghcr.io_dexidp_dex_v2.35.3-distroless.html b/docs/snyk/v2.4.18/ghcr.io_dexidp_dex_v2.35.3.html similarity index 97% rename from docs/snyk/v2.3.11/ghcr.io_dexidp_dex_v2.35.3-distroless.html rename to docs/snyk/v2.4.18/ghcr.io_dexidp_dex_v2.35.3.html index cb97ff3119367..704bcd9728c56 100644 --- a/docs/snyk/v2.3.11/ghcr.io_dexidp_dex_v2.35.3-distroless.html +++ b/docs/snyk/v2.4.18/ghcr.io_dexidp_dex_v2.35.3.html @@ -456,19 +456,19 @@

    Snyk test report

    -

    December 11th 2022, 12:22:40 am

    +

    December 16th 2022, 9:20:43 pm

    Scanned the following path:
      -
    • ghcr.io/dexidp/dex:v2.35.3-distroless/dexidp/dex (deb)
      • +
    • ghcr.io/dexidp/dex:v2.35.3/dexidp/dex (apk)
    0 known vulnerabilities
    0 vulnerable dependency paths
    -
    3 dependencies
    +
    14 dependencies
    @@ -477,8 +477,8 @@

    Snyk test report

    - - + +
    Project docker-image|ghcr.io/dexidp/dex
    Path ghcr.io/dexidp/dex:v2.35.3-distroless/dexidp/dex
    Package Manager deb
    Path ghcr.io/dexidp/dex:v2.35.3/dexidp/dex
    Package Manager apk
    diff --git a/docs/snyk/v2.4.17/haproxy_2.0.29-alpine.html b/docs/snyk/v2.4.18/haproxy_2.0.29-alpine.html similarity index 99% rename from docs/snyk/v2.4.17/haproxy_2.0.29-alpine.html rename to docs/snyk/v2.4.18/haproxy_2.0.29-alpine.html index 289431d7a50f2..234df92136566 100644 --- a/docs/snyk/v2.4.17/haproxy_2.0.29-alpine.html +++ b/docs/snyk/v2.4.18/haproxy_2.0.29-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    December 11th 2022, 12:20:44 am

    +

    December 16th 2022, 9:20:48 pm

    Scanned the following path: diff --git a/docs/snyk/v2.4.17/quay.io_argoproj_argocd_v2.4.17.html b/docs/snyk/v2.4.18/quay.io_argoproj_argocd_v2.4.18.html similarity index 87% rename from docs/snyk/v2.4.17/quay.io_argoproj_argocd_v2.4.17.html rename to docs/snyk/v2.4.18/quay.io_argoproj_argocd_v2.4.18.html index 607324adc09de..dd44053a6a658 100644 --- a/docs/snyk/v2.4.17/quay.io_argoproj_argocd_v2.4.17.html +++ b/docs/snyk/v2.4.18/quay.io_argoproj_argocd_v2.4.18.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,18 +456,18 @@

    Snyk test report

    -

    December 11th 2022, 12:21:06 am

    +

    December 16th 2022, 9:21:06 pm

    Scanned the following path:
      -
    • quay.io/argoproj/argocd:v2.4.17/argoproj/argocd (deb)
      • +
    • quay.io/argoproj/argocd:v2.4.18/argoproj/argocd (deb)
    -
    18 known vulnerabilities
    -
    89 vulnerable dependency paths
    +
    15 known vulnerabilities
    +
    91 vulnerable dependency paths
    162 dependencies
    @@ -477,7 +477,7 @@

    Snyk test report

    - + @@ -507,7 +507,7 @@

    Off-by-one Error

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 and systemd/libsystemd0@249.11-0ubuntu3.6 + docker-image|quay.io/argoproj/argocd@v2.4.18 and systemd/libsystemd0@249.11-0ubuntu3.6
    • @@ -520,7 +520,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 systemd/libsystemd0@249.11-0ubuntu3.6 @@ -529,7 +529,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 apt@2.4.8 @@ -540,7 +540,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 procps/libprocps8@2:3.3.17-6ubuntu2 @@ -551,7 +551,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 util-linux@2.37.2-4ubuntu3 @@ -562,7 +562,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 util-linux/bsdutils@1:2.37.2-4ubuntu3 @@ -573,7 +573,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 apt@2.4.8 @@ -586,7 +586,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 systemd/libudev1@249.11-0ubuntu3.6 @@ -595,7 +595,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 libfido2/libfido2-1@1.10.0-1 @@ -606,7 +606,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 util-linux@2.37.2-4ubuntu3 @@ -617,7 +617,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 apt@2.4.8 @@ -657,7 +657,7 @@

      References

      -

      Improper Validation of Array Index

      +

      CVE-2022-46908

      @@ -679,7 +679,7 @@

      Improper Validation of Array Index

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17, gnupg2/gpg@2.2.27-3ubuntu2.1 and others + docker-image|quay.io/argoproj/argocd@v2.4.18, gnupg2/gpg@2.2.27-3ubuntu2.1 and others
    @@ -691,11 +691,11 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 gnupg2/gpg@2.2.27-3ubuntu2.1 - sqlite3/libsqlite3-0@3.37.2-2 + sqlite3/libsqlite3-0@3.37.2-2ubuntu0.1 @@ -707,35 +707,31 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply to the upstream sqlite3 package. - See How to fix? for Ubuntu:22.04 relevant versions.

      -

      SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.

      +

      Note: Versions mentioned in the description apply to the upstream sqlite3 package.

      +

      SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE.

      Remediation

      -

      Upgrade Ubuntu:22.04 sqlite3 to version 3.37.2-2ubuntu0.1 or higher.

      +

      There is no fixed version for Ubuntu:22.04 sqlite3.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

      -
      -

      Use After Free

      +
      +

      Uncontrolled Recursion

      -
      - medium severity +
      + low severity
      @@ -747,13 +743,13 @@

      Use After Free

    • Vulnerable module: - expat/libexpat1 + pcre3/libpcre3
    • Introduced through: + docker-image|quay.io/argoproj/argocd@v2.4.18 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 - docker-image|quay.io/argoproj/argocd@v2.4.17, git@1:2.34.1-1ubuntu1.5 and others
    @@ -765,11 +761,20 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 - git@1:2.34.1-1ubuntu1.5 + pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.4.18 + + grep@3.7-1build1 - expat/libexpat1@2.4.7-1 + pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 @@ -781,41 +786,33 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply to the upstream expat package. - See How to fix? for Ubuntu:22.04 relevant versions.

      -

      libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.

      +

      Note: Versions mentioned in the description apply to the upstream pcre3 package.

      +

      In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.

      Remediation

      -

      Upgrade Ubuntu:22.04 expat to version 2.4.7-1ubuntu0.1 or higher.

      +

      There is no fixed version for Ubuntu:22.04 pcre3.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

      -
      -

      Use After Free

      +
      +

      Release of Invalid Pointer or Reference

      -
      - medium severity +
      + low severity
      @@ -827,13 +824,13 @@

      Use After Free

    • Vulnerable module: - expat/libexpat1 + patch
    • Introduced through: + docker-image|quay.io/argoproj/argocd@v2.4.18 and patch@2.7.6-7build2 - docker-image|quay.io/argoproj/argocd@v2.4.17, git@1:2.34.1-1ubuntu1.5 and others
    @@ -845,11 +842,9 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 - git@1:2.34.1-1ubuntu1.5 - - expat/libexpat1@2.4.7-1 + patch@2.7.6-7build2 @@ -861,42 +856,29 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply to the upstream expat package. - See How to fix? for Ubuntu:22.04 relevant versions.

      -

      In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.

      +

      Note: Versions mentioned in the description apply to the upstream patch package.

      +

      An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.

      Remediation

      -

      Upgrade Ubuntu:22.04 expat to version 2.4.7-1ubuntu0.2 or higher.

      +

      There is no fixed version for Ubuntu:22.04 patch.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

      -
      -

      Insufficient Verification of Data Authenticity

      +
      +

      Double Free

      -
      - medium severity +
      + low severity
      @@ -908,12 +890,12 @@

      Insufficient Verification of Data Authenticity

    • Vulnerable module: - ca-certificates + patch
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 and ca-certificates@20211016 + docker-image|quay.io/argoproj/argocd@v2.4.18 and patch@2.7.6-7build2
    @@ -926,9 +908,9 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 - ca-certificates@20211016 + patch@2.7.6-7build2 @@ -940,27 +922,30 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply to the upstream ca-certificates package. - See How to fix? for Ubuntu:22.04 relevant versions.

      -

      Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion.

      +

      Note: Versions mentioned in the description apply to the upstream patch package.

      +

      A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.

      Remediation

      -

      Upgrade Ubuntu:22.04 ca-certificates to version 20211016ubuntu0.22.04.1 or higher.

      +

      There is no fixed version for Ubuntu:22.04 patch.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

      -

      Time-of-check Time-of-use (TOCTOU)

      +

      Improper Locking

      @@ -976,12 +961,12 @@

      Time-of-check Time-of-use (TOCTOU)

    • Vulnerable module: - shadow/passwd + openssl/libssl3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 and shadow/passwd@1:4.8.1-2ubuntu2 + docker-image|quay.io/argoproj/argocd@v2.4.18 and openssl/libssl3@3.0.2-0ubuntu1.7
    @@ -994,258 +979,113 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 - shadow/passwd@1:4.8.1-2ubuntu2 + openssl/libssl3@3.0.2-0ubuntu1.7
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 - adduser@3.118ubuntu5 + cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1 - shadow/passwd@1:4.8.1-2ubuntu2 + openssl/libssl3@3.0.2-0ubuntu1.7
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 - openssh/openssh-client@1:8.9p1-3 + libfido2/libfido2-1@1.10.0-1 - shadow/passwd@1:4.8.1-2ubuntu2 + openssl/libssl3@3.0.2-0ubuntu1.7
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 + + openssh/openssh-client@1:8.9p1-3 - shadow/login@1:4.8.1-2ubuntu2 + openssl/libssl3@3.0.2-0ubuntu1.7
      • -
    - - - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply to the upstream shadow package. - See How to fix? for Ubuntu:22.04 relevant versions.

    -

    shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees

    -

    Remediation

    -

    Upgrade Ubuntu:22.04 shadow to version 1:4.8.1-2ubuntu2.1 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - - -
    -

    Uncontrolled Recursion

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - pcre3/libpcre3 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.4.17 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 - pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 + ca-certificates@20211016ubuntu0.22.04.1 + + openssl@3.0.2-0ubuntu1.7 + + openssl/libssl3@3.0.2-0ubuntu1.7
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 - grep@3.7-1build1 + git@1:2.34.1-1ubuntu1.5 - pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.6 + + libssh/libssh-4@0.9.6-2build1 + + openssl/libssl3@3.0.2-0ubuntu1.7
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply to the upstream pcre3 package.

    -

    In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 pcre3.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Release of Invalid Pointer or Reference

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - patch -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.4.17 and patch@2.7.6-7build2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 - patch@2.7.6-7build2 + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.1 + + pam/libpam-modules@1.4.0-11ubuntu2 + + libnsl/libnsl2@1.3.0-2build2 + + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + + krb5/libgssapi-krb5-2@1.19.2-2 + + krb5/libkrb5-3@1.19.2-2 + + openssl/libssl3@3.0.2-0ubuntu1.7
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply to the upstream patch package.

    -

    An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 patch.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Double Free

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - patch -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.4.17 and patch@2.7.6-7build2 - -
      • -
    - -
    - - -

    Detailed paths

    +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.4.18 + + openssl@3.0.2-0ubuntu1.7 + + -
      +
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 - patch@2.7.6-7build2 + ca-certificates@20211016ubuntu0.22.04.1 + + openssl@3.0.2-0ubuntu1.7 @@ -1257,25 +1097,21 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply to the upstream patch package.

      -

      A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.

      +

      Note: Versions mentioned in the description apply to the upstream openssl package.

      +

      If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems (most widely: Windows) this results in a denial of service when the affected process hangs. Policy processing being enabled on a publicly facing server is not considered to be a common setup. Policy processing is enabled by passing the -policy&#39; argument to the command line utilities or by calling either X509_VERIFY_PARAM_add0_policy()' or `X509_VERIFY_PARAM_set1_policies()' functions.

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 patch.

      +

      There is no fixed version for Ubuntu:22.04 openssl.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    • @@ -1301,7 +1137,7 @@

    CVE-2021-41617

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 and openssh/openssh-client@1:8.9p1-3 + docker-image|quay.io/argoproj/argocd@v2.4.18 and openssh/openssh-client@1:8.9p1-3
    • @@ -1314,7 +1150,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 openssh/openssh-client@1:8.9p1-3 @@ -1377,7 +1213,7 @@

      Information Exposure

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 and openssh/openssh-client@1:8.9p1-3 + docker-image|quay.io/argoproj/argocd@v2.4.18 and openssh/openssh-client@1:8.9p1-3
    @@ -1390,7 +1226,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 openssh/openssh-client@1:8.9p1-3 @@ -1450,7 +1286,7 @@

      Out-of-bounds Read

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 and ncurses/libtinfo6@6.3-2 + docker-image|quay.io/argoproj/argocd@v2.4.18 and ncurses/libtinfo6@6.3-2
    @@ -1463,7 +1299,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 ncurses/libtinfo6@6.3-2 @@ -1472,7 +1308,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 bash@5.1-6ubuntu1 @@ -1483,7 +1319,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 ncurses/libncursesw6@6.3-2 @@ -1494,7 +1330,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 less@590-1build1 @@ -1505,7 +1341,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 libedit/libedit2@3.1-20210910-1build1 @@ -1516,7 +1352,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 ncurses/libncurses6@6.3-2 @@ -1527,7 +1363,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 ncurses/ncurses-bin@6.3-2 @@ -1538,7 +1374,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 procps@2:3.3.17-6ubuntu2 @@ -1549,7 +1385,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 util-linux@2.37.2-4ubuntu3 @@ -1560,7 +1396,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -1575,7 +1411,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -1590,7 +1426,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 ncurses/libncursesw6@6.3-2 @@ -1599,7 +1435,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 procps@2:3.3.17-6ubuntu2 @@ -1610,7 +1446,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -1625,7 +1461,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 ncurses/libncurses6@6.3-2 @@ -1634,7 +1470,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 procps@2:3.3.17-6ubuntu2 @@ -1645,7 +1481,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 ncurses/ncurses-base@6.3-2 @@ -1654,7 +1490,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 ncurses/ncurses-bin@6.3-2 @@ -1711,7 +1547,7 @@

      Integer Overflow or Wraparound

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 and krb5/libk5crypto3@1.19.2-2 + docker-image|quay.io/argoproj/argocd@v2.4.18 and krb5/libk5crypto3@1.19.2-2
    @@ -1724,7 +1560,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 krb5/libk5crypto3@1.19.2-2 @@ -1733,11 +1569,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 adduser@3.118ubuntu5 - shadow/passwd@1:4.8.1-2ubuntu2 + shadow/passwd@1:4.8.1-2ubuntu2.1 pam/libpam-modules@1.4.0-11ubuntu2 @@ -1754,11 +1590,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 adduser@3.118ubuntu5 - shadow/passwd@1:4.8.1-2ubuntu2 + shadow/passwd@1:4.8.1-2ubuntu2.1 pam/libpam-modules@1.4.0-11ubuntu2 @@ -1777,7 +1613,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 krb5/libkrb5-3@1.19.2-2 @@ -1786,11 +1622,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 adduser@3.118ubuntu5 - shadow/passwd@1:4.8.1-2ubuntu2 + shadow/passwd@1:4.8.1-2ubuntu2.1 pam/libpam-modules@1.4.0-11ubuntu2 @@ -1807,7 +1643,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 krb5/libgssapi-krb5-2@1.19.2-2 @@ -1816,7 +1652,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 openssh/openssh-client@1:8.9p1-3 @@ -1827,7 +1663,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 git@1:2.34.1-1ubuntu1.5 @@ -1840,7 +1676,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 git@1:2.34.1-1ubuntu1.5 @@ -1855,11 +1691,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 adduser@3.118ubuntu5 - shadow/passwd@1:4.8.1-2ubuntu2 + shadow/passwd@1:4.8.1-2ubuntu2.1 pam/libpam-modules@1.4.0-11ubuntu2 @@ -1874,7 +1710,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 meta-common-packages@meta @@ -1932,7 +1768,7 @@

      CVE-2022-3219

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 and gnupg2/gpgv@2.2.27-3ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.4.18 and gnupg2/gpgv@2.2.27-3ubuntu2.1
    @@ -1945,7 +1781,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -1954,7 +1790,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 apt@2.4.8 @@ -1965,7 +1801,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -1976,7 +1812,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -1987,7 +1823,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -1998,7 +1834,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2011,7 +1847,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2024,7 +1860,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -2033,7 +1869,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2044,7 +1880,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2057,7 +1893,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1 @@ -2066,7 +1902,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2077,7 +1913,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 @@ -2086,7 +1922,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2097,7 +1933,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -2106,7 +1942,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2117,7 +1953,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2130,7 +1966,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2143,7 +1979,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 gnupg2/gpg-agent@2.2.27-3ubuntu2.1 @@ -2152,7 +1988,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2163,7 +1999,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2176,7 +2012,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2189,7 +2025,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 @@ -2198,7 +2034,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2209,7 +2045,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 @@ -2218,7 +2054,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2229,7 +2065,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 gnupg2/gpgsm@2.2.27-3ubuntu2.1 @@ -2238,7 +2074,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2249,7 +2085,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2300,7 +2136,7 @@

      Allocation of Resources Without Limits or Throttling

      Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 and glibc/libc-bin@2.35-0ubuntu3.1 + docker-image|quay.io/argoproj/argocd@v2.4.18 and glibc/libc-bin@2.35-0ubuntu3.1
    @@ -2313,7 +2149,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 glibc/libc-bin@2.35-0ubuntu3.1 @@ -2322,7 +2158,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 meta-common-packages@meta @@ -2380,7 +2216,7 @@

      Improper Input Validation

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17, git@1:2.34.1-1ubuntu1.5 and others + docker-image|quay.io/argoproj/argocd@v2.4.18, git@1:2.34.1-1ubuntu1.5 and others
    @@ -2392,7 +2228,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 git@1:2.34.1-1ubuntu1.5 @@ -2403,7 +2239,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 git@1:2.34.1-1ubuntu1.5 @@ -2412,7 +2248,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 git-lfs@3.0.2-1 @@ -2468,7 +2304,7 @@

      Improper Input Validation

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 and coreutils@8.32-4.1ubuntu1 + docker-image|quay.io/argoproj/argocd@v2.4.18 and coreutils@8.32-4.1ubuntu1
    @@ -2481,7 +2317,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 coreutils@8.32-4.1ubuntu1 @@ -2537,7 +2373,7 @@

      CVE-2022-3715

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 and bash@5.1-6ubuntu1 + docker-image|quay.io/argoproj/argocd@v2.4.18 and bash@5.1-6ubuntu1
    @@ -2550,7 +2386,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.17 + docker-image|quay.io/argoproj/argocd@v2.4.18 bash@5.1-6ubuntu1 diff --git a/docs/snyk/v2.4.17/redis_7.0.4-alpine.html b/docs/snyk/v2.4.18/redis_7.0.4-alpine.html similarity index 99% rename from docs/snyk/v2.4.17/redis_7.0.4-alpine.html rename to docs/snyk/v2.4.18/redis_7.0.4-alpine.html index 291d217e31669..ecbdfc6caeb2a 100644 --- a/docs/snyk/v2.4.17/redis_7.0.4-alpine.html +++ b/docs/snyk/v2.4.18/redis_7.0.4-alpine.html @@ -456,7 +456,7 @@

      Snyk test report

      -

      December 11th 2022, 12:21:12 am

      +

      December 16th 2022, 9:21:11 pm

      Scanned the following path: diff --git a/docs/snyk/v2.5.4/argocd-iac-install.html b/docs/snyk/v2.5.5/argocd-iac-install.html similarity index 99% rename from docs/snyk/v2.5.4/argocd-iac-install.html rename to docs/snyk/v2.5.5/argocd-iac-install.html index 2a0c9ee17d981..13bbcda9015e0 100644 --- a/docs/snyk/v2.5.4/argocd-iac-install.html +++ b/docs/snyk/v2.5.5/argocd-iac-install.html @@ -456,7 +456,7 @@

      Snyk test report

      -

      December 11th 2022, 12:19:55 am

      +

      December 16th 2022, 9:20:13 pm

      Scanned the following path: diff --git a/docs/snyk/v2.5.4/argocd-iac-namespace-install.html b/docs/snyk/v2.5.5/argocd-iac-namespace-install.html similarity index 99% rename from docs/snyk/v2.5.4/argocd-iac-namespace-install.html rename to docs/snyk/v2.5.5/argocd-iac-namespace-install.html index cb15012bf5b04..8593e6e812f0c 100644 --- a/docs/snyk/v2.5.4/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.5.5/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

      Snyk test report

      -

      December 11th 2022, 12:20:08 am

      +

      December 16th 2022, 9:20:22 pm

      Scanned the following path: diff --git a/docs/snyk/v2.5.4/argocd-test.html b/docs/snyk/v2.5.5/argocd-test.html similarity index 99% rename from docs/snyk/v2.5.4/argocd-test.html rename to docs/snyk/v2.5.5/argocd-test.html index 4be4d1f969d5f..7cf57ebf002d3 100644 --- a/docs/snyk/v2.5.4/argocd-test.html +++ b/docs/snyk/v2.5.5/argocd-test.html @@ -456,7 +456,7 @@

      Snyk test report

      -

      December 11th 2022, 12:18:12 am

      +

      December 16th 2022, 9:18:54 pm

      Scanned the following paths: @@ -577,30 +577,30 @@

      References

      -
      -

      Denial of Service (DoS)

      +
      +

      Server-side Request Forgery (SSRF)

      -
      - high severity +
      + medium severity
      • - Package Manager: golang + Package Manager: npm
      • Vulnerable module: - golang.org/x/net/http2 + parse-url
      • Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0, k8s.io/client-go/rest@0.24.2 and others + argo-cd-ui@1.0.0, git-url-parse@11.6.0 and others
      @@ -612,121 +612,427 @@

      Detailed paths

      • Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/rest@0.24.2 + argo-cd-ui@1.0.0 - golang.org/x/net/http2@#9d032be2e588 - - - -
        • -
      • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 + git-url-parse@11.6.0 - github.com/improbable-eng/grpc-web/go/grpcweb@#16092bd1d58a + git-up@4.0.5 - golang.org/x/net/http2@#9d032be2e588 + parse-url@6.0.5
        • -
      • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@#9d032be2e588 - - +
      -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/soheilhy/cmux@0.1.5 - - golang.org/x/net/http2@#9d032be2e588 - - +
    - -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/cache@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@#9d032be2e588 - - +
    + +

    Overview

    +

    parse-url is an An advanced url parser supporting git urls too.

    +

    Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) due to improper detection of protocol, resource, and pathname fields. Exploiting this vulnerability results in bypassing protocol verification.

    +

    PoC:

    + 
    import parseUrl from "parse-url";
+        import fetch from 'node-fetch';
+        var parsed=parseUrl("http://nnnn@localhost:808:/?id=xss")
+        if(parsed.resource=="localhost"){
+        console.log("internal network access is blocked")
+        }
+        else{
+           const response = await fetch('http://'+parsed.resource+parsed.pathname);
+                console.log(response)
+         }
+
    +

    Remediation

    +

    Upgrade parse-url to version 8.1.0 or higher.

    +

    References

    + -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/discovery@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@#9d032be2e588 - - +
    -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/dynamic@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@#9d032be2e588 - - +
    +

    More about this vulnerability

    +
    -
    • + +
    +

    Improper Input Validation

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: npm +
      • +
    • + Vulnerable module: + + parse-url +
      • + +
    • Introduced through: + + + argo-cd-ui@1.0.0, git-url-parse@11.6.0 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
    • Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 + argo-cd-ui@1.0.0 - k8s.io/client-go/transport/spdy@0.24.2 + git-url-parse@11.6.0 - k8s.io/client-go/rest@0.24.2 + git-up@4.0.5 - golang.org/x/net/http2@#9d032be2e588 + parse-url@6.0.5
      • +
    + +
    + +
    + +

    Overview

    +

    parse-url is an An advanced url parser supporting git urls too.

    +

    Affected versions of this package are vulnerable to Improper Input Validation due to incorrect parsing of URLs. This allows the attacker to craft a malformed URL which can lead to a phishing attack.

    + 
    
+        const parseUrl = require("parse-url");
+        const Url = require("url");
+        
+        const express = require('express');
+        const app = express();
+        
+        var url = "https://www.google.com:x@fakesite.com:x";
+        parsed = parseUrl(url);
+        console.log("[*]`parse-url` output: ")
+        console.log(parsed);
+        
+        parsed2 = Url.parse(url);
+        console.log("[*]`url` output: ")
+        console.log(parsed2)
+        
+        app.get('/', (req, res) => {
+            if (parsed.host == "www.google.com") {
+                res.send("<a href=\'" + parsed2.href + "\'>CLICK ME!</a>")
+            }
+        })
+        
+        app.listen(8888,"0.0.0.0");
+
    +

    Remediation

    +

    Upgrade parse-url to version 8.1.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Regular Expression Denial of Service (ReDoS)

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: npm +
      • +
    • + Vulnerable module: + + minimatch +
      • + +
    • Introduced through: + + + argo-cd-ui@1.0.0, redoc@2.0.0-rc.64 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
    • Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 + argo-cd-ui@1.0.0 - github.com/argoproj/pkg/kubeclientmetrics@#36c59d8fafe0 + redoc@2.0.0-rc.64 - k8s.io/client-go/rest@0.24.2 + @redocly/openapi-core@1.0.0-beta.82 - golang.org/x/net/http2@#9d032be2e588 + minimatch@3.0.4
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/testing@0.24.2 - - k8s.io/client-go/rest@0.24.2 - +
    + +
    + +
    + +

    Overview

    +

    minimatch is a minimal matching utility.

    +

    Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the braceExpand function in minimatch.js.

    +

    Details

    +

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.

    +

    The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.

    +

    Let’s take the following regular expression as an example:

    + 
    regex = /A(B|C+)+D/
+
    +

    This regular expression accomplishes the following:

    +
      +
    • A The string must start with the letter 'A'
      • +
    • (B|C+)+ The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the + matches one or more times). The + at the end of this section states that we can look for one or more matches of this section.
      • +
    • D Finally, we ensure this section of the string ends with a 'D'
      • +
    +

    The expression would match inputs such as ABBD, ABCCCCD, ABCBCCCD and ACCCCCD

    +

    It most cases, it doesn't take very long for a regex engine to find a match:

    + 
    $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD")'
+        0.04s user 0.01s system 95% cpu 0.052 total
+        
+        $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX")'
+        1.79s user 0.02s system 99% cpu 1.812 total
+
    +

    The entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.

    +

    Most Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as catastrophic backtracking.

    +

    Let's look at how our expression runs into this problem, using a shorter string: "ACCCX". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:

    +
      +
    1. CCC
      2. +
    2. CC+C
      3. +
    3. C+CC
      4. +
    4. C+C+C.
      5. +
    +

    The engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use RegEx 101 debugger to see the engine has to take a total of 38 steps before it can determine the string doesn't match.

    +

    From there, the number of steps the engine must use to validate a string just continues to grow.

    +
    Project docker-image|quay.io/argoproj/argocd
    Path quay.io/argoproj/argocd:v2.4.17/argoproj/argocd
    Path quay.io/argoproj/argocd:v2.4.18/argoproj/argocd
    Package Manager deb
    Manifest Dockerfile
    + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    StringNumber of C'sNumber of steps
    ACCCX338
    ACCCCX471
    ACCCCCX5136
    ACCCCCCCCCCCCCCX1465,553
    +

    By the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.

    +

    Remediation

    +

    Upgrade minimatch to version 3.0.5 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Denial of Service (DoS)

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + golang.org/x/net/http2 +
      • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, k8s.io/client-go/rest@0.24.2 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/improbable-eng/grpc-web/go/grpcweb@#16092bd1d58a + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/soheilhy/cmux@0.1.5 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/cache@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/discovery@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/dynamic@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/transport/spdy@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/pkg/kubeclientmetrics@#36c59d8fafe0 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@#9d032be2e588 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/testing@0.24.2 + + k8s.io/client-go/rest@0.24.2 + golang.org/x/net/http2@#9d032be2e588 @@ -2755,312 +3061,6 @@

      References

      More about this vulnerability

    -
    -
    -

    Server-side Request Forgery (SSRF)

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: npm -
      • -
    • - Vulnerable module: - - parse-url -
      • - -
    • Introduced through: - - - argo-cd-ui@1.0.0, git-url-parse@11.6.0 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - argo-cd-ui@1.0.0 - - git-url-parse@11.6.0 - - git-up@4.0.5 - - parse-url@6.0.5 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    parse-url is an An advanced url parser supporting git urls too.

    -

    Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) due to improper detection of protocol, resource, and pathname fields. Exploiting this vulnerability results in bypassing protocol verification.

    -

    PoC:

    - 
    import parseUrl from "parse-url";
-        import fetch from 'node-fetch';
-        var parsed=parseUrl("http://nnnn@localhost:808:/?id=xss")
-        if(parsed.resource=="localhost"){
-        console.log("internal network access is blocked")
-        }
-        else{
-           const response = await fetch('http://'+parsed.resource+parsed.pathname);
-                console.log(response)
-         }
-
    -

    Remediation

    -

    Upgrade parse-url to version 8.1.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Input Validation

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: npm -
      • -
    • - Vulnerable module: - - parse-url -
      • - -
    • Introduced through: - - - argo-cd-ui@1.0.0, git-url-parse@11.6.0 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - argo-cd-ui@1.0.0 - - git-url-parse@11.6.0 - - git-up@4.0.5 - - parse-url@6.0.5 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    parse-url is an An advanced url parser supporting git urls too.

    -

    Affected versions of this package are vulnerable to Improper Input Validation due to incorrect parsing of URLs. This allows the attacker to craft a malformed URL which can lead to a phishing attack.

    - 
    
-        const parseUrl = require("parse-url");
-        const Url = require("url");
-        
-        const express = require('express');
-        const app = express();
-        
-        var url = "https://www.google.com:x@fakesite.com:x";
-        parsed = parseUrl(url);
-        console.log("[*]`parse-url` output: ")
-        console.log(parsed);
-        
-        parsed2 = Url.parse(url);
-        console.log("[*]`url` output: ")
-        console.log(parsed2)
-        
-        app.get('/', (req, res) => {
-            if (parsed.host == "www.google.com") {
-                res.send("<a href=\'" + parsed2.href + "\'>CLICK ME!</a>")
-            }
-        })
-        
-        app.listen(8888,"0.0.0.0");
-
    -

    Remediation

    -

    Upgrade parse-url to version 8.1.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Regular Expression Denial of Service (ReDoS)

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: npm -
      • -
    • - Vulnerable module: - - minimatch -
      • - -
    • Introduced through: - - - argo-cd-ui@1.0.0, redoc@2.0.0-rc.64 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - argo-cd-ui@1.0.0 - - redoc@2.0.0-rc.64 - - @redocly/openapi-core@1.0.0-beta.82 - - minimatch@3.0.4 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    minimatch is a minimal matching utility.

    -

    Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the braceExpand function in minimatch.js.

    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.

    -

    The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.

    -

    Let’s take the following regular expression as an example:

    - 
    regex = /A(B|C+)+D/
-
    -

    This regular expression accomplishes the following:

    -
      -
    • A The string must start with the letter 'A'
      • -
    • (B|C+)+ The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the + matches one or more times). The + at the end of this section states that we can look for one or more matches of this section.
      • -
    • D Finally, we ensure this section of the string ends with a 'D'
      • -
    -

    The expression would match inputs such as ABBD, ABCCCCD, ABCBCCCD and ACCCCCD

    -

    It most cases, it doesn't take very long for a regex engine to find a match:

    - 
    $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD")'
-        0.04s user 0.01s system 95% cpu 0.052 total
-        
-        $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX")'
-        1.79s user 0.02s system 99% cpu 1.812 total
-
    -

    The entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.

    -

    Most Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as catastrophic backtracking.

    -

    Let's look at how our expression runs into this problem, using a shorter string: "ACCCX". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:

    -
      -
    1. CCC
      2. -
    2. CC+C
      3. -
    3. C+CC
      4. -
    4. C+C+C.
      5. -
    -

    The engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use RegEx 101 debugger to see the engine has to take a total of 38 steps before it can determine the string doesn't match.

    -

    From there, the number of steps the engine must use to validate a string just continues to grow.

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    StringNumber of C'sNumber of steps
    ACCCX338
    ACCCCX471
    ACCCCCX5136
    ACCCCCCCCCCCCCCX1465,553
    -

    By the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.

    -

    Remediation

    -

    Upgrade minimatch to version 3.0.5 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    -

    Improper Input Validation

    diff --git a/docs/snyk/v2.5.5/ghcr.io_dexidp_dex_v2.35.3.html b/docs/snyk/v2.5.5/ghcr.io_dexidp_dex_v2.35.3.html new file mode 100644 index 0000000000000..d0458f36b0ff2 --- /dev/null +++ b/docs/snyk/v2.5.5/ghcr.io_dexidp_dex_v2.35.3.html @@ -0,0 +1,492 @@ + + + + + + + + + Snyk test report + + + + + + + + + +
    +
    +
    +
    + + + Snyk - Open Source Security + + + + + + + +
    +

    Snyk test report

    + +

    December 16th 2022, 9:18:58 pm

    +
    +
    + Scanned the following path: +
      +
    • ghcr.io/dexidp/dex:v2.35.3/dexidp/dex (apk)
      • +
    +
    + +
    +
    0 known vulnerabilities
    +
    0 vulnerable dependency paths
    +
    14 dependencies
    +
    +
    +
    +
    +
    + + + + + + + +
    Project docker-image|ghcr.io/dexidp/dex
    Path ghcr.io/dexidp/dex:v2.35.3/dexidp/dex
    Package Manager apk
    +
    +
    + No known vulnerabilities detected. +
    +
    + + + diff --git a/docs/snyk/v2.5.4/haproxy_2.6.2-alpine.html b/docs/snyk/v2.5.5/haproxy_2.6.2-alpine.html similarity index 99% rename from docs/snyk/v2.5.4/haproxy_2.6.2-alpine.html rename to docs/snyk/v2.5.5/haproxy_2.6.2-alpine.html index 3b78fccb4f957..46cc6ffed4f0c 100644 --- a/docs/snyk/v2.5.4/haproxy_2.6.2-alpine.html +++ b/docs/snyk/v2.5.5/haproxy_2.6.2-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    December 11th 2022, 12:18:19 am

    +

    December 16th 2022, 9:19:01 pm

    Scanned the following path: diff --git a/docs/snyk/v2.5.4/quay.io_argoproj_argocd_v2.5.4.html b/docs/snyk/v2.5.5/quay.io_argoproj_argocd_v2.5.5.html similarity index 86% rename from docs/snyk/v2.5.4/quay.io_argoproj_argocd_v2.5.4.html rename to docs/snyk/v2.5.5/quay.io_argoproj_argocd_v2.5.5.html index 4b1a61a7c71ad..7a4355f657ee8 100644 --- a/docs/snyk/v2.5.4/quay.io_argoproj_argocd_v2.5.4.html +++ b/docs/snyk/v2.5.5/quay.io_argoproj_argocd_v2.5.5.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,18 +456,18 @@

    Snyk test report

    -

    December 11th 2022, 12:18:50 am

    +

    December 16th 2022, 9:19:19 pm

    Scanned the following path:
      -
    • quay.io/argoproj/argocd:v2.5.4/argoproj/argocd (deb)
      • +
    • quay.io/argoproj/argocd:v2.5.5/argoproj/argocd (deb)
    -
    13 known vulnerabilities
    -
    81 vulnerable dependency paths
    +
    15 known vulnerabilities
    +
    91 vulnerable dependency paths
    162 dependencies
    @@ -477,7 +477,7 @@

    Snyk test report

    - + @@ -507,7 +507,7 @@

    Off-by-one Error

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 and systemd/libsystemd0@249.11-0ubuntu3.6 + docker-image|quay.io/argoproj/argocd@v2.5.5 and systemd/libsystemd0@249.11-0ubuntu3.6
    • @@ -520,7 +520,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 systemd/libsystemd0@249.11-0ubuntu3.6 @@ -529,7 +529,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 apt@2.4.8 @@ -540,7 +540,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 procps/libprocps8@2:3.3.17-6ubuntu2 @@ -551,7 +551,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 util-linux@2.37.2-4ubuntu3 @@ -562,7 +562,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 util-linux/bsdutils@1:2.37.2-4ubuntu3 @@ -573,7 +573,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 apt@2.4.8 @@ -586,7 +586,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 systemd/libudev1@249.11-0ubuntu3.6 @@ -595,7 +595,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 libfido2/libfido2-1@1.10.0-1 @@ -606,7 +606,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 util-linux@2.37.2-4ubuntu3 @@ -617,7 +617,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 apt@2.4.8 @@ -655,6 +655,76 @@

      References

      More about this vulnerability

      + +
      +

      CVE-2022-46908

      +
      + +
      + medium severity +
      + +
      + +
        +
      • + Package Manager: ubuntu:22.04 +
        • +
      • + Vulnerable module: + + sqlite3/libsqlite3-0 +
        • + +
      • Introduced through: + + + docker-image|quay.io/argoproj/argocd@v2.5.5, gnupg2/gpg@2.2.27-3ubuntu2.1 and others +
        • +
      + +
      + + +

      Detailed paths

      + +
        +
      • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.5 + + gnupg2/gpg@2.2.27-3ubuntu2.1 + + sqlite3/libsqlite3-0@3.37.2-2ubuntu0.1 + + + +
        • +
      + +
      + +
      + +

      NVD Description

      +

      Note: Versions mentioned in the description apply to the upstream sqlite3 package.

      +

      SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE.

      +

      Remediation

      +

      There is no fixed version for Ubuntu:22.04 sqlite3.

      +

      References

      + + +
      + +
      +

      More about this vulnerability

      +
      +

      Uncontrolled Recursion

      @@ -678,7 +748,7 @@

      Uncontrolled Recursion

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 + docker-image|quay.io/argoproj/argocd@v2.5.5 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1
    @@ -691,7 +761,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 @@ -700,7 +770,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 grep@3.7-1build1 @@ -759,7 +829,7 @@

      Release of Invalid Pointer or Reference

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 and patch@2.7.6-7build2 + docker-image|quay.io/argoproj/argocd@v2.5.5 and patch@2.7.6-7build2
    @@ -772,7 +842,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 patch@2.7.6-7build2 @@ -825,7 +895,7 @@

      Double Free

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 and patch@2.7.6-7build2 + docker-image|quay.io/argoproj/argocd@v2.5.5 and patch@2.7.6-7build2
    @@ -838,7 +908,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 patch@2.7.6-7build2 @@ -873,6 +943,177 @@

      References

      More about this vulnerability

      + +
      +

      Improper Locking

      +
      + +
      + low severity +
      + +
      + +
        +
      • + Package Manager: ubuntu:22.04 +
        • +
      • + Vulnerable module: + + openssl/libssl3 +
        • + +
      • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.5.5 and openssl/libssl3@3.0.2-0ubuntu1.7 + +
        • +
      + +
      + + +

      Detailed paths

      + +
        +
      • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.5 + + openssl/libssl3@3.0.2-0ubuntu1.7 + + + +
        • +
      • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.5 + + cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1 + + openssl/libssl3@3.0.2-0ubuntu1.7 + + + +
        • +
      • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.5 + + libfido2/libfido2-1@1.10.0-1 + + openssl/libssl3@3.0.2-0ubuntu1.7 + + + +
        • +
      • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.5 + + openssh/openssh-client@1:8.9p1-3 + + openssl/libssl3@3.0.2-0ubuntu1.7 + + + +
        • +
      • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.5 + + ca-certificates@20211016ubuntu0.22.04.1 + + openssl@3.0.2-0ubuntu1.7 + + openssl/libssl3@3.0.2-0ubuntu1.7 + + + +
        • +
      • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.5 + + git@1:2.34.1-1ubuntu1.5 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.6 + + libssh/libssh-4@0.9.6-2build1 + + openssl/libssl3@3.0.2-0ubuntu1.7 + + + +
        • +
      • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.5 + + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.1 + + pam/libpam-modules@1.4.0-11ubuntu2 + + libnsl/libnsl2@1.3.0-2build2 + + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + + krb5/libgssapi-krb5-2@1.19.2-2 + + krb5/libkrb5-3@1.19.2-2 + + openssl/libssl3@3.0.2-0ubuntu1.7 + + + +
        • +
      • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.5 + + openssl@3.0.2-0ubuntu1.7 + + + +
        • +
      • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.5 + + ca-certificates@20211016ubuntu0.22.04.1 + + openssl@3.0.2-0ubuntu1.7 + + + +
        • +
      + +
      + +
      + +

      NVD Description

      +

      Note: Versions mentioned in the description apply to the upstream openssl package.

      +

      If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems (most widely: Windows) this results in a denial of service when the affected process hangs. Policy processing being enabled on a publicly facing server is not considered to be a common setup. Policy processing is enabled by passing the -policy&#39; argument to the command line utilities or by calling either X509_VERIFY_PARAM_add0_policy()' or `X509_VERIFY_PARAM_set1_policies()' functions.

      +

      Remediation

      +

      There is no fixed version for Ubuntu:22.04 openssl.

      +

      References

      + + +
      + +
      +

      More about this vulnerability

      +
      +

      CVE-2021-41617

      @@ -896,7 +1137,7 @@

      CVE-2021-41617

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 and openssh/openssh-client@1:8.9p1-3 + docker-image|quay.io/argoproj/argocd@v2.5.5 and openssh/openssh-client@1:8.9p1-3
    @@ -909,7 +1150,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 openssh/openssh-client@1:8.9p1-3 @@ -972,7 +1213,7 @@

      Information Exposure

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 and openssh/openssh-client@1:8.9p1-3 + docker-image|quay.io/argoproj/argocd@v2.5.5 and openssh/openssh-client@1:8.9p1-3
    @@ -985,7 +1226,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 openssh/openssh-client@1:8.9p1-3 @@ -1045,7 +1286,7 @@

      Out-of-bounds Read

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 and ncurses/libtinfo6@6.3-2 + docker-image|quay.io/argoproj/argocd@v2.5.5 and ncurses/libtinfo6@6.3-2
    @@ -1058,7 +1299,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 ncurses/libtinfo6@6.3-2 @@ -1067,7 +1308,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 bash@5.1-6ubuntu1 @@ -1078,7 +1319,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 ncurses/libncursesw6@6.3-2 @@ -1089,7 +1330,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 less@590-1build1 @@ -1100,7 +1341,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 libedit/libedit2@3.1-20210910-1build1 @@ -1111,7 +1352,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 ncurses/libncurses6@6.3-2 @@ -1122,7 +1363,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 ncurses/ncurses-bin@6.3-2 @@ -1133,7 +1374,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 procps@2:3.3.17-6ubuntu2 @@ -1144,7 +1385,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 util-linux@2.37.2-4ubuntu3 @@ -1155,7 +1396,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -1170,7 +1411,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -1185,7 +1426,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 ncurses/libncursesw6@6.3-2 @@ -1194,7 +1435,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 procps@2:3.3.17-6ubuntu2 @@ -1205,7 +1446,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -1220,7 +1461,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 ncurses/libncurses6@6.3-2 @@ -1229,7 +1470,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 procps@2:3.3.17-6ubuntu2 @@ -1240,7 +1481,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 ncurses/ncurses-base@6.3-2 @@ -1249,7 +1490,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 ncurses/ncurses-bin@6.3-2 @@ -1306,7 +1547,7 @@

      Integer Overflow or Wraparound

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 and krb5/libk5crypto3@1.19.2-2 + docker-image|quay.io/argoproj/argocd@v2.5.5 and krb5/libk5crypto3@1.19.2-2
    @@ -1319,7 +1560,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 krb5/libk5crypto3@1.19.2-2 @@ -1328,7 +1569,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 adduser@3.118ubuntu5 @@ -1349,7 +1590,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 adduser@3.118ubuntu5 @@ -1372,7 +1613,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 krb5/libkrb5-3@1.19.2-2 @@ -1381,7 +1622,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 adduser@3.118ubuntu5 @@ -1402,7 +1643,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 krb5/libgssapi-krb5-2@1.19.2-2 @@ -1411,7 +1652,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 openssh/openssh-client@1:8.9p1-3 @@ -1422,7 +1663,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 git@1:2.34.1-1ubuntu1.5 @@ -1435,7 +1676,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 git@1:2.34.1-1ubuntu1.5 @@ -1450,7 +1691,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 adduser@3.118ubuntu5 @@ -1469,7 +1710,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 meta-common-packages@meta @@ -1527,7 +1768,7 @@

      CVE-2022-3219

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 and gnupg2/gpgv@2.2.27-3ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.5.5 and gnupg2/gpgv@2.2.27-3ubuntu2.1
    @@ -1540,7 +1781,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -1549,7 +1790,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 apt@2.4.8 @@ -1560,7 +1801,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -1571,7 +1812,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -1582,7 +1823,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -1593,7 +1834,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -1606,7 +1847,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -1619,7 +1860,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -1628,7 +1869,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -1639,7 +1880,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -1652,7 +1893,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1 @@ -1661,7 +1902,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -1672,7 +1913,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 @@ -1681,7 +1922,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -1692,7 +1933,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -1701,7 +1942,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -1712,7 +1953,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -1725,7 +1966,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -1738,7 +1979,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 gnupg2/gpg-agent@2.2.27-3ubuntu2.1 @@ -1747,7 +1988,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -1758,7 +1999,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -1771,7 +2012,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -1784,7 +2025,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 @@ -1793,7 +2034,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -1804,7 +2045,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 @@ -1813,7 +2054,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -1824,7 +2065,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 gnupg2/gpgsm@2.2.27-3ubuntu2.1 @@ -1833,7 +2074,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -1844,7 +2085,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -1895,7 +2136,7 @@

      Allocation of Resources Without Limits or Throttling

      Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 and glibc/libc-bin@2.35-0ubuntu3.1 + docker-image|quay.io/argoproj/argocd@v2.5.5 and glibc/libc-bin@2.35-0ubuntu3.1
    @@ -1908,7 +2149,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 glibc/libc-bin@2.35-0ubuntu3.1 @@ -1917,7 +2158,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 meta-common-packages@meta @@ -1975,7 +2216,7 @@

      Improper Input Validation

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4, git@1:2.34.1-1ubuntu1.5 and others + docker-image|quay.io/argoproj/argocd@v2.5.5, git@1:2.34.1-1ubuntu1.5 and others
    @@ -1987,7 +2228,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 git@1:2.34.1-1ubuntu1.5 @@ -1998,7 +2239,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 git@1:2.34.1-1ubuntu1.5 @@ -2007,7 +2248,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 git-lfs@3.0.2-1 @@ -2063,7 +2304,7 @@

      Improper Input Validation

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 and coreutils@8.32-4.1ubuntu1 + docker-image|quay.io/argoproj/argocd@v2.5.5 and coreutils@8.32-4.1ubuntu1
    @@ -2076,7 +2317,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 coreutils@8.32-4.1ubuntu1 @@ -2132,7 +2373,7 @@

      CVE-2022-3715

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 and bash@5.1-6ubuntu1 + docker-image|quay.io/argoproj/argocd@v2.5.5 and bash@5.1-6ubuntu1
    @@ -2145,7 +2386,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.4 + docker-image|quay.io/argoproj/argocd@v2.5.5 bash@5.1-6ubuntu1 diff --git a/docs/snyk/v2.5.4/redis_7.0.5-alpine.html b/docs/snyk/v2.5.5/redis_7.0.5-alpine.html similarity index 99% rename from docs/snyk/v2.5.4/redis_7.0.5-alpine.html rename to docs/snyk/v2.5.5/redis_7.0.5-alpine.html index 2bd3b01d8d62a..70e56d1261481 100644 --- a/docs/snyk/v2.5.4/redis_7.0.5-alpine.html +++ b/docs/snyk/v2.5.5/redis_7.0.5-alpine.html @@ -456,7 +456,7 @@

      Snyk test report

      -

      December 11th 2022, 12:18:53 am

      +

      December 16th 2022, 9:19:22 pm

      Scanned the following path: From 2b3e379211ab330db27db6383bf04d8af5efd5cf Mon Sep 17 00:00:00 2001 From: wei Date: Sat, 17 Dec 2022 06:54:46 +0800 Subject: [PATCH 198/304] feat: support Knative Serving 1.5 Custom Health Checks (#9719) * fix: Update account.proto annotaion for gen grpc gateway Signed-off-by: wei840222 * fix: Changes from codegen Signed-off-by: wei840222 * Retrigger CI pipeline Signed-off-by: wei.wan * Retrigger CI pipeline Signed-off-by: wei.wan * fix: Changes from codegen Signed-off-by: wei * Retrigger CI pipeline Signed-off-by: wei.wan * Retrigger CI pipeline Signed-off-by: wei * feat: support Knative Serving 1.5 Custom Health Checks Signed-off-by: wei.wan * fix: fix test fail Signed-off-by: wei.wan * feat: support Knative Serving 1.5 Custom Health Checks Signed-off-by: wei840222 Signed-off-by: wei840222 Signed-off-by: wei.wan Signed-off-by: wei Co-authored-by: wei.wan Signed-off-by: emirot --- .../serving.knative.dev/Service/health.lua | 40 +++++++++++++++++++ .../Service/health_test.yaml | 13 ++++++ .../Service/testdata/degraded.yaml | 21 ++++++++++ .../Service/testdata/healthy.yaml | 17 ++++++++ .../Service/testdata/progressing.yaml | 21 ++++++++++ 5 files changed, 112 insertions(+) create mode 100644 resource_customizations/serving.knative.dev/Service/health.lua create mode 100644 resource_customizations/serving.knative.dev/Service/health_test.yaml create mode 100644 resource_customizations/serving.knative.dev/Service/testdata/degraded.yaml create mode 100644 resource_customizations/serving.knative.dev/Service/testdata/healthy.yaml create mode 100644 resource_customizations/serving.knative.dev/Service/testdata/progressing.yaml diff --git a/resource_customizations/serving.knative.dev/Service/health.lua b/resource_customizations/serving.knative.dev/Service/health.lua new file mode 100644 index 0000000000000..9867d8ab09df6 --- /dev/null +++ b/resource_customizations/serving.knative.dev/Service/health.lua @@ -0,0 +1,40 @@ +health_status = {} +health_status.status = "Progressing" +health_status.message = "Waiting for status update." +if obj.status ~= nil and obj.status.conditions ~= nil then + status_true = 0 + status_false = 0 + status_unknown = 0 + health_status.message = "" + for i, condition in pairs(obj.status.conditions) do + if condition.status == "True" and (condition.type == "ConfigurationsReady" or condition.type == "RoutesReady" or condition.type == "Ready") then + status_true = status_true + 1 + elseif condition.status == "False" or condition.status == "Unknown" then + msg = condition.type .. " is " .. condition.status + if condition.reason ~= nil and condition.reason ~= "" then + msg = msg .. ", since " .. condition.reason .. "." + end + if condition.message ~= nil and condition.message ~= "" then + msg = msg .. " " .. condition.message + end + health_status.message = health_status.message .. msg .. "\n" + if condition.status == "False" then + status_false = status_false + 1 + else + status_unknown = status_unknown + 1 + end + end + end + if status_true == 3 and status_false == 0 and status_unknown == 0 then + health_status.message = "Knative Service is healthy." + health_status.status = "Healthy" + return health_status + elseif status_false > 0 then + health_status.status = "Degraded" + return health_status + else + health_status.status = "Progressing" + return health_status + end +end +return health_status \ No newline at end of file diff --git a/resource_customizations/serving.knative.dev/Service/health_test.yaml b/resource_customizations/serving.knative.dev/Service/health_test.yaml new file mode 100644 index 0000000000000..88ddbf44f4979 --- /dev/null +++ b/resource_customizations/serving.knative.dev/Service/health_test.yaml @@ -0,0 +1,13 @@ +tests: +- healthStatus: + status: Progressing + message: "Ready is Unknown, since RolloutInProgress. A gradual rollout of the latest revision(s) is in progress.\nRoutesReady is Unknown, since RolloutInProgress. A gradual rollout of the latest revision(s) is in progress.\n" + inputPath: testdata/progressing.yaml +- healthStatus: + status: Degraded + message: "ConfigurationsReady is False, since RevisionFailed. Revision \"helloworld-00002\" failed with message: Container failed with: container exited with no error.\nReady is False, since RevisionFailed. Revision \"helloworld-00002\" failed with message: Container failed with: container exited with no error.\n" + inputPath: testdata/degraded.yaml +- healthStatus: + status: Healthy + message: Knative Service is healthy. + inputPath: testdata/healthy.yaml diff --git a/resource_customizations/serving.knative.dev/Service/testdata/degraded.yaml b/resource_customizations/serving.knative.dev/Service/testdata/degraded.yaml new file mode 100644 index 0000000000000..cc23d525816f5 --- /dev/null +++ b/resource_customizations/serving.knative.dev/Service/testdata/degraded.yaml @@ -0,0 +1,21 @@ +apiVersion: serving.knative.dev/v1 +kind: Service +metadata: + name: helloworld + namespace: default +spec: {} +status: + conditions: + - lastTransitionTime: "2022-06-14T03:45:38Z" + message: 'Revision "helloworld-00002" failed with message: Container failed with: container exited with no error.' + reason: RevisionFailed + status: "False" + type: ConfigurationsReady + - lastTransitionTime: "2022-06-14T03:45:38Z" + message: 'Revision "helloworld-00002" failed with message: Container failed with: container exited with no error.' + reason: RevisionFailed + status: "False" + type: Ready + - lastTransitionTime: "2022-06-16T09:35:11Z" + status: "True" + type: RoutesReady diff --git a/resource_customizations/serving.knative.dev/Service/testdata/healthy.yaml b/resource_customizations/serving.knative.dev/Service/testdata/healthy.yaml new file mode 100644 index 0000000000000..ced6960193ee2 --- /dev/null +++ b/resource_customizations/serving.knative.dev/Service/testdata/healthy.yaml @@ -0,0 +1,17 @@ +apiVersion: serving.knative.dev/v1 +kind: Service +metadata: + name: helloworld + namespace: default +spec: {} +status: + conditions: + - lastTransitionTime: "2022-06-20T03:52:41Z" + status: "True" + type: ConfigurationsReady + - lastTransitionTime: "2022-06-20T03:52:41Z" + status: "True" + type: Ready + - lastTransitionTime: "2022-06-20T03:52:41Z" + status: "True" + type: RoutesReady diff --git a/resource_customizations/serving.knative.dev/Service/testdata/progressing.yaml b/resource_customizations/serving.knative.dev/Service/testdata/progressing.yaml new file mode 100644 index 0000000000000..f381e5fc06d80 --- /dev/null +++ b/resource_customizations/serving.knative.dev/Service/testdata/progressing.yaml @@ -0,0 +1,21 @@ +apiVersion: serving.knative.dev/v1 +kind: Service +metadata: + name: helloworld + namespace: default +spec: {} +status: + conditions: + - lastTransitionTime: "2022-06-20T04:14:22Z" + status: "True" + type: ConfigurationsReady + - lastTransitionTime: "2022-06-20T04:14:22Z" + message: A gradual rollout of the latest revision(s) is in progress. + reason: RolloutInProgress + status: Unknown + type: Ready + - lastTransitionTime: "2022-06-20T04:14:22Z" + message: A gradual rollout of the latest revision(s) is in progress. + reason: RolloutInProgress + status: Unknown + type: RoutesReady From 435d8427729d1e82712da0fa920550d3758d1018 Mon Sep 17 00:00:00 2001 From: Jellyfrog Date: Sat, 17 Dec 2022 00:01:43 +0100 Subject: [PATCH 199/304] feat: Extend Cluster.cluster.x-k8s.io health check (#11705) Signed-off-by: Jellyfrog Signed-off-by: Jellyfrog Signed-off-by: emirot --- .../cluster.x-k8s.io/Cluster/health.lua | 21 ++++---- .../cluster.x-k8s.io/Cluster/health_test.yaml | 6 ++- .../Cluster/testdata/error_provisioned.yaml | 54 +++++++++++++++++++ 3 files changed, 69 insertions(+), 12 deletions(-) create mode 100644 resource_customizations/cluster.x-k8s.io/Cluster/testdata/error_provisioned.yaml diff --git a/resource_customizations/cluster.x-k8s.io/Cluster/health.lua b/resource_customizations/cluster.x-k8s.io/Cluster/health.lua index a34dbc1067204..3d3f1c4e3892d 100644 --- a/resource_customizations/cluster.x-k8s.io/Cluster/health.lua +++ b/resource_customizations/cluster.x-k8s.io/Cluster/health.lua @@ -1,5 +1,4 @@ -function getStatusBasedOnPhase(obj) - hs = {} +function getStatusBasedOnPhase(obj, hs) hs.status = "Progressing" hs.message = "Waiting for clusters" if obj.status ~= nil and obj.status.phase ~= nil then @@ -15,27 +14,27 @@ function getStatusBasedOnPhase(obj) return hs end -function getReadyContitionMessage(obj) +function getReadyContitionStatus(obj, hs) if obj.status ~= nil and obj.status.conditions ~= nil then for i, condition in ipairs(obj.status.conditions) do if condition.type == "Ready" and condition.status == "False" then - return condition.message + hs.status = "Degraded" + hs.message = condition.message + return hs end end end - return "Condition is unknown" + return hs end +hs = {} if obj.spec.paused ~= nil and obj.spec.paused then - hs = {} hs.status = "Suspended" hs.message = "Cluster is paused" return hs end -hs = getStatusBasedOnPhase(obj) -if hs.status ~= "Healthy" then - hs.message = getReadyContitionMessage(obj) -end +getStatusBasedOnPhase(obj, hs) +getReadyContitionStatus(obj, hs) -return hs \ No newline at end of file +return hs diff --git a/resource_customizations/cluster.x-k8s.io/Cluster/health_test.yaml b/resource_customizations/cluster.x-k8s.io/Cluster/health_test.yaml index a1f887b939899..f147587b23596 100644 --- a/resource_customizations/cluster.x-k8s.io/Cluster/health_test.yaml +++ b/resource_customizations/cluster.x-k8s.io/Cluster/health_test.yaml @@ -1,7 +1,7 @@ tests: - healthStatus: status: Progressing - message: 'Condition is unknown' + message: 'Waiting for clusters' inputPath: testdata/progressing_provisioning.yaml - healthStatus: status: Degraded @@ -15,3 +15,7 @@ tests: status: Healthy message: 'Cluster is running' inputPath: testdata/healthy_provisioned.yaml +- healthStatus: + status: Degraded + message: 'Post "https://tvc01.foo.bar/sdk": host "tvc01.foo.bar:443" thumbprint does not match "0A:21:BD:FC:71:40:BD:96"' + inputPath: testdata/error_provisioned.yaml diff --git a/resource_customizations/cluster.x-k8s.io/Cluster/testdata/error_provisioned.yaml b/resource_customizations/cluster.x-k8s.io/Cluster/testdata/error_provisioned.yaml new file mode 100644 index 0000000000000..e58123aa64205 --- /dev/null +++ b/resource_customizations/cluster.x-k8s.io/Cluster/testdata/error_provisioned.yaml @@ -0,0 +1,54 @@ +apiVersion: cluster.x-k8s.io/v1alpha3 +kind: Cluster +metadata: + labels: + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: 0.3.11 + argocd.argoproj.io/instance: test + cluster.x-k8s.io/cluster-name: test + name: test + namespace: test +spec: + clusterNetwork: + pods: + cidrBlocks: + - 10.20.10.0/19 + services: + cidrBlocks: + - 10.10.10.0/19 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1alpha3 + kind: KubeadmControlPlane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3 + kind: VSphereCluster +status: + conditions: + - lastTransitionTime: '2022-12-14T07:45:14Z' + message: >- + Post "https://tvc01.foo.bar/sdk": host "tvc01.foo.bar:443" + thumbprint does not match + "0A:21:BD:FC:71:40:BD:96" + reason: VCenterUnreachable + severity: Error + status: 'False' + type: Ready + - lastTransitionTime: '2022-11-30T12:04:22Z' + status: 'True' + type: ControlPlaneInitialized + - lastTransitionTime: '2022-11-30T12:10:30Z' + status: 'True' + type: ControlPlaneReady + - lastTransitionTime: '2022-12-14T07:45:14Z' + message: >- + Post "https://tvc01.foo.bar/sdk": host "tvc01.foo.bar:443" + thumbprint does not match + "0A:21:BD:FC:71:40:BD:96" + reason: VCenterUnreachable + severity: Error + status: 'False' + type: InfrastructureReady + controlPlaneReady: true + infrastructureReady: true + observedGeneration: 2 + phase: Provisioned From 296f55ea9c3a29a268c3fdf4f319196006661590 Mon Sep 17 00:00:00 2001 From: Thomas Schuetz <38893055+thschue@users.noreply.github.com> Date: Sat, 17 Dec 2022 01:33:20 +0100 Subject: [PATCH 200/304] feat: add health checks for keptn resources (#11716) * feat: add keptnappversion Signed-off-by: Thomas Schuetz * feat: added keptn resource tests Signed-off-by: Thomas Schuetz * feat: fix test for KeptnWorkloadInstance Signed-off-by: Thomas Schuetz * fix: apiVersion and quotes Signed-off-by: Thomas Schuetz Signed-off-by: Thomas Schuetz Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: emirot --- .../KeptnAppVersion/health.lua | 14 +++ .../KeptnAppVersion/health_test.yaml | 13 +++ .../KeptnAppVersion/testdata/degraded.yaml | 93 +++++++++++++++++++ .../KeptnAppVersion/testdata/healthy.yaml | 93 +++++++++++++++++++ .../KeptnAppVersion/testdata/progressing.yaml | 93 +++++++++++++++++++ .../KeptnEvaluation/health.lua | 14 +++ .../KeptnEvaluation/health_test.yaml | 13 +++ .../KeptnEvaluation/testdata/degraded.yaml | 33 +++++++ .../KeptnEvaluation/testdata/healthy.yaml | 33 +++++++ .../KeptnEvaluation/testdata/progressing.yaml | 33 +++++++ .../lifecycle.keptn.sh/KeptnTask/health.lua | 14 +++ .../KeptnTask/health_test.yaml | 13 +++ .../KeptnTask/testdata/degraded.yaml | 36 +++++++ .../KeptnTask/testdata/healthy.yaml | 37 ++++++++ .../KeptnTask/testdata/progressing.yaml | 36 +++++++ .../KeptnWorkloadInstance/health.lua | 14 +++ .../KeptnWorkloadInstance/health_test.yaml | 13 +++ .../testdata/degraded.yaml | 50 ++++++++++ .../testdata/healthy.yaml | 51 ++++++++++ .../testdata/progressing.yaml | 50 ++++++++++ 20 files changed, 746 insertions(+) create mode 100644 resource_customizations/lifecycle.keptn.sh/KeptnAppVersion/health.lua create mode 100644 resource_customizations/lifecycle.keptn.sh/KeptnAppVersion/health_test.yaml create mode 100644 resource_customizations/lifecycle.keptn.sh/KeptnAppVersion/testdata/degraded.yaml create mode 100644 resource_customizations/lifecycle.keptn.sh/KeptnAppVersion/testdata/healthy.yaml create mode 100644 resource_customizations/lifecycle.keptn.sh/KeptnAppVersion/testdata/progressing.yaml create mode 100644 resource_customizations/lifecycle.keptn.sh/KeptnEvaluation/health.lua create mode 100644 resource_customizations/lifecycle.keptn.sh/KeptnEvaluation/health_test.yaml create mode 100644 resource_customizations/lifecycle.keptn.sh/KeptnEvaluation/testdata/degraded.yaml create mode 100644 resource_customizations/lifecycle.keptn.sh/KeptnEvaluation/testdata/healthy.yaml create mode 100644 resource_customizations/lifecycle.keptn.sh/KeptnEvaluation/testdata/progressing.yaml create mode 100644 resource_customizations/lifecycle.keptn.sh/KeptnTask/health.lua create mode 100644 resource_customizations/lifecycle.keptn.sh/KeptnTask/health_test.yaml create mode 100644 resource_customizations/lifecycle.keptn.sh/KeptnTask/testdata/degraded.yaml create mode 100644 resource_customizations/lifecycle.keptn.sh/KeptnTask/testdata/healthy.yaml create mode 100644 resource_customizations/lifecycle.keptn.sh/KeptnTask/testdata/progressing.yaml create mode 100644 resource_customizations/lifecycle.keptn.sh/KeptnWorkloadInstance/health.lua create mode 100644 resource_customizations/lifecycle.keptn.sh/KeptnWorkloadInstance/health_test.yaml create mode 100644 resource_customizations/lifecycle.keptn.sh/KeptnWorkloadInstance/testdata/degraded.yaml create mode 100644 resource_customizations/lifecycle.keptn.sh/KeptnWorkloadInstance/testdata/healthy.yaml create mode 100644 resource_customizations/lifecycle.keptn.sh/KeptnWorkloadInstance/testdata/progressing.yaml diff --git a/resource_customizations/lifecycle.keptn.sh/KeptnAppVersion/health.lua b/resource_customizations/lifecycle.keptn.sh/KeptnAppVersion/health.lua new file mode 100644 index 0000000000000..daf3168907672 --- /dev/null +++ b/resource_customizations/lifecycle.keptn.sh/KeptnAppVersion/health.lua @@ -0,0 +1,14 @@ +hs = {} +if obj.status.status == "Succeeded" then + hs.status = "Healthy" + hs.message = "KeptnAppVersion is healthy" + return hs +end +if obj.status.status == "Failed" then + hs.status = "Degraded" + hs.message = "KeptnAppVersion is degraded" + return hs +end +hs.status = "Progressing" +hs.message = "KeptnAppVersion is progressing" +return hs \ No newline at end of file diff --git a/resource_customizations/lifecycle.keptn.sh/KeptnAppVersion/health_test.yaml b/resource_customizations/lifecycle.keptn.sh/KeptnAppVersion/health_test.yaml new file mode 100644 index 0000000000000..67f34f18154b4 --- /dev/null +++ b/resource_customizations/lifecycle.keptn.sh/KeptnAppVersion/health_test.yaml @@ -0,0 +1,13 @@ +tests: + - healthStatus: + status: Progressing + message: "KeptnAppVersion is progressing" + inputPath: testdata/progressing.yaml + - healthStatus: + status: Degraded + message: "KeptnAppVersion is degraded" + inputPath: testdata/degraded.yaml + - healthStatus: + status: Healthy + message: "KeptnAppVersion is healthy" + inputPath: testdata/healthy.yaml \ No newline at end of file diff --git a/resource_customizations/lifecycle.keptn.sh/KeptnAppVersion/testdata/degraded.yaml b/resource_customizations/lifecycle.keptn.sh/KeptnAppVersion/testdata/degraded.yaml new file mode 100644 index 0000000000000..047325740e9c4 --- /dev/null +++ b/resource_customizations/lifecycle.keptn.sh/KeptnAppVersion/testdata/degraded.yaml @@ -0,0 +1,93 @@ +apiVersion: lifecycle.keptn.sh/v1alpha2 +kind: KeptnAppVersion +metadata: + annotations: + traceparent: 00-adc84f15413da737240dde75de2248fb-e3fcbc6fbdd05b1c-01 + creationTimestamp: "2022-12-14T13:17:36Z" + generation: 1 + name: podtato-head-0.1.1 + namespace: podtato-kubectl + ownerReferences: + - apiVersion: lifecycle.keptn.sh/v1alpha2 + blockOwnerDeletion: true + controller: true + kind: KeptnApp + name: podtato-head + uid: b0e9773a-3dc7-4639-a4bd-64c8bb3d33ab + resourceVersion: "226500" + uid: 9ae27184-c63d-4e50-bbc7-18e5e289e85c +spec: + appName: podtato-head + preDeploymentEvaluations: + - app-pre-deploy-eval-2 + revision: "1" + traceId: + traceparent: 00-ecdd1f5a7e1068ac9b0d044aa165ca4c-3777b2225e0d2dc3-01 + version: 0.1.1 + workloads: + - name: podtato-head-left-arm + version: 0.2.7 + - name: podtato-head-left-leg + version: 0.2.7 + - name: podtato-head-entry + version: 0.2.7 + - name: podtato-head-right-arm + version: 0.1.0 + - name: podtato-head-right-leg + version: 0.2.7 + - name: podtato-head-hat + version: 0.1.0 +status: + currentPhase: Completed + endTime: "2022-12-14T13:19:06Z" + phaseTraceIDs: + "": + traceparent: 00-ecdd1f5a7e1068ac9b0d044aa165ca4c-d566f50faad914b0-01 + AppDeploy: + traceparent: 00-ecdd1f5a7e1068ac9b0d044aa165ca4c-0ae50f2d844888ab-01 + AppPostDeployEvaluations: + traceparent: 00-ecdd1f5a7e1068ac9b0d044aa165ca4c-f3dd12be90fc6c55-01 + AppPostDeployTasks: + traceparent: 00-ecdd1f5a7e1068ac9b0d044aa165ca4c-0ebcfa51b9b3a08b-01 + AppPreDeployEvaluations: + traceparent: 00-ecdd1f5a7e1068ac9b0d044aa165ca4c-b5838bedd1703826-01 + AppPreDeployTasks: + traceparent: 00-ecdd1f5a7e1068ac9b0d044aa165ca4c-b1c3977a55236160-01 + postDeploymentEvaluationStatus: Succeeded + postDeploymentStatus: Succeeded + preDeploymentEvaluationStatus: Succeeded + preDeploymentEvaluationTaskStatus: + - endTime: "2022-12-14T13:17:41Z" + evaluationDefinitionName: app-pre-deploy-eval-2 + evaluationName: pre-eval-app-pre-deploy-eval-2-48925 + startTime: "2022-12-14T13:17:36Z" + status: Succeeded + preDeploymentStatus: Succeeded + startTime: "2022-12-14T13:17:36Z" + status: Failed + workloadOverallStatus: Failed + workloadStatus: + - status: Failed + workload: + name: podtato-head-left-arm + version: 0.2.7 + - status: Progressing + workload: + name: podtato-head-left-leg + version: 0.2.7 + - status: Succeeded + workload: + name: podtato-head-entry + version: 0.2.7 + - status: Succeeded + workload: + name: podtato-head-right-arm + version: 0.1.0 + - status: Succeeded + workload: + name: podtato-head-right-leg + version: 0.2.7 + - status: Succeeded + workload: + name: podtato-head-hat + version: 0.1.0 \ No newline at end of file diff --git a/resource_customizations/lifecycle.keptn.sh/KeptnAppVersion/testdata/healthy.yaml b/resource_customizations/lifecycle.keptn.sh/KeptnAppVersion/testdata/healthy.yaml new file mode 100644 index 0000000000000..214a2c2183bca --- /dev/null +++ b/resource_customizations/lifecycle.keptn.sh/KeptnAppVersion/testdata/healthy.yaml @@ -0,0 +1,93 @@ +apiVersion: lifecycle.keptn.sh/v1alpha2 +kind: KeptnAppVersion +metadata: + annotations: + traceparent: 00-adc84f15413da737240dde75de2248fb-e3fcbc6fbdd05b1c-01 + creationTimestamp: "2022-12-14T13:17:36Z" + generation: 1 + name: podtato-head-0.1.1 + namespace: podtato-kubectl + ownerReferences: + - apiVersion: lifecycle.keptn.sh/v1alpha2 + blockOwnerDeletion: true + controller: true + kind: KeptnApp + name: podtato-head + uid: b0e9773a-3dc7-4639-a4bd-64c8bb3d33ab + resourceVersion: "226500" + uid: 9ae27184-c63d-4e50-bbc7-18e5e289e85c +spec: + appName: podtato-head + preDeploymentEvaluations: + - app-pre-deploy-eval-2 + revision: "1" + traceId: + traceparent: 00-ecdd1f5a7e1068ac9b0d044aa165ca4c-3777b2225e0d2dc3-01 + version: 0.1.1 + workloads: + - name: podtato-head-left-arm + version: 0.2.7 + - name: podtato-head-left-leg + version: 0.2.7 + - name: podtato-head-entry + version: 0.2.7 + - name: podtato-head-right-arm + version: 0.1.0 + - name: podtato-head-right-leg + version: 0.2.7 + - name: podtato-head-hat + version: 0.1.0 +status: + currentPhase: Completed + endTime: "2022-12-14T13:19:06Z" + phaseTraceIDs: + "": + traceparent: 00-ecdd1f5a7e1068ac9b0d044aa165ca4c-d566f50faad914b0-01 + AppDeploy: + traceparent: 00-ecdd1f5a7e1068ac9b0d044aa165ca4c-0ae50f2d844888ab-01 + AppPostDeployEvaluations: + traceparent: 00-ecdd1f5a7e1068ac9b0d044aa165ca4c-f3dd12be90fc6c55-01 + AppPostDeployTasks: + traceparent: 00-ecdd1f5a7e1068ac9b0d044aa165ca4c-0ebcfa51b9b3a08b-01 + AppPreDeployEvaluations: + traceparent: 00-ecdd1f5a7e1068ac9b0d044aa165ca4c-b5838bedd1703826-01 + AppPreDeployTasks: + traceparent: 00-ecdd1f5a7e1068ac9b0d044aa165ca4c-b1c3977a55236160-01 + postDeploymentEvaluationStatus: Succeeded + postDeploymentStatus: Succeeded + preDeploymentEvaluationStatus: Succeeded + preDeploymentEvaluationTaskStatus: + - endTime: "2022-12-14T13:17:41Z" + evaluationDefinitionName: app-pre-deploy-eval-2 + evaluationName: pre-eval-app-pre-deploy-eval-2-48925 + startTime: "2022-12-14T13:17:36Z" + status: Succeeded + preDeploymentStatus: Succeeded + startTime: "2022-12-14T13:17:36Z" + status: Succeeded + workloadOverallStatus: Succeeded + workloadStatus: + - status: Succeeded + workload: + name: podtato-head-left-arm + version: 0.2.7 + - status: Succeeded + workload: + name: podtato-head-left-leg + version: 0.2.7 + - status: Succeeded + workload: + name: podtato-head-entry + version: 0.2.7 + - status: Succeeded + workload: + name: podtato-head-right-arm + version: 0.1.0 + - status: Succeeded + workload: + name: podtato-head-right-leg + version: 0.2.7 + - status: Succeeded + workload: + name: podtato-head-hat + version: 0.1.0 \ No newline at end of file diff --git a/resource_customizations/lifecycle.keptn.sh/KeptnAppVersion/testdata/progressing.yaml b/resource_customizations/lifecycle.keptn.sh/KeptnAppVersion/testdata/progressing.yaml new file mode 100644 index 0000000000000..c9b80e7f6dae2 --- /dev/null +++ b/resource_customizations/lifecycle.keptn.sh/KeptnAppVersion/testdata/progressing.yaml @@ -0,0 +1,93 @@ +apiVersion: lifecycle.keptn.sh/v1alpha2 +kind: KeptnAppVersion +metadata: + annotations: + traceparent: 00-adc84f15413da737240dde75de2248fb-e3fcbc6fbdd05b1c-01 + creationTimestamp: "2022-12-14T13:17:36Z" + generation: 1 + name: podtato-head-0.1.1 + namespace: podtato-kubectl + ownerReferences: + - apiVersion: lifecycle.keptn.sh/v1alpha2 + blockOwnerDeletion: true + controller: true + kind: KeptnApp + name: podtato-head + uid: b0e9773a-3dc7-4639-a4bd-64c8bb3d33ab + resourceVersion: "226500" + uid: 9ae27184-c63d-4e50-bbc7-18e5e289e85c +spec: + appName: podtato-head + preDeploymentEvaluations: + - app-pre-deploy-eval-2 + revision: "1" + traceId: + traceparent: 00-ecdd1f5a7e1068ac9b0d044aa165ca4c-3777b2225e0d2dc3-01 + version: 0.1.1 + workloads: + - name: podtato-head-left-arm + version: 0.2.7 + - name: podtato-head-left-leg + version: 0.2.7 + - name: podtato-head-entry + version: 0.2.7 + - name: podtato-head-right-arm + version: 0.1.0 + - name: podtato-head-right-leg + version: 0.2.7 + - name: podtato-head-hat + version: 0.1.0 +status: + currentPhase: Completed + endTime: "2022-12-14T13:19:06Z" + phaseTraceIDs: + "": + traceparent: 00-ecdd1f5a7e1068ac9b0d044aa165ca4c-d566f50faad914b0-01 + AppDeploy: + traceparent: 00-ecdd1f5a7e1068ac9b0d044aa165ca4c-0ae50f2d844888ab-01 + AppPostDeployEvaluations: + traceparent: 00-ecdd1f5a7e1068ac9b0d044aa165ca4c-f3dd12be90fc6c55-01 + AppPostDeployTasks: + traceparent: 00-ecdd1f5a7e1068ac9b0d044aa165ca4c-0ebcfa51b9b3a08b-01 + AppPreDeployEvaluations: + traceparent: 00-ecdd1f5a7e1068ac9b0d044aa165ca4c-b5838bedd1703826-01 + AppPreDeployTasks: + traceparent: 00-ecdd1f5a7e1068ac9b0d044aa165ca4c-b1c3977a55236160-01 + postDeploymentEvaluationStatus: Succeeded + postDeploymentStatus: Succeeded + preDeploymentEvaluationStatus: Succeeded + preDeploymentEvaluationTaskStatus: + - endTime: "2022-12-14T13:17:41Z" + evaluationDefinitionName: app-pre-deploy-eval-2 + evaluationName: pre-eval-app-pre-deploy-eval-2-48925 + startTime: "2022-12-14T13:17:36Z" + status: Succeeded + preDeploymentStatus: Succeeded + startTime: "2022-12-14T13:17:36Z" + status: Progressing + workloadOverallStatus: Progressing + workloadStatus: + - status: Progressing + workload: + name: podtato-head-left-arm + version: 0.2.7 + - status: Succeeded + workload: + name: podtato-head-left-leg + version: 0.2.7 + - status: Succeeded + workload: + name: podtato-head-entry + version: 0.2.7 + - status: Succeeded + workload: + name: podtato-head-right-arm + version: 0.1.0 + - status: Succeeded + workload: + name: podtato-head-right-leg + version: 0.2.7 + - status: Succeeded + workload: + name: podtato-head-hat + version: 0.1.0 \ No newline at end of file diff --git a/resource_customizations/lifecycle.keptn.sh/KeptnEvaluation/health.lua b/resource_customizations/lifecycle.keptn.sh/KeptnEvaluation/health.lua new file mode 100644 index 0000000000000..2ea65e96736f2 --- /dev/null +++ b/resource_customizations/lifecycle.keptn.sh/KeptnEvaluation/health.lua @@ -0,0 +1,14 @@ +hs = {} +if obj.status.overallStatus == "Succeeded" then + hs.status = "Healthy" + hs.message = "KeptnEvaluation is healthy" + return hs +end +if obj.status.overallStatus == "Failed" then + hs.status = "Degraded" + hs.message = "KeptnEvaluation is degraded" + return hs +end +hs.status = "Progressing" +hs.message = "KeptnEvaluation is progressing" +return hs \ No newline at end of file diff --git a/resource_customizations/lifecycle.keptn.sh/KeptnEvaluation/health_test.yaml b/resource_customizations/lifecycle.keptn.sh/KeptnEvaluation/health_test.yaml new file mode 100644 index 0000000000000..dd0378efbdc6d --- /dev/null +++ b/resource_customizations/lifecycle.keptn.sh/KeptnEvaluation/health_test.yaml @@ -0,0 +1,13 @@ +tests: + - healthStatus: + status: Progressing + message: "KeptnEvaluation is progressing" + inputPath: testdata/progressing.yaml + - healthStatus: + status: Degraded + message: "KeptnEvaluation is degraded" + inputPath: testdata/degraded.yaml + - healthStatus: + status: Healthy + message: "KeptnEvaluation is healthy" + inputPath: testdata/healthy.yaml \ No newline at end of file diff --git a/resource_customizations/lifecycle.keptn.sh/KeptnEvaluation/testdata/degraded.yaml b/resource_customizations/lifecycle.keptn.sh/KeptnEvaluation/testdata/degraded.yaml new file mode 100644 index 0000000000000..3054376c411bb --- /dev/null +++ b/resource_customizations/lifecycle.keptn.sh/KeptnEvaluation/testdata/degraded.yaml @@ -0,0 +1,33 @@ +apiVersion: lifecycle.keptn.sh/v1alpha2 +kind: KeptnEvaluation +metadata: + creationTimestamp: "2022-12-14T13:17:36Z" + generation: 1 + name: pre-eval-app-pre-deploy-eval-2-48925 + namespace: podtato-kubectl + ownerReferences: + - apiVersion: lifecycle.keptn.sh/v1alpha2 + blockOwnerDeletion: true + controller: true + kind: KeptnAppVersion + name: podtato-head-0.1.1 + uid: 9ae27184-c63d-4e50-bbc7-18e5e289e85c + resourceVersion: "225737" + uid: 84acabb8-9dca-46ab-b099-4799a732ba43 +spec: + appName: podtato-head + appVersion: 0.1.1 + checkType: pre-eval + evaluationDefinition: app-pre-deploy-eval-2 + retries: 10 + retryInterval: 5s + workloadVersion: "" +status: + endTime: "2022-12-14T13:17:36Z" + evaluationStatus: + available-cpus: + status: Failed + value: "0.25" + overallStatus: Failed + retryCount: 1 + startTime: "2022-12-14T13:17:36Z" \ No newline at end of file diff --git a/resource_customizations/lifecycle.keptn.sh/KeptnEvaluation/testdata/healthy.yaml b/resource_customizations/lifecycle.keptn.sh/KeptnEvaluation/testdata/healthy.yaml new file mode 100644 index 0000000000000..8c74e31c28a51 --- /dev/null +++ b/resource_customizations/lifecycle.keptn.sh/KeptnEvaluation/testdata/healthy.yaml @@ -0,0 +1,33 @@ +apiVersion: lifecycle.keptn.sh/v1alpha2 +kind: KeptnEvaluation +metadata: + creationTimestamp: "2022-12-14T13:17:36Z" + generation: 1 + name: pre-eval-app-pre-deploy-eval-2-48925 + namespace: podtato-kubectl + ownerReferences: + - apiVersion: lifecycle.keptn.sh/v1alpha2 + blockOwnerDeletion: true + controller: true + kind: KeptnAppVersion + name: podtato-head-0.1.1 + uid: 9ae27184-c63d-4e50-bbc7-18e5e289e85c + resourceVersion: "225737" + uid: 84acabb8-9dca-46ab-b099-4799a732ba43 +spec: + appName: podtato-head + appVersion: 0.1.1 + checkType: pre-eval + evaluationDefinition: app-pre-deploy-eval-2 + retries: 10 + retryInterval: 5s + workloadVersion: "" +status: + endTime: "2022-12-14T13:17:36Z" + evaluationStatus: + available-cpus: + status: Succeeded + value: "1.3100000000000005" + overallStatus: Succeeded + retryCount: 1 + startTime: "2022-12-14T13:17:36Z" \ No newline at end of file diff --git a/resource_customizations/lifecycle.keptn.sh/KeptnEvaluation/testdata/progressing.yaml b/resource_customizations/lifecycle.keptn.sh/KeptnEvaluation/testdata/progressing.yaml new file mode 100644 index 0000000000000..ba504061f9390 --- /dev/null +++ b/resource_customizations/lifecycle.keptn.sh/KeptnEvaluation/testdata/progressing.yaml @@ -0,0 +1,33 @@ +apiVersion: lifecycle.keptn.sh/v1alpha2 +kind: KeptnEvaluation +metadata: + creationTimestamp: "2022-12-14T13:17:36Z" + generation: 1 + name: pre-eval-app-pre-deploy-eval-2-48925 + namespace: podtato-kubectl + ownerReferences: + - apiVersion: lifecycle.keptn.sh/v1alpha2 + blockOwnerDeletion: true + controller: true + kind: KeptnAppVersion + name: podtato-head-0.1.1 + uid: 9ae27184-c63d-4e50-bbc7-18e5e289e85c + resourceVersion: "225737" + uid: 84acabb8-9dca-46ab-b099-4799a732ba43 +spec: + appName: podtato-head + appVersion: 0.1.1 + checkType: pre-eval + evaluationDefinition: app-pre-deploy-eval-2 + retries: 10 + retryInterval: 5s + workloadVersion: "" +status: + endTime: "2022-12-14T13:17:36Z" + evaluationStatus: + available-cpus: + status: Progressing + value: "" + overallStatus: Progressing + retryCount: 1 + startTime: "2022-12-14T13:17:36Z" \ No newline at end of file diff --git a/resource_customizations/lifecycle.keptn.sh/KeptnTask/health.lua b/resource_customizations/lifecycle.keptn.sh/KeptnTask/health.lua new file mode 100644 index 0000000000000..e22de12347391 --- /dev/null +++ b/resource_customizations/lifecycle.keptn.sh/KeptnTask/health.lua @@ -0,0 +1,14 @@ +hs = {} +if obj.status.status == "Succeeded" then + hs.status = "Healthy" + hs.message = "KeptnTask is healthy" + return hs +end +if obj.status.status == "Failed" then + hs.status = "Degraded" + hs.message = "KeptnTask is degraded" + return hs +end +hs.status = "Progressing" +hs.message = "KeptnTask is progressing" +return hs \ No newline at end of file diff --git a/resource_customizations/lifecycle.keptn.sh/KeptnTask/health_test.yaml b/resource_customizations/lifecycle.keptn.sh/KeptnTask/health_test.yaml new file mode 100644 index 0000000000000..3d07164a65a1c --- /dev/null +++ b/resource_customizations/lifecycle.keptn.sh/KeptnTask/health_test.yaml @@ -0,0 +1,13 @@ +tests: + - healthStatus: + status: Progressing + message: "KeptnTask is progressing" + inputPath: testdata/progressing.yaml + - healthStatus: + status: Degraded + message: "KeptnTask is degraded" + inputPath: testdata/degraded.yaml + - healthStatus: + status: Healthy + message: "KeptnTask is healthy" + inputPath: testdata/healthy.yaml \ No newline at end of file diff --git a/resource_customizations/lifecycle.keptn.sh/KeptnTask/testdata/degraded.yaml b/resource_customizations/lifecycle.keptn.sh/KeptnTask/testdata/degraded.yaml new file mode 100644 index 0000000000000..4055a56f702de --- /dev/null +++ b/resource_customizations/lifecycle.keptn.sh/KeptnTask/testdata/degraded.yaml @@ -0,0 +1,36 @@ +apiVersion: lifecycle.keptn.sh/v1alpha2 +kind: KeptnTask +metadata: + creationTimestamp: "2022-12-14T13:17:56Z" + generation: 1 + name: pre-pre-deployment-check-entry-31363 + namespace: podtato-kubectl + ownerReferences: + - apiVersion: lifecycle.keptn.sh/v1alpha2 + blockOwnerDeletion: true + controller: true + kind: KeptnWorkloadInstance + name: podtato-head-podtato-head-left-leg-0.2.7 + uid: 1376ab23-43d7-4304-89b3-1eea3a895a2d + resourceVersion: "226304" + uid: 2e89a2e6-44ba-47ed-8800-c0194e549ee0 +spec: + app: podtato-head + appVersion: "" + checkType: pre + context: + appName: "" + appVersion: "" + objectType: "" + taskType: "" + workloadName: "" + workloadVersion: "" + parameters: {} + secureParameters: {} + taskDefinition: pre-deployment-check-entry + workload: podtato-head-podtato-head-left-leg + workloadVersion: 0.2.7 +status: + jobName: klc-pre-pre-deployment-check--44910 + startTime: "2022-12-14T13:17:56Z" + status: Failed \ No newline at end of file diff --git a/resource_customizations/lifecycle.keptn.sh/KeptnTask/testdata/healthy.yaml b/resource_customizations/lifecycle.keptn.sh/KeptnTask/testdata/healthy.yaml new file mode 100644 index 0000000000000..4939df9ae329b --- /dev/null +++ b/resource_customizations/lifecycle.keptn.sh/KeptnTask/testdata/healthy.yaml @@ -0,0 +1,37 @@ +apiVersion: lifecycle.keptn.sh/v1alpha2 +kind: KeptnTask +metadata: + creationTimestamp: "2022-12-14T13:17:56Z" + generation: 1 + name: pre-pre-deployment-check-entry-31363 + namespace: podtato-kubectl + ownerReferences: + - apiVersion: lifecycle.keptn.sh/v1alpha2 + blockOwnerDeletion: true + controller: true + kind: KeptnWorkloadInstance + name: podtato-head-podtato-head-left-leg-0.2.7 + uid: 1376ab23-43d7-4304-89b3-1eea3a895a2d + resourceVersion: "226304" + uid: 2e89a2e6-44ba-47ed-8800-c0194e549ee0 +spec: + app: podtato-head + appVersion: "" + checkType: pre + context: + appName: "" + appVersion: "" + objectType: "" + taskType: "" + workloadName: "" + workloadVersion: "" + parameters: {} + secureParameters: {} + taskDefinition: pre-deployment-check-entry + workload: podtato-head-podtato-head-left-leg + workloadVersion: 0.2.7 +status: + endTime: "2022-12-14T13:18:46Z" + jobName: klc-pre-pre-deployment-check--44910 + startTime: "2022-12-14T13:17:56Z" + status: Succeeded \ No newline at end of file diff --git a/resource_customizations/lifecycle.keptn.sh/KeptnTask/testdata/progressing.yaml b/resource_customizations/lifecycle.keptn.sh/KeptnTask/testdata/progressing.yaml new file mode 100644 index 0000000000000..342365cca07a1 --- /dev/null +++ b/resource_customizations/lifecycle.keptn.sh/KeptnTask/testdata/progressing.yaml @@ -0,0 +1,36 @@ +apiVersion: lifecycle.keptn.sh/v1alpha2 +kind: KeptnTask +metadata: + creationTimestamp: "2022-12-14T13:17:56Z" + generation: 1 + name: pre-pre-deployment-check-entry-31363 + namespace: podtato-kubectl + ownerReferences: + - apiVersion: lifecycle.keptn.sh/v1alpha2 + blockOwnerDeletion: true + controller: true + kind: KeptnWorkloadInstance + name: podtato-head-podtato-head-left-leg-0.2.7 + uid: 1376ab23-43d7-4304-89b3-1eea3a895a2d + resourceVersion: "226304" + uid: 2e89a2e6-44ba-47ed-8800-c0194e549ee0 +spec: + app: podtato-head + appVersion: "" + checkType: pre + context: + appName: "" + appVersion: "" + objectType: "" + taskType: "" + workloadName: "" + workloadVersion: "" + parameters: {} + secureParameters: {} + taskDefinition: pre-deployment-check-entry + workload: podtato-head-podtato-head-left-leg + workloadVersion: 0.2.7 +status: + jobName: klc-pre-pre-deployment-check--44910 + startTime: "2022-12-14T13:17:56Z" + status: Progressing \ No newline at end of file diff --git a/resource_customizations/lifecycle.keptn.sh/KeptnWorkloadInstance/health.lua b/resource_customizations/lifecycle.keptn.sh/KeptnWorkloadInstance/health.lua new file mode 100644 index 0000000000000..64002013a273f --- /dev/null +++ b/resource_customizations/lifecycle.keptn.sh/KeptnWorkloadInstance/health.lua @@ -0,0 +1,14 @@ +hs = {} +if obj.status.status == "Succeeded" then + hs.status = "Healthy" + hs.message = "KeptnWorkloadInstance is healthy" + return hs +end +if obj.status.status == "Failed" then + hs.status = "Degraded" + hs.message = "KeptnWorkloadInstance is degraded" + return hs +end +hs.status = "Progressing" +hs.message = "KeptnWorkloadInstance is progressing" +return hs \ No newline at end of file diff --git a/resource_customizations/lifecycle.keptn.sh/KeptnWorkloadInstance/health_test.yaml b/resource_customizations/lifecycle.keptn.sh/KeptnWorkloadInstance/health_test.yaml new file mode 100644 index 0000000000000..f27bad67965e9 --- /dev/null +++ b/resource_customizations/lifecycle.keptn.sh/KeptnWorkloadInstance/health_test.yaml @@ -0,0 +1,13 @@ +tests: + - healthStatus: + status: Progressing + message: "KeptnWorkloadInstance is progressing" + inputPath: testdata/progressing.yaml + - healthStatus: + status: Degraded + message: "KeptnWorkloadInstance is degraded" + inputPath: testdata/degraded.yaml + - healthStatus: + status: Healthy + message: "KeptnWorkloadInstance is healthy" + inputPath: testdata/healthy.yaml \ No newline at end of file diff --git a/resource_customizations/lifecycle.keptn.sh/KeptnWorkloadInstance/testdata/degraded.yaml b/resource_customizations/lifecycle.keptn.sh/KeptnWorkloadInstance/testdata/degraded.yaml new file mode 100644 index 0000000000000..324e4e011802c --- /dev/null +++ b/resource_customizations/lifecycle.keptn.sh/KeptnWorkloadInstance/testdata/degraded.yaml @@ -0,0 +1,50 @@ +apiVersion: lifecycle.keptn.sh/v1alpha2 +kind: KeptnWorkloadInstance +metadata: + annotations: + traceparent: 00-5050e556a9aaf22814aa689d0518f4d3-cbcff966a6d32c39-01 + creationTimestamp: "2022-12-14T13:17:36Z" + generation: 2 + name: podtato-head-podtato-head-entry-0.2.7 + namespace: podtato-kubectl + ownerReferences: + - apiVersion: lifecycle.keptn.sh/v1alpha2 + blockOwnerDeletion: true + controller: true + kind: KeptnWorkload + name: podtato-head-podtato-head-entry + uid: dcafe814-7f9d-4d50-9a66-f61c81bfe764 + resourceVersion: "226253" + uid: 6987404b-c7b9-40f5-95e9-d5aad55a3f3b +spec: + app: podtato-head + resourceReference: + kind: ReplicaSet + name: podtato-head-entry-6fc8964846 + uid: 2b6e44bf-27e3-4305-a9fb-65d2f412936b + traceId: + traceparent: 00-ecdd1f5a7e1068ac9b0d044aa165ca4c-0ae50f2d844888ab-01 + version: 0.2.7 + workloadName: podtato-head-podtato-head-entry +status: + currentPhase: PreDeployTasks + deploymentStatus: Succeeded + phaseTraceIDs: + "": + traceparent: 00-ecdd1f5a7e1068ac9b0d044aa165ca4c-ca249d3f6e024547-01 + WorkloadDeploy: + traceparent: 00-ecdd1f5a7e1068ac9b0d044aa165ca4c-3be53185e6024eb4-01 + WorkloadPostDeployEvaluations: + traceparent: 00-ecdd1f5a7e1068ac9b0d044aa165ca4c-0dc305a08a0ccf14-01 + WorkloadPostDeployTasks: + traceparent: 00-ecdd1f5a7e1068ac9b0d044aa165ca4c-4c7cf78cbbc40e14-01 + WorkloadPreDeployEvaluations: + traceparent: 00-ecdd1f5a7e1068ac9b0d044aa165ca4c-5eed0ec5420cfc89-01 + WorkloadPreDeployTasks: + traceparent: 00-ecdd1f5a7e1068ac9b0d044aa165ca4c-bef05615fc0138ac-01 + postDeploymentEvaluationStatus: Progressing + postDeploymentStatus: Progressing + preDeploymentEvaluationStatus: Failed + preDeploymentStatus: Failed + startTime: "2022-12-14T13:17:57Z" + status: Failed \ No newline at end of file diff --git a/resource_customizations/lifecycle.keptn.sh/KeptnWorkloadInstance/testdata/healthy.yaml b/resource_customizations/lifecycle.keptn.sh/KeptnWorkloadInstance/testdata/healthy.yaml new file mode 100644 index 0000000000000..491501ac33ca2 --- /dev/null +++ b/resource_customizations/lifecycle.keptn.sh/KeptnWorkloadInstance/testdata/healthy.yaml @@ -0,0 +1,51 @@ +apiVersion: lifecycle.keptn.sh/v1alpha2 +kind: KeptnWorkloadInstance +metadata: + annotations: + traceparent: 00-5050e556a9aaf22814aa689d0518f4d3-cbcff966a6d32c39-01 + creationTimestamp: "2022-12-14T13:17:36Z" + generation: 2 + name: podtato-head-podtato-head-entry-0.2.7 + namespace: podtato-kubectl + ownerReferences: + - apiVersion: lifecycle.keptn.sh/v1alpha2 + blockOwnerDeletion: true + controller: true + kind: KeptnWorkload + name: podtato-head-podtato-head-entry + uid: dcafe814-7f9d-4d50-9a66-f61c81bfe764 + resourceVersion: "226253" + uid: 6987404b-c7b9-40f5-95e9-d5aad55a3f3b +spec: + app: podtato-head + resourceReference: + kind: ReplicaSet + name: podtato-head-entry-6fc8964846 + uid: 2b6e44bf-27e3-4305-a9fb-65d2f412936b + traceId: + traceparent: 00-ecdd1f5a7e1068ac9b0d044aa165ca4c-0ae50f2d844888ab-01 + version: 0.2.7 + workloadName: podtato-head-podtato-head-entry +status: + currentPhase: Completed + deploymentStatus: Succeeded + endTime: "2022-12-14T13:18:41Z" + phaseTraceIDs: + "": + traceparent: 00-ecdd1f5a7e1068ac9b0d044aa165ca4c-ca249d3f6e024547-01 + WorkloadDeploy: + traceparent: 00-ecdd1f5a7e1068ac9b0d044aa165ca4c-3be53185e6024eb4-01 + WorkloadPostDeployEvaluations: + traceparent: 00-ecdd1f5a7e1068ac9b0d044aa165ca4c-0dc305a08a0ccf14-01 + WorkloadPostDeployTasks: + traceparent: 00-ecdd1f5a7e1068ac9b0d044aa165ca4c-4c7cf78cbbc40e14-01 + WorkloadPreDeployEvaluations: + traceparent: 00-ecdd1f5a7e1068ac9b0d044aa165ca4c-5eed0ec5420cfc89-01 + WorkloadPreDeployTasks: + traceparent: 00-ecdd1f5a7e1068ac9b0d044aa165ca4c-bef05615fc0138ac-01 + postDeploymentEvaluationStatus: Succeeded + postDeploymentStatus: Succeeded + preDeploymentEvaluationStatus: Succeeded + preDeploymentStatus: Succeeded + startTime: "2022-12-14T13:17:57Z" + status: Succeeded \ No newline at end of file diff --git a/resource_customizations/lifecycle.keptn.sh/KeptnWorkloadInstance/testdata/progressing.yaml b/resource_customizations/lifecycle.keptn.sh/KeptnWorkloadInstance/testdata/progressing.yaml new file mode 100644 index 0000000000000..b263c95f9299e --- /dev/null +++ b/resource_customizations/lifecycle.keptn.sh/KeptnWorkloadInstance/testdata/progressing.yaml @@ -0,0 +1,50 @@ +apiVersion: lifecycle.keptn.sh/v1alpha2 +kind: KeptnWorkloadInstance +metadata: + annotations: + traceparent: 00-5050e556a9aaf22814aa689d0518f4d3-cbcff966a6d32c39-01 + creationTimestamp: "2022-12-14T13:17:36Z" + generation: 2 + name: podtato-head-podtato-head-entry-0.2.7 + namespace: podtato-kubectl + ownerReferences: + - apiVersion: lifecycle.keptn.sh/v1alpha2 + blockOwnerDeletion: true + controller: true + kind: KeptnWorkload + name: podtato-head-podtato-head-entry + uid: dcafe814-7f9d-4d50-9a66-f61c81bfe764 + resourceVersion: "226253" + uid: 6987404b-c7b9-40f5-95e9-d5aad55a3f3b +spec: + app: podtato-head + resourceReference: + kind: ReplicaSet + name: podtato-head-entry-6fc8964846 + uid: 2b6e44bf-27e3-4305-a9fb-65d2f412936b + traceId: + traceparent: 00-ecdd1f5a7e1068ac9b0d044aa165ca4c-0ae50f2d844888ab-01 + version: 0.2.7 + workloadName: podtato-head-podtato-head-entry +status: + currentPhase: Completed + deploymentStatus: Succeeded + phaseTraceIDs: + "": + traceparent: 00-ecdd1f5a7e1068ac9b0d044aa165ca4c-ca249d3f6e024547-01 + WorkloadDeploy: + traceparent: 00-ecdd1f5a7e1068ac9b0d044aa165ca4c-3be53185e6024eb4-01 + WorkloadPostDeployEvaluations: + traceparent: 00-ecdd1f5a7e1068ac9b0d044aa165ca4c-0dc305a08a0ccf14-01 + WorkloadPostDeployTasks: + traceparent: 00-ecdd1f5a7e1068ac9b0d044aa165ca4c-4c7cf78cbbc40e14-01 + WorkloadPreDeployEvaluations: + traceparent: 00-ecdd1f5a7e1068ac9b0d044aa165ca4c-5eed0ec5420cfc89-01 + WorkloadPreDeployTasks: + traceparent: 00-ecdd1f5a7e1068ac9b0d044aa165ca4c-bef05615fc0138ac-01 + postDeploymentEvaluationStatus: Progressing + postDeploymentStatus: Progressing + preDeploymentEvaluationStatus: Succeeded + preDeploymentStatus: Succeeded + startTime: "2022-12-14T13:17:57Z" + status: Progressing \ No newline at end of file From 05a9e7e4dc0673df4412c98e009f146c471085f0 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 19 Dec 2022 08:45:29 -0500 Subject: [PATCH 201/304] [Bot] Update Snyk reports (#11748) Signed-off-by: CI Signed-off-by: CI Co-authored-by: CI Signed-off-by: emirot --- docs/snyk/master/argocd-iac-install.html | 66 +++++++++---------- .../master/argocd-iac-namespace-install.html | 2 +- docs/snyk/master/argocd-test.html | 2 +- .../master/ghcr.io_dexidp_dex_v2.35.3.html | 2 +- docs/snyk/master/haproxy_2.6.2-alpine.html | 2 +- .../quay.io_argoproj_argocd_latest.html | 2 +- docs/snyk/master/redis_7.0.5-alpine.html | 2 +- docs/snyk/v2.3.12/argocd-iac-install.html | 2 +- .../v2.3.12/argocd-iac-namespace-install.html | 2 +- docs/snyk/v2.3.12/argocd-test.html | 2 +- .../v2.3.12/ghcr.io_dexidp_dex_v2.35.3.html | 2 +- docs/snyk/v2.3.12/haproxy_2.0.29-alpine.html | 2 +- ...argoproj_argocd-applicationset_v0.4.1.html | 2 +- .../quay.io_argoproj_argocd_v2.3.12.html | 2 +- docs/snyk/v2.3.12/redis_6.2.7-alpine.html | 2 +- docs/snyk/v2.4.18/argocd-iac-install.html | 2 +- .../v2.4.18/argocd-iac-namespace-install.html | 2 +- docs/snyk/v2.4.18/argocd-test.html | 2 +- .../v2.4.18/ghcr.io_dexidp_dex_v2.35.3.html | 2 +- docs/snyk/v2.4.18/haproxy_2.0.29-alpine.html | 2 +- .../quay.io_argoproj_argocd_v2.4.18.html | 2 +- docs/snyk/v2.4.18/redis_7.0.4-alpine.html | 2 +- docs/snyk/v2.5.5/argocd-iac-install.html | 2 +- .../v2.5.5/argocd-iac-namespace-install.html | 2 +- docs/snyk/v2.5.5/argocd-test.html | 2 +- .../v2.5.5/ghcr.io_dexidp_dex_v2.35.3.html | 2 +- docs/snyk/v2.5.5/haproxy_2.6.2-alpine.html | 2 +- .../quay.io_argoproj_argocd_v2.5.5.html | 2 +- docs/snyk/v2.5.5/redis_7.0.5-alpine.html | 2 +- 29 files changed, 61 insertions(+), 61 deletions(-) diff --git a/docs/snyk/master/argocd-iac-install.html b/docs/snyk/master/argocd-iac-install.html index 3c702ae73a22b..64dcb9d74814a 100644 --- a/docs/snyk/master/argocd-iac-install.html +++ b/docs/snyk/master/argocd-iac-install.html @@ -456,7 +456,7 @@

      Snyk test report

      -

      December 16th 2022, 9:18:26 pm

      +

      December 18th 2022, 12:16:18 am

      Scanned the following path: @@ -507,7 +507,7 @@

      Role with dangerous permissions

    • - Line number: 15131 + Line number: 15180
    @@ -553,7 +553,7 @@

    Role with dangerous permissions

  • - Line number: 15208 + Line number: 15257
    • @@ -599,7 +599,7 @@

    Role with dangerous permissions

  • - Line number: 15236 + Line number: 15285
    • @@ -645,7 +645,7 @@

    Role with dangerous permissions

  • - Line number: 15280 + Line number: 15329
    • @@ -691,7 +691,7 @@

    Role with dangerous permissions

  • - Line number: 15262 + Line number: 15311
    • @@ -737,7 +737,7 @@

    Role with dangerous permissions

  • - Line number: 15296 + Line number: 15345
    • @@ -789,7 +789,7 @@

    Container could be running with outdated image

  • - Line number: 16294 + Line number: 16343
    • @@ -847,7 +847,7 @@

    Container has no CPU limit

  • - Line number: 15763 + Line number: 15812
    • @@ -905,7 +905,7 @@

    Container has no CPU limit

  • - Line number: 15930 + Line number: 15979
    • @@ -963,7 +963,7 @@

    Container has no CPU limit

  • - Line number: 15896 + Line number: 15945
    • @@ -1021,7 +1021,7 @@

    Container has no CPU limit

  • - Line number: 15986 + Line number: 16035
    • @@ -1079,7 +1079,7 @@

    Container has no CPU limit

  • - Line number: 16060 + Line number: 16109
    • @@ -1137,7 +1137,7 @@

    Container has no CPU limit

  • - Line number: 16294 + Line number: 16343
    • @@ -1195,7 +1195,7 @@

    Container has no CPU limit

  • - Line number: 16116 + Line number: 16165
    • @@ -1253,7 +1253,7 @@

    Container has no CPU limit

  • - Line number: 16379 + Line number: 16428
    • @@ -1311,7 +1311,7 @@

    Container has no CPU limit

  • - Line number: 16683 + Line number: 16732
    • @@ -1363,7 +1363,7 @@

    Container is running with multiple open ports

  • - Line number: 15910 + Line number: 15959
    • @@ -1419,7 +1419,7 @@

    Container is running with writable root filesystem

  • - Line number: 16070 + Line number: 16119
    • @@ -1471,7 +1471,7 @@

    Container is running without liveness probe

  • - Line number: 15763 + Line number: 15812
    • @@ -1523,7 +1523,7 @@

    Container is running without liveness probe

  • - Line number: 15896 + Line number: 15945
    • @@ -1575,7 +1575,7 @@

    Container is running without liveness probe

  • - Line number: 15930 + Line number: 15979
    • @@ -1627,7 +1627,7 @@

    Container is running without liveness probe

  • - Line number: 16060 + Line number: 16109
    • @@ -1679,7 +1679,7 @@

    Container is running without liveness probe

  • - Line number: 16294 + Line number: 16343
    • @@ -1737,7 +1737,7 @@

    Container is running without memory limit

  • - Line number: 15763 + Line number: 15812
    • @@ -1795,7 +1795,7 @@

    Container is running without memory limit

  • - Line number: 15896 + Line number: 15945
    • @@ -1853,7 +1853,7 @@

    Container is running without memory limit

  • - Line number: 15930 + Line number: 15979
    • @@ -1911,7 +1911,7 @@

    Container is running without memory limit

  • - Line number: 15986 + Line number: 16035
    • @@ -1969,7 +1969,7 @@

    Container is running without memory limit

  • - Line number: 16060 + Line number: 16109
    • @@ -2027,7 +2027,7 @@

    Container is running without memory limit

  • - Line number: 16294 + Line number: 16343
    • @@ -2085,7 +2085,7 @@

    Container is running without memory limit

  • - Line number: 16116 + Line number: 16165
    • @@ -2143,7 +2143,7 @@

    Container is running without memory limit

  • - Line number: 16379 + Line number: 16428
    • @@ -2201,7 +2201,7 @@

    Container is running without memory limit

  • - Line number: 16683 + Line number: 16732
    • diff --git a/docs/snyk/master/argocd-iac-namespace-install.html b/docs/snyk/master/argocd-iac-namespace-install.html index 8426716cc565b..56e020c6e7705 100644 --- a/docs/snyk/master/argocd-iac-namespace-install.html +++ b/docs/snyk/master/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    December 16th 2022, 9:18:34 pm

    +

    December 18th 2022, 12:16:27 am

    Scanned the following path: diff --git a/docs/snyk/master/argocd-test.html b/docs/snyk/master/argocd-test.html index ccc0f395b46d0..3c7659dcb6be6 100644 --- a/docs/snyk/master/argocd-test.html +++ b/docs/snyk/master/argocd-test.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    December 16th 2022, 9:16:22 pm

    +

    December 18th 2022, 12:14:08 am

    Scanned the following paths: diff --git a/docs/snyk/master/ghcr.io_dexidp_dex_v2.35.3.html b/docs/snyk/master/ghcr.io_dexidp_dex_v2.35.3.html index e019f47a34679..0aa0589ba7fc4 100644 --- a/docs/snyk/master/ghcr.io_dexidp_dex_v2.35.3.html +++ b/docs/snyk/master/ghcr.io_dexidp_dex_v2.35.3.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    December 16th 2022, 9:16:31 pm

    +

    December 18th 2022, 12:14:17 am

    Scanned the following path: diff --git a/docs/snyk/master/haproxy_2.6.2-alpine.html b/docs/snyk/master/haproxy_2.6.2-alpine.html index 250dd734e2a59..f3dd5b08945c9 100644 --- a/docs/snyk/master/haproxy_2.6.2-alpine.html +++ b/docs/snyk/master/haproxy_2.6.2-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    December 16th 2022, 9:16:36 pm

    +

    December 18th 2022, 12:14:22 am

    Scanned the following path: diff --git a/docs/snyk/master/quay.io_argoproj_argocd_latest.html b/docs/snyk/master/quay.io_argoproj_argocd_latest.html index ef6b46f3e38d7..b47b792e50970 100644 --- a/docs/snyk/master/quay.io_argoproj_argocd_latest.html +++ b/docs/snyk/master/quay.io_argoproj_argocd_latest.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    December 16th 2022, 9:17:01 pm

    +

    December 18th 2022, 12:14:47 am

    Scanned the following path: diff --git a/docs/snyk/master/redis_7.0.5-alpine.html b/docs/snyk/master/redis_7.0.5-alpine.html index 7598fd171e1f2..c3986886461bb 100644 --- a/docs/snyk/master/redis_7.0.5-alpine.html +++ b/docs/snyk/master/redis_7.0.5-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    December 16th 2022, 9:17:07 pm

    +

    December 18th 2022, 12:14:52 am

    Scanned the following path: diff --git a/docs/snyk/v2.3.12/argocd-iac-install.html b/docs/snyk/v2.3.12/argocd-iac-install.html index 7ec43df20f1d7..316c2647684ef 100644 --- a/docs/snyk/v2.3.12/argocd-iac-install.html +++ b/docs/snyk/v2.3.12/argocd-iac-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    December 16th 2022, 9:24:01 pm

    +

    December 18th 2022, 12:21:52 am

    Scanned the following path: diff --git a/docs/snyk/v2.3.12/argocd-iac-namespace-install.html b/docs/snyk/v2.3.12/argocd-iac-namespace-install.html index b3c614a0f3520..d54d77e3fdf3c 100644 --- a/docs/snyk/v2.3.12/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.3.12/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    December 16th 2022, 9:24:33 pm

    +

    December 18th 2022, 12:22:24 am

    Scanned the following path: diff --git a/docs/snyk/v2.3.12/argocd-test.html b/docs/snyk/v2.3.12/argocd-test.html index 3c9029e366f89..8788a0dae4c10 100644 --- a/docs/snyk/v2.3.12/argocd-test.html +++ b/docs/snyk/v2.3.12/argocd-test.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    December 16th 2022, 9:22:22 pm

    +

    December 18th 2022, 12:20:14 am

    Scanned the following paths: diff --git a/docs/snyk/v2.3.12/ghcr.io_dexidp_dex_v2.35.3.html b/docs/snyk/v2.3.12/ghcr.io_dexidp_dex_v2.35.3.html index 5de247eb04b9d..1c86fbb61739d 100644 --- a/docs/snyk/v2.3.12/ghcr.io_dexidp_dex_v2.35.3.html +++ b/docs/snyk/v2.3.12/ghcr.io_dexidp_dex_v2.35.3.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    December 16th 2022, 9:22:26 pm

    +

    December 18th 2022, 12:20:18 am

    Scanned the following path: diff --git a/docs/snyk/v2.3.12/haproxy_2.0.29-alpine.html b/docs/snyk/v2.3.12/haproxy_2.0.29-alpine.html index 66f77b29a3ced..ff8eb9d95a11e 100644 --- a/docs/snyk/v2.3.12/haproxy_2.0.29-alpine.html +++ b/docs/snyk/v2.3.12/haproxy_2.0.29-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    December 16th 2022, 9:22:29 pm

    +

    December 18th 2022, 12:20:20 am

    Scanned the following path: diff --git a/docs/snyk/v2.3.12/quay.io_argoproj_argocd-applicationset_v0.4.1.html b/docs/snyk/v2.3.12/quay.io_argoproj_argocd-applicationset_v0.4.1.html index ee06eca849925..b6f65989340c4 100644 --- a/docs/snyk/v2.3.12/quay.io_argoproj_argocd-applicationset_v0.4.1.html +++ b/docs/snyk/v2.3.12/quay.io_argoproj_argocd-applicationset_v0.4.1.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    December 16th 2022, 9:22:43 pm

    +

    December 18th 2022, 12:20:34 am

    Scanned the following path: diff --git a/docs/snyk/v2.3.12/quay.io_argoproj_argocd_v2.3.12.html b/docs/snyk/v2.3.12/quay.io_argoproj_argocd_v2.3.12.html index c0899cf61ba0a..b3c56db90a0f6 100644 --- a/docs/snyk/v2.3.12/quay.io_argoproj_argocd_v2.3.12.html +++ b/docs/snyk/v2.3.12/quay.io_argoproj_argocd_v2.3.12.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    December 16th 2022, 9:23:08 pm

    +

    December 18th 2022, 12:21:00 am

    Scanned the following path: diff --git a/docs/snyk/v2.3.12/redis_6.2.7-alpine.html b/docs/snyk/v2.3.12/redis_6.2.7-alpine.html index f42ea08c81282..a9e65651135ff 100644 --- a/docs/snyk/v2.3.12/redis_6.2.7-alpine.html +++ b/docs/snyk/v2.3.12/redis_6.2.7-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    December 16th 2022, 9:23:13 pm

    +

    December 18th 2022, 12:21:05 am

    Scanned the following path: diff --git a/docs/snyk/v2.4.18/argocd-iac-install.html b/docs/snyk/v2.4.18/argocd-iac-install.html index f38dc933f9fe4..11d8bde709476 100644 --- a/docs/snyk/v2.4.18/argocd-iac-install.html +++ b/docs/snyk/v2.4.18/argocd-iac-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    December 16th 2022, 9:22:00 pm

    +

    December 18th 2022, 12:19:52 am

    Scanned the following path: diff --git a/docs/snyk/v2.4.18/argocd-iac-namespace-install.html b/docs/snyk/v2.4.18/argocd-iac-namespace-install.html index 797f20db75f51..0def5f8de9ac6 100644 --- a/docs/snyk/v2.4.18/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.4.18/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    December 16th 2022, 9:22:08 pm

    +

    December 18th 2022, 12:20:00 am

    Scanned the following path: diff --git a/docs/snyk/v2.4.18/argocd-test.html b/docs/snyk/v2.4.18/argocd-test.html index 9801ee47b9a79..bb378bd29f787 100644 --- a/docs/snyk/v2.4.18/argocd-test.html +++ b/docs/snyk/v2.4.18/argocd-test.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    December 16th 2022, 9:20:39 pm

    +

    December 18th 2022, 12:18:34 am

    Scanned the following paths: diff --git a/docs/snyk/v2.4.18/ghcr.io_dexidp_dex_v2.35.3.html b/docs/snyk/v2.4.18/ghcr.io_dexidp_dex_v2.35.3.html index 704bcd9728c56..d98e4c41affab 100644 --- a/docs/snyk/v2.4.18/ghcr.io_dexidp_dex_v2.35.3.html +++ b/docs/snyk/v2.4.18/ghcr.io_dexidp_dex_v2.35.3.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    December 16th 2022, 9:20:43 pm

    +

    December 18th 2022, 12:18:38 am

    Scanned the following path: diff --git a/docs/snyk/v2.4.18/haproxy_2.0.29-alpine.html b/docs/snyk/v2.4.18/haproxy_2.0.29-alpine.html index 234df92136566..94f74f00ee43a 100644 --- a/docs/snyk/v2.4.18/haproxy_2.0.29-alpine.html +++ b/docs/snyk/v2.4.18/haproxy_2.0.29-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    December 16th 2022, 9:20:48 pm

    +

    December 18th 2022, 12:18:42 am

    Scanned the following path: diff --git a/docs/snyk/v2.4.18/quay.io_argoproj_argocd_v2.4.18.html b/docs/snyk/v2.4.18/quay.io_argoproj_argocd_v2.4.18.html index dd44053a6a658..c86c3f6e4e9af 100644 --- a/docs/snyk/v2.4.18/quay.io_argoproj_argocd_v2.4.18.html +++ b/docs/snyk/v2.4.18/quay.io_argoproj_argocd_v2.4.18.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    December 16th 2022, 9:21:06 pm

    +

    December 18th 2022, 12:18:59 am

    Scanned the following path: diff --git a/docs/snyk/v2.4.18/redis_7.0.4-alpine.html b/docs/snyk/v2.4.18/redis_7.0.4-alpine.html index ecbdfc6caeb2a..44b1da159aea2 100644 --- a/docs/snyk/v2.4.18/redis_7.0.4-alpine.html +++ b/docs/snyk/v2.4.18/redis_7.0.4-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    December 16th 2022, 9:21:11 pm

    +

    December 18th 2022, 12:19:04 am

    Scanned the following path: diff --git a/docs/snyk/v2.5.5/argocd-iac-install.html b/docs/snyk/v2.5.5/argocd-iac-install.html index 13bbcda9015e0..623ba2062b78b 100644 --- a/docs/snyk/v2.5.5/argocd-iac-install.html +++ b/docs/snyk/v2.5.5/argocd-iac-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    December 16th 2022, 9:20:13 pm

    +

    December 18th 2022, 12:18:08 am

    Scanned the following path: diff --git a/docs/snyk/v2.5.5/argocd-iac-namespace-install.html b/docs/snyk/v2.5.5/argocd-iac-namespace-install.html index 8593e6e812f0c..9469235487314 100644 --- a/docs/snyk/v2.5.5/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.5.5/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    December 16th 2022, 9:20:22 pm

    +

    December 18th 2022, 12:18:17 am

    Scanned the following path: diff --git a/docs/snyk/v2.5.5/argocd-test.html b/docs/snyk/v2.5.5/argocd-test.html index 7cf57ebf002d3..722c5ed72620e 100644 --- a/docs/snyk/v2.5.5/argocd-test.html +++ b/docs/snyk/v2.5.5/argocd-test.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    December 16th 2022, 9:18:54 pm

    +

    December 18th 2022, 12:16:48 am

    Scanned the following paths: diff --git a/docs/snyk/v2.5.5/ghcr.io_dexidp_dex_v2.35.3.html b/docs/snyk/v2.5.5/ghcr.io_dexidp_dex_v2.35.3.html index d0458f36b0ff2..0c5ecc9b9c877 100644 --- a/docs/snyk/v2.5.5/ghcr.io_dexidp_dex_v2.35.3.html +++ b/docs/snyk/v2.5.5/ghcr.io_dexidp_dex_v2.35.3.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    December 16th 2022, 9:18:58 pm

    +

    December 18th 2022, 12:16:55 am

    Scanned the following path: diff --git a/docs/snyk/v2.5.5/haproxy_2.6.2-alpine.html b/docs/snyk/v2.5.5/haproxy_2.6.2-alpine.html index 46cc6ffed4f0c..7506b5be60880 100644 --- a/docs/snyk/v2.5.5/haproxy_2.6.2-alpine.html +++ b/docs/snyk/v2.5.5/haproxy_2.6.2-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    December 16th 2022, 9:19:01 pm

    +

    December 18th 2022, 12:16:57 am

    Scanned the following path: diff --git a/docs/snyk/v2.5.5/quay.io_argoproj_argocd_v2.5.5.html b/docs/snyk/v2.5.5/quay.io_argoproj_argocd_v2.5.5.html index 7a4355f657ee8..3edf96ad85082 100644 --- a/docs/snyk/v2.5.5/quay.io_argoproj_argocd_v2.5.5.html +++ b/docs/snyk/v2.5.5/quay.io_argoproj_argocd_v2.5.5.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    December 16th 2022, 9:19:19 pm

    +

    December 18th 2022, 12:17:14 am

    Scanned the following path: diff --git a/docs/snyk/v2.5.5/redis_7.0.5-alpine.html b/docs/snyk/v2.5.5/redis_7.0.5-alpine.html index 70e56d1261481..70b01528eedfb 100644 --- a/docs/snyk/v2.5.5/redis_7.0.5-alpine.html +++ b/docs/snyk/v2.5.5/redis_7.0.5-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    December 16th 2022, 9:19:22 pm

    +

    December 18th 2022, 12:17:16 am

    Scanned the following path: From 2e4d576564bf71240cb87d5f6a94b571bca5967a Mon Sep 17 00:00:00 2001 From: wmgroot Date: Mon, 19 Dec 2022 09:57:36 -0600 Subject: [PATCH 202/304] docs: add appset progressive rollout strategy proposal (#9979) Signed-off-by: wmgroot Signed-off-by: wmgroot Signed-off-by: emirot --- ...-13-appset-progressive-rollout-strategy.md | 177 ++++++++++++++++++ 1 file changed, 177 insertions(+) create mode 100644 docs/proposals/2022-07-13-appset-progressive-rollout-strategy.md diff --git a/docs/proposals/2022-07-13-appset-progressive-rollout-strategy.md b/docs/proposals/2022-07-13-appset-progressive-rollout-strategy.md new file mode 100644 index 0000000000000..8393c445cc5ea --- /dev/null +++ b/docs/proposals/2022-07-13-appset-progressive-rollout-strategy.md @@ -0,0 +1,177 @@ +--- +title: ApplicationSet Progressive Rollout Strategy +authors: + - "@wmgroot" + - "@cnmcavoy" +sponsors: + - indeed.com +reviewers: + - "@alexmt" + - TBD +approvers: + - "@alexmt" + - TBD + +creation-date: 2022-07-13 +last-updated: 2022-08-11 +--- + +# ApplicationSet Progressive Rollout Strategy + +## Summary + +Enhance the ArgoCD ApplicationSet resource to embed a rollout strategy for a progressive application resource update after the ApplicationSet spec or Application templates are modified. +Further discussion and interest has been communicated here: https://github.com/argoproj/argo-cd/issues/9437 + +## Motivation + +As cluster operators, we would like to make changes to ApplicationSets which may target multiple environments, pre-defined staging areas, or other configurations, and have these changes rolled out in a declarative, defined manner rather than all at once as ApplicationSets currently behave. A progressive ApplicationSet rollout would prevent mistakes in configuration from having a larger blast radius than intended and give cluster operators a chance to verify and have confidence in their changes. + +### Goals + +Users are able to make a single change to ApplicationSet that is updated across the generated Applications in a controlled manner. When this enhancement is enabled, Applications are updated in a declaractive order, instead of simultaneously. + +### Non-Goals + +Handling controlled rollouts for changes to a helm chart or raw manifests referenced by the Applications managed by the ApplicationSet. We understand this would be valuable, but we would like to implement the rollout implementation handling only changes to the ApplicationSet initially. + +## Proposal + +This is where we get down to details of what the proposal is about. + +### Use cases + +Add a list of detailed use cases this enhancement intends to take care of. + +#### Use case 1: +As a user, I would like to declaratively control the rollout order of ApplicationSet changes to its generated Application resources. + +We propose adding a `RollingUpdate` and `RollingSync` strategy spec (taking inspiration from other controllers). + +The rolling update strategy deterministically chooses applications to update following a maxUpdate value. If maxUpdate is set to 1, then applications are updated one by one, proceeding each step only if the previous application syncs completed successfully. If set to more than 1, then applications are updated in parallel up to that number. +Steps for the rolling update are defined by a list of matchExpression label selectors. Each step must finish updating before the next step advances. If steps are left undefined the application update order is deterministic. + +Complete ApplicationSet spec example. +``` +apiVersion: argoproj.io/v1alpha1 +kind: ApplicationSet +metadata: + name: guestbook +spec: + generators: + - list: + elements: + - cluster: engineering-dev + url: https://1.2.3.4 + env: dev + - cluster: engineering-prod + url: https://2.4.6.8 + env: prod + - cluster: engineering-qa + url: https://9.8.7.6/ + env: qa + strategy: + type: RollingUpdate + rollingUpdate: + steps: + - matchExpressions: + - key: env + operator: In + values: + - dev + maxUpdate: 0 # if undefined or 0, all applications matched are updated together + - matchExpressions: + - key: env + operator: In + values: + - qa + - matchExpressions: + - key: env + operator: In + values: + - us-east-2 + - eu-west-1 + - ap-southeast-1 + maxUpdate: 1 # maxUpdate supports both integer and percentage string values + template: + metadata: + name: '{{cluster}}-guestbook' + labels: + env: "{{env}}" # label can be provided explicitly from a list generator + region: "{{metadata.labels.cluster/region}}" # or pulled from labels on the argo cluster secrets + spec: + source: + repoURL: https://github.com/infra-team/cluster-deployments.git + targetRevision: HEAD + path: guestbook/{{cluster}} + destination: + server: '{{url}}' + namespace: guestbook +``` + +In the above example, when the guestbook ApplicationSet is created or modified, the Application resources are each updated in the order defined in `strategy.rollingUpdate`. In this case, all generated Applications (applied or not) with a label that matches the expression `env: dev` are updated to match the template. All Applications in this step are updated in parallel, because the `maxUpdate` is set to zero. The rolling update strategy progresses after the first set of Applications has successfully progressed and become healthy again. Progress towards the next step starts only after the current step has completely finished, regardless of the `maxUpdate` value. The `maxUpdate` field only throttles the total number of matching Applications updating in the current step. After the first step completes, the ApplicationSet updates all Application resources with label `env: qa` at the same time, because `maxUpdate` is undefined. Finally, during the third step, the Application resources labeled `region: us-east-2`, `region: eu-west-1`, or `region: ap-southeast-1` are updated, one by one, as the `maxUpdate` for the final step is 1. + +An Application rollout is considered “complete” when the Application resource has been: +- Synced successfully. +- Moved into a “Progressing” state. +- Moved out of a “Progressing” state and into a “Healthy” state. + +`RollingSync` operates using the same spec, but is a re-implementation of the https://github.com/Skyscanner/applicationset-progressive-sync tool. It notices that Applications become OutOfSync, and triggers sync operations on those Applications following the order declared in the Application strategy spec. + + +#### Use case 2: +As a user, I would like to continue to use the current simultaneous Application update behavior of the ApplicationSet controller. + +If no strategy is provided, we propose defaulting to an `AllAtOnce` strategy, which maintains the current behavior. + + +### Implementation Details/Notes/Constraints [optional] + +#### Initial ApplicationSet Creation +Application resource creation from an ApplicationSet with a defined strategy looks much like the update process. When a brand new ApplicationSet is first created with a rollout strategy specified, the desired Application resource metadata labels are used to determine when each Application resource is created. Each Application created will be created in the order defined by the steps, if any, and advance to the next step only when a step completes successfully. The same applies if an ApplicationSet is modified to target a different set of destination clusters or namespaces, Applications are created or updated in the order defined by their desired state and the defined step order in the strategy. + +#### ApplicationSet Rollout Failure +In the event that an ApplicationSet spec or template is modified and a target Application resource fails to “complete” a sync in any of the steps, the ApplicationSet rollout is stalled. The ApplicationSet resource will ensure the status field for “ApplicationSetUpToDate” is False. If the maxUpdate allows it, the ApplicationSet will continue updating Applications in the current step, but otherwise, no further changes will be propagated to Application resources by the ApplicationSet, and no steps will advance until each Application can successfully complete a sync. If the ApplicationSet is modified while still in the midst of an ApplicationSet rollout, stalled or otherwise, then the existing rollout is abandoned, the application resources are left in their present state, and the new rollout begins. + +#### "Pausing" Application Changes During Rollout +To implement the “paused” functionality of Applications that are not yet ready to be updated, we have a few options. +* Disable auto-sync. +** Potentially conflicts with user provided auto-sync settings. +** Provides the benefit of being able to see the full diff of the ApplicationSet change. +* “Pause” the Application. +** Not Yet Implemented: https://github.com/argoproj/argo-cd/issues/4808 +* Prevent any updates at all to the live Applications via the rolling update strategy defined. +** This is likely the initial implementation method we'll target. + +#### Draft Pull Request +This PR is now functional and ready for comment. We are actively working on unit tests and documentation. +https://github.com/wmgroot/argo-cd/pull/1 + +### Security Considerations +We do not believe this proposal results in any new security considerations for the ApplicationSet controller. + +### Risks and Mitigations + +If this proposal is implemented, I believe the next logical step would be to solve the case where users would like to control rollout order for Application resources with a consistent specification, but changes being pushed to the upstream `source` of the Application. A common use case is an update to an unversioned "wrapper" helm chart that depends on a versioned upstream chart. The wrapper chart is often used to apply simple supplementary resources in a gitops pattern, such as company specific RBAC configuration, or ExternalSecrets configuration. These supplementary resources do not typically warrant publishing a versioned wrapper chart, making it difficult to implement changes to the chart's templates or value files and roll them out in an ordered way with the ApplicationSet changes discussed here. + +Implementing progressive rollout stragies to handled changes upstream of the generated Application source could be difficult, since the applicationset controller would need to intercept the sync operation of the Application to prevent the changes from syncing automatically. + +Added maintenance burden on the ArgoCD team is always a risk with the addition of new features. + +### Upgrade / Downgrade Strategy + +We are introducing new fields to the ApplicationSet CRD, however no existing fields are being changed. We believe this means that a new ApplicationSet version is unnecessary, and that upgrading to the new spec with extra fields will be a clean operation. + +Downgrading would risk users receiving K8s API errors if they continue to try to apply the `strategy` field to a downgraded version of the ApplicationSet resource. +Downgrading the controller while keeping the upgraded version of the CRD should cleanly downgrade/revert the behavior of the controller to the previous version without requiring users to adjust their existing ApplicationSet specs. + +## Drawbacks + +The idea is to find the best form of an argument why this enhancement should _not_ be implemented. + +## Alternatives + +One alternative we considered was to create an extra CRD specifically to govern the rollout process for an ApplicationSet. We ultimately decided against this approach because all other rollout strategy specs we looked at were implemented in the same CRD resource (K8s Deployments, Argo Rollouts, CAPI MachineDeployments, etc). + +Another alternative is to implement Application Dependencies through the application-controller instead. This is a far more complicated approach that requires implementing and maintaining an Application DAG. +https://github.com/argoproj/argo-cd/issues/7437 From 6ea9f77bfe6ec03a4cb1a9b696366df945f20bfa Mon Sep 17 00:00:00 2001 From: Justin Marquis <34fathombelow@protonmail.com> Date: Mon, 19 Dec 2022 08:18:01 -0800 Subject: [PATCH 203/304] docs: update cosign docs (#11749) Signed-off-by: Justin Marquis <34fathombelow@protonmail.com> Signed-off-by: Justin Marquis <34fathombelow@protonmail.com> Signed-off-by: emirot --- argocd-cosign.pub | 4 ---- docs/operator-manual/signed-release-assets.md | 21 +++++++++---------- 2 files changed, 10 insertions(+), 15 deletions(-) delete mode 100644 argocd-cosign.pub diff --git a/argocd-cosign.pub b/argocd-cosign.pub deleted file mode 100644 index bd14342b9c1b4..0000000000000 --- a/argocd-cosign.pub +++ /dev/null @@ -1,4 +0,0 @@ ------BEGIN PUBLIC KEY----- -MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEesHEB7vX5Y2RxXypjMy1nI1z7iRG -JI9/gt/sYqzpsa65aaNP4npM43DDxoIy/MQBo9s/mxGxmA+8UXeDpVC9vw== ------END PUBLIC KEY----- diff --git a/docs/operator-manual/signed-release-assets.md b/docs/operator-manual/signed-release-assets.md index 346dda49eb11e..d5aa36dc9eea1 100644 --- a/docs/operator-manual/signed-release-assets.md +++ b/docs/operator-manual/signed-release-assets.md @@ -4,21 +4,17 @@ All Argo CD container images are signed by cosign. Checksums are created for the ## Prerequisites - Cosign [installation instructions](https://docs.sigstore.dev/cosign/installation) -- Obtain or have a copy of the [public key](https://github.com/argoproj/argo-cd/blob/master/argocd-cosign.pub) ```argocd-cosign.pub``` +- Obtain or have a copy of ```argocd-cosign.pub```, which can be located in the assets section of the [release page](https://github.com/argoproj/argo-cd/releases) + +Once you have installed cosign, you can use ```argocd-cosign.pub``` to verify the signed assets or container images. + -Once you have installed cosign, you can use [argocd-cosign.pub](https://github.com/argoproj/argo-cd/blob/master/argocd-cosign.pub) to verify the signed assets or container images. -``` ------BEGIN PUBLIC KEY----- -MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEesHEB7vX5Y2RxXypjMy1nI1z7iRG -JI9/gt/sYqzpsa65aaNP4npM43DDxoIy/MQBo9s/mxGxmA+8UXeDpVC9vw== ------END PUBLIC KEY----- -``` ## Verification of container images ```bash -cosign verify --key argocd-cosign.pub quay.io/argoproj/argocd:latest +cosign verify --key argocd-cosign.pub quay.io/argoproj/argocd: -Verification for quay.io/argoproj/argocd:latest -- +Verification for quay.io/argoproj/argocd: -- The following checks were performed on each of these signatures: * The cosign claims were validated * The signatures were verified against the specified public key @@ -27,6 +23,9 @@ The following checks were performed on each of these signatures: ## Verification of signed assets ```bash -cosign verify-blob --key cosign.pub --signature $(cat argocd-$VERSION-checksums.sig) argocd-$VERSION-checksums.txt +cosign verify-blob --key cosign.pub --signature $(cat argocd--checksums.sig) argocd-$VERSION-checksums.txt Verified OK ``` +## Admission controllers + +Cosign is compatible with several types of admission controllers. Please see the [Cosign documentation](https://docs.sigstore.dev/cosign/overview/#kubernetes-integrations) for supported controllers From b69f450a75ebad56539cd959848739772f4b780c Mon Sep 17 00:00:00 2001 From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Date: Mon, 19 Dec 2022 11:25:34 -0500 Subject: [PATCH 204/304] chore: upgrade git-url-parse to avoid CVE-2022-2900 (#11744) Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: emirot --- ui/package.json | 2 +- ui/yarn.lock | 95 +++++++++++++++++-------------------------------- 2 files changed, 33 insertions(+), 64 deletions(-) diff --git a/ui/package.json b/ui/package.json index 256efff124197..b5fcdc9808a2b 100644 --- a/ui/package.json +++ b/ui/package.json @@ -19,7 +19,7 @@ "dagre": "^0.8.5", "deepmerge": "^3.2.0", "foundation-sites": "^6.7.4", - "git-url-parse": "^11.6.0", + "git-url-parse": "^13.1.0", "js-yaml": "^3.14.1", "json-merge-patch": "^0.2.3", "lodash-es": "^4.17.21", diff --git a/ui/yarn.lock b/ui/yarn.lock index df45559bbcb86..8e5fa5af42a2a 100644 --- a/ui/yarn.lock +++ b/ui/yarn.lock @@ -4345,11 +4345,6 @@ fill-range@^7.0.1: dependencies: to-regex-range "^5.0.1" -filter-obj@^1.1.0: - version "1.1.0" - resolved "https://registry.yarnpkg.com/filter-obj/-/filter-obj-1.1.0.tgz#9b311112bc6c6127a16e016c6c5d7f19e0805c5b" - integrity sha1-mzERErxsYSehbgFsbF1/GeCAXFs= - finalhandler@1.2.0: version "1.2.0" resolved "https://registry.yarnpkg.com/finalhandler/-/finalhandler-1.2.0.tgz#7d23fe5731b207b4640e4fcd00aec1f9207a7b32" @@ -4546,20 +4541,20 @@ get-value@^2.0.3, get-value@^2.0.6: resolved "https://registry.yarnpkg.com/get-value/-/get-value-2.0.6.tgz#dc15ca1c672387ca76bd37ac0a395ba2042a2c28" integrity sha1-3BXKHGcjh8p2vTesCjlbogQqLCg= -git-up@^4.0.0: - version "4.0.5" - resolved "https://registry.yarnpkg.com/git-up/-/git-up-4.0.5.tgz#e7bb70981a37ea2fb8fe049669800a1f9a01d759" - integrity sha512-YUvVDg/vX3d0syBsk/CKUTib0srcQME0JyHkL5BaYdwLsiCslPWmDSi8PUMo9pXYjrryMcmsCoCgsTpSCJEQaA== +git-up@^7.0.0: + version "7.0.0" + resolved "https://registry.yarnpkg.com/git-up/-/git-up-7.0.0.tgz#bace30786e36f56ea341b6f69adfd83286337467" + integrity sha512-ONdIrbBCFusq1Oy0sC71F5azx8bVkvtZtMJAsv+a6lz5YAmbNnLD6HAB4gptHZVLPR8S2/kVN6Gab7lryq5+lQ== dependencies: - is-ssh "^1.3.0" - parse-url "^6.0.0" + is-ssh "^1.4.0" + parse-url "^8.1.0" -git-url-parse@^11.6.0: - version "11.6.0" - resolved "https://registry.yarnpkg.com/git-url-parse/-/git-url-parse-11.6.0.tgz#c634b8de7faa66498a2b88932df31702c67df605" - integrity sha512-WWUxvJs5HsyHL6L08wOusa/IXYtMuCAhrMmnTjQPpBU0TTHyDhnOATNH3xNQz7YOQUsqIIPTGr4xiVti1Hsk5g== +git-url-parse@^13.1.0: + version "13.1.0" + resolved "https://registry.yarnpkg.com/git-url-parse/-/git-url-parse-13.1.0.tgz#07e136b5baa08d59fabdf0e33170de425adf07b4" + integrity sha512-5FvPJP/70WkIprlUZ33bm4UAaFdjcLkJLpWft1BeZKqwR0uhhNGoKwlUaPtVb4LxCSQ++erHapRak9kWGj+FCA== dependencies: - git-up "^4.0.0" + git-up "^7.0.0" glob-parent@^5.1.1, glob-parent@^5.1.2, glob-parent@~5.1.2: version "5.1.2" @@ -5191,12 +5186,12 @@ is-regex@^1.0.4: call-bind "^1.0.2" has-symbols "^1.0.2" -is-ssh@^1.3.0: - version "1.3.3" - resolved "https://registry.yarnpkg.com/is-ssh/-/is-ssh-1.3.3.tgz#7f133285ccd7f2c2c7fc897b771b53d95a2b2c7e" - integrity sha512-NKzJmQzJfEEma3w5cJNcUMxoXfDjz0Zj0eyCalHn2E6VOwlzjZo0yuO2fcBSf8zhFuVCL/82/r5gRcoi6aEPVQ== +is-ssh@^1.4.0: + version "1.4.0" + resolved "https://registry.yarnpkg.com/is-ssh/-/is-ssh-1.4.0.tgz#4f8220601d2839d8fa624b3106f8e8884f01b8b2" + integrity sha512-x7+VxdxOdlV3CYpjvRLBv5Lo9OJerlYanjwFrPR9fuGPjCiNiCzFgAWpiLAohSbsnH4ZAys3SBh+hq5rJosxUQ== dependencies: - protocols "^1.1.0" + protocols "^2.0.1" is-stream@^1.1.0: version "1.1.0" @@ -6533,7 +6528,7 @@ normalize-path@^3.0.0, normalize-path@~3.0.0: resolved "https://registry.yarnpkg.com/normalize-path/-/normalize-path-3.0.0.tgz#0dcd69ff23a1c9b11fd0978316644a0388216a65" integrity sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA== -normalize-url@4.3.0, normalize-url@^6.1.0: +normalize-url@4.3.0: version "4.3.0" resolved "https://registry.yarnpkg.com/normalize-url/-/normalize-url-4.3.0.tgz#9c49e10fc1876aeb76dba88bf1b2b5d9fa57b2ee" integrity sha512-0NLtR71o4k6GLP+mr6Ty34c5GA6CMoEsncKJxvQd8NzPxaHRJNnb5gZE8R1XF4CPIS7QPHLJ74IFszwtNVAHVQ== @@ -6805,25 +6800,19 @@ parse-json@^5.2.0: json-parse-even-better-errors "^2.3.0" lines-and-columns "^1.1.6" -parse-path@^4.0.0: - version "4.0.4" - resolved "https://registry.yarnpkg.com/parse-path/-/parse-path-4.0.4.tgz#4bf424e6b743fb080831f03b536af9fc43f0ffea" - integrity sha512-Z2lWUis7jlmXC1jeOG9giRO2+FsuyNipeQ43HAjqAZjwSe3SEf+q/84FGPHoso3kyntbxa4c4i77t3m6fGf8cw== +parse-path@^7.0.0: + version "7.0.0" + resolved "https://registry.yarnpkg.com/parse-path/-/parse-path-7.0.0.tgz#605a2d58d0a749c8594405d8cc3a2bf76d16099b" + integrity sha512-Euf9GG8WT9CdqwuWJGdf3RkUcTBArppHABkO7Lm8IzRQp0e2r/kkFnmhu4TSK30Wcu5rVAZLmfPKSBBi9tWFog== dependencies: - is-ssh "^1.3.0" - protocols "^1.4.0" - qs "^6.9.4" - query-string "^6.13.8" + protocols "^2.0.0" -parse-url@^6.0.0: - version "6.0.5" - resolved "https://registry.yarnpkg.com/parse-url/-/parse-url-6.0.5.tgz#4acab8982cef1846a0f8675fa686cef24b2f6f9b" - integrity sha512-e35AeLTSIlkw/5GFq70IN7po8fmDUjpDPY1rIK+VubRfsUvBonjQ+PBZG+vWMACnQSmNlvl524IucoDmcioMxA== +parse-url@^8.1.0: + version "8.1.0" + resolved "https://registry.yarnpkg.com/parse-url/-/parse-url-8.1.0.tgz#972e0827ed4b57fc85f0ea6b0d839f0d8a57a57d" + integrity sha512-xDvOoLU5XRrcOZvnI6b8zA6n9O9ejNk/GExuz1yBuWUGn9KA97GI6HTs6u02wKara1CeVmZhH+0TZFdWScR89w== dependencies: - is-ssh "^1.3.0" - normalize-url "^6.1.0" - parse-path "^4.0.0" - protocols "^1.4.0" + parse-path "^7.0.0" parse5@6.0.1: version "6.0.1" @@ -7160,10 +7149,10 @@ prop-types@^15, prop-types@^15.5.0, prop-types@^15.5.10, prop-types@^15.5.4, pro object-assign "^4.1.1" react-is "^16.13.1" -protocols@^1.1.0, protocols@^1.4.0: - version "1.4.8" - resolved "https://registry.yarnpkg.com/protocols/-/protocols-1.4.8.tgz#48eea2d8f58d9644a4a32caae5d5db290a075ce8" - integrity sha512-IgjKyaUSjsROSO8/D49Ab7hP8mJgTYcqApOqdPhLoPxAplXmkp+zRvsrSQjFn5by0rhm4VH0GAUELIPpx7B1yg== +protocols@^2.0.0, protocols@^2.0.1: + version "2.0.1" + resolved "https://registry.yarnpkg.com/protocols/-/protocols-2.0.1.tgz#8f155da3fc0f32644e83c5782c8e8212ccf70a86" + integrity sha512-/XJ368cyBJ7fzLMwLKv1e4vLxOju2MNAIokcr7meSaNcVbWz/CPcW22cP04mwxOErdA5mwjA8Q6w/cdAQxVn7Q== proxy-addr@~2.0.7: version "2.0.7" @@ -7196,7 +7185,7 @@ punycode@^2.1.0, punycode@^2.1.1: resolved "https://registry.yarnpkg.com/punycode/-/punycode-2.1.1.tgz#b58b010ac40c22c5657616c8d2c2c02c7bf479ec" integrity sha512-XRsRjdf+j5ml+y/6GKHPZbrF/8p2Yga0JPtdqTIY2Xe5ohJPD9saDJJLPvp9+NSBprVvevdXZybnj2cv8OEd0A== -qs@6.11.0, qs@^6.10.3, qs@^6.9.4: +qs@6.11.0, qs@^6.10.3: version "6.11.0" resolved "https://registry.yarnpkg.com/qs/-/qs-6.11.0.tgz#fd0d963446f7a65e1367e01abd85429453f0c37a" integrity sha512-MvjoMCJwEarSbUYk5O+nmoSzSutSsTwF85zcHPQ9OrlFoZOYIjaqBAJIqIXjptyD5vThxGq52Xu/MaJzRkIk4Q== @@ -7208,16 +7197,6 @@ qs@6.9.3: resolved "https://registry.yarnpkg.com/qs/-/qs-6.9.3.tgz#bfadcd296c2d549f1dffa560619132c977f5008e" integrity sha512-EbZYNarm6138UKKq46tdx08Yo/q9ZhFoAXAI1meAFd2GtbRDhbZY2WQSICskT0c5q99aFzLG1D4nvTk9tqfXIw== -query-string@^6.13.8: - version "6.14.1" - resolved "https://registry.yarnpkg.com/query-string/-/query-string-6.14.1.tgz#7ac2dca46da7f309449ba0f86b1fd28255b0c86a" - integrity sha512-XDxAeVmpfu1/6IjyT/gXHOl+S0vQ9owggJ30hhWKdHAsNPOcasn5o9BW0eejZqL2e4vMjhAxoW3jVHcD6mbcYw== - dependencies: - decode-uri-component "^0.2.0" - filter-obj "^1.1.0" - split-on-first "^1.0.0" - strict-uri-encode "^2.0.0" - querystring@0.2.0: version "0.2.0" resolved "https://registry.yarnpkg.com/querystring/-/querystring-0.2.0.tgz#b209849203bb25df820da756e747005878521620" @@ -8728,11 +8707,6 @@ spdy@^4.0.2: select-hose "^2.0.0" spdy-transport "^3.0.0" -split-on-first@^1.0.0: - version "1.1.0" - resolved "https://registry.yarnpkg.com/split-on-first/-/split-on-first-1.1.0.tgz#f610afeee3b12bce1d0c30425e76398b78249a5f" - integrity sha512-43ZssAJaMusuKWL8sKUBQXHWOpq8d6CfN/u1p4gUzfJkM05C8rxTmYrkIPTXapZpORA6LkkzcUulJ8FqA7Uudw== - split-string@^3.0.1, split-string@^3.0.2: version "3.1.0" resolved "https://registry.yarnpkg.com/split-string/-/split-string-3.1.0.tgz#7cb09dda3a86585705c64b39a6466038682e8fe2" @@ -8794,11 +8768,6 @@ stream-events@^1.0.5: dependencies: stubs "^3.0.0" -strict-uri-encode@^2.0.0: - version "2.0.0" - resolved "https://registry.yarnpkg.com/strict-uri-encode/-/strict-uri-encode-2.0.0.tgz#b9c7330c7042862f6b142dc274bbcc5866ce3546" - integrity sha1-ucczDHBChi9rFC3CdLvMWGbONUY= - string-convert@^0.2.0: version "0.2.1" resolved "https://registry.yarnpkg.com/string-convert/-/string-convert-0.2.1.tgz#6982cc3049fbb4cd85f8b24568b9d9bf39eeff97" From 31fbf34aa62bcd4983d889d648b22e2d01833347 Mon Sep 17 00:00:00 2001 From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Date: Mon, 19 Dec 2022 11:25:40 -0500 Subject: [PATCH 205/304] chore: upgrade minimatch to avoid CVE-2022-3517 (#11745) Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: emirot --- ui/yarn.lock | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/ui/yarn.lock b/ui/yarn.lock index 8e5fa5af42a2a..47e31303da06d 100644 --- a/ui/yarn.lock +++ b/ui/yarn.lock @@ -6281,14 +6281,7 @@ minimalistic-assert@^1.0.0: resolved "https://registry.yarnpkg.com/minimalistic-assert/-/minimalistic-assert-1.0.1.tgz#2e194de044626d4a10e7f7fbc00ce73e83e4d5c7" integrity sha512-UtJcAD4yEaGtjPezWuO9wC4nwUnVH/8/Im3yEHQP4b67cXlD/Qr9hdITCU1xDbSEXg2XKNaP8jsReV7vQd00/A== -minimatch@^3.0.4: - version "3.0.4" - resolved "https://registry.yarnpkg.com/minimatch/-/minimatch-3.0.4.tgz#5166e286457f03306064be5497e8dbb0c3d32083" - integrity sha512-yJHVQEhyqPLUTgt9B83PXu6W3rx4MvvHvSUvToogpwoGDOUQ+yDrR0HRot+yOCdCO7u4hX3pWft6kWBBcqh0UA== - dependencies: - brace-expansion "^1.1.7" - -minimatch@^3.1.2: +minimatch@^3.0.4, minimatch@^3.1.2: version "3.1.2" resolved "https://registry.yarnpkg.com/minimatch/-/minimatch-3.1.2.tgz#19cd194bfd3e428f049a70817c038d89ab4be35b" integrity sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw== From 2984547588e5428d3a1a9b609acf8bf9a9c839cc Mon Sep 17 00:00:00 2001 From: Leonardo Luz Almeida Date: Mon, 19 Dec 2022 11:29:43 -0500 Subject: [PATCH 206/304] chore: add kustomize project for testing param CMP locally (#11265) Signed-off-by: Leonardo Luz Almeida Signed-off-by: Leonardo Luz Almeida Signed-off-by: emirot --- test/manifests/cmp/README.md | 15 ++++++++ test/manifests/cmp/app.yaml | 23 +++++++++++++ test/manifests/cmp/app/subdir/sidecar.yaml | 4 +++ test/manifests/cmp/kustomization.yaml | 15 ++++++++ test/manifests/cmp/plugin.yaml | 29 ++++++++++++++++ test/manifests/cmp/repo-patch.yaml | 40 ++++++++++++++++++++++ test/manifests/cmp/secret-patch.yaml | 13 +++++++ 7 files changed, 139 insertions(+) create mode 100644 test/manifests/cmp/README.md create mode 100644 test/manifests/cmp/app.yaml create mode 100644 test/manifests/cmp/app/subdir/sidecar.yaml create mode 100644 test/manifests/cmp/kustomization.yaml create mode 100644 test/manifests/cmp/plugin.yaml create mode 100644 test/manifests/cmp/repo-patch.yaml create mode 100644 test/manifests/cmp/secret-patch.yaml diff --git a/test/manifests/cmp/README.md b/test/manifests/cmp/README.md new file mode 100644 index 0000000000000..86759c1d1f59f --- /dev/null +++ b/test/manifests/cmp/README.md @@ -0,0 +1,15 @@ +This folder contains an Argo CD configuration file to allow +testing CMP plugins locally. The Kustomize project will: + +- Install Argo CD in the current k8s context +- Patch repo server configuring a test CMP plugin +- Install an application that can be used to interact with the CMP plugin + +To install Argo CD with this Kustomize project run the following +command: + +`kustomize build ./test/manifests/cmp | sed 's/imagePullPolicy: Always/imagePullPolicy: Never/g' | kubectl apply -f -` + +In Argo CD UI login with user/pass: admin/password + +An application with name `cmp-sidecar` should be available for testing. diff --git a/test/manifests/cmp/app.yaml b/test/manifests/cmp/app.yaml new file mode 100644 index 0000000000000..1a3e66bb3810a --- /dev/null +++ b/test/manifests/cmp/app.yaml @@ -0,0 +1,23 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: plugin-test-app +spec: + project: default + source: + repoURL: https://github.com/argoproj/argo-cd.git + path: test/manifests/cmp/app + plugin: + env: + - name: FOO + value: bar + - name: REV + value: test-$ARGOCD_APP_REVISION + parameters: + - name: array-param + array: + - override + - values + destination: + namespace: default + server: https://kubernetes.default.svc diff --git a/test/manifests/cmp/app/subdir/sidecar.yaml b/test/manifests/cmp/app/subdir/sidecar.yaml new file mode 100644 index 0000000000000..aff782f0712f7 --- /dev/null +++ b/test/manifests/cmp/app/subdir/sidecar.yaml @@ -0,0 +1,4 @@ +# This yaml is used mainly to trigger the CMP plugin +# for testing purposes. In real world, it should contain +# proper kubernetes manifest files. +name: sidecar-plugin diff --git a/test/manifests/cmp/kustomization.yaml b/test/manifests/cmp/kustomization.yaml new file mode 100644 index 0000000000000..f0f55a990250e --- /dev/null +++ b/test/manifests/cmp/kustomization.yaml @@ -0,0 +1,15 @@ +resources: + - ../../../manifests/namespace-install + - ../../../manifests/crds + - ../../../manifests/cluster-rbac + - plugin.yaml + - app.yaml + +patchesStrategicMerge: + - repo-patch.yaml + - secret-patch.yaml + +images: + - name: quay.io/argoproj/argocd + newName: argocd + newTag: param diff --git a/test/manifests/cmp/plugin.yaml b/test/manifests/cmp/plugin.yaml new file mode 100644 index 0000000000000..fc24632385833 --- /dev/null +++ b/test/manifests/cmp/plugin.yaml @@ -0,0 +1,29 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: my-plugin-config +data: + plugin.yaml: | + apiVersion: argoproj.io/v1alpha1 + kind: ConfigManagementPlugin + metadata: + name: my-plugin + spec: + version: v1.0 + init: + command: [sh , -c, 'echo "params: $ARGOCD_APP_PARAMETERS"'] + generate: + command: [jq, -n, '{"kind": "ConfigMap", "apiVersion": "v1", "metadata": { "name": env.ARGOCD_APP_NAME, "namespace": env.ARGOCD_APP_NAMESPACE, "annotations": {"test": "annotation test", "KubeVersion": env.KUBE_VERSION }}, "data": { "params": env.ARGOCD_APP_PARAMETERS } }'] + discover: + fileName: "./subdir/s*.yaml" + parameters: + static: + - name: string-param + string: default-string-value + - name: array-param + array: [default, items] + collectionType: array + - name: map-param + map: + some: value + collectionType: map diff --git a/test/manifests/cmp/repo-patch.yaml b/test/manifests/cmp/repo-patch.yaml new file mode 100644 index 0000000000000..e9398bf5043ed --- /dev/null +++ b/test/manifests/cmp/repo-patch.yaml @@ -0,0 +1,40 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/name: argocd-repo-server + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: repo-server + name: argocd-repo-server +spec: + selector: + matchLabels: + app.kubernetes.io/name: argocd-repo-server + template: + metadata: + labels: + app.kubernetes.io/name: argocd-repo-server + spec: + serviceAccountName: argocd-repo-server + automountServiceAccountToken: false + containers: + - name: my-plugin + command: [/var/run/argocd/argocd-cmp-server] + image: stedolan/jq + securityContext: + runAsNonRoot: true + runAsUser: 999 + volumeMounts: + - mountPath: /var/run/argocd + name: var-files + - mountPath: /home/argocd/cmp-server/plugins + name: plugins + - mountPath: /home/argocd/cmp-server/config/plugin.yaml + subPath: plugin.yaml + name: my-plugin-config + volumes: + - configMap: + name: my-plugin-config + name: my-plugin-config + - emptyDir: {} + name: cmp-tmp diff --git a/test/manifests/cmp/secret-patch.yaml b/test/manifests/cmp/secret-patch.yaml new file mode 100644 index 0000000000000..adf583420a8e4 --- /dev/null +++ b/test/manifests/cmp/secret-patch.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: argocd-secret + labels: + app.kubernetes.io/name: argocd-secret + app.kubernetes.io/part-of: argocd +stringData: + # admin.password is "password" + admin.password: $2a$10$RncPyHW/B5ll2Z3J8s.IBOnbZ9uoJ4JhHLKzj5lzG/kU1KN1Oj3/K + admin.passwordMtime: 2019-03-20T17:54:53Z +type: Opaque From 0a5ccfa38b6fef0b871bcba5a0ace53a2c026be1 Mon Sep 17 00:00:00 2001 From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Date: Mon, 19 Dec 2022 16:31:23 -0500 Subject: [PATCH 207/304] chore: upgrade go-oidc (#11579) * chore: upgrade go-oidc Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * take advantage of new error type Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: emirot --- cmd/argocd/commands/login.go | 2 +- cmd/argocd/commands/relogin.go | 2 +- go.mod | 9 ++-- go.sum | 86 +++++++++++++++++++++++++++++++--- pkg/apiclient/apiclient.go | 4 +- util/oidc/oidc.go | 2 +- util/oidc/oidc_test.go | 2 +- util/oidc/provider.go | 2 +- util/session/sessionmanager.go | 7 +-- 9 files changed, 94 insertions(+), 22 deletions(-) diff --git a/cmd/argocd/commands/login.go b/cmd/argocd/commands/login.go index 92c24b787cd39..2fc2ce3b32199 100644 --- a/cmd/argocd/commands/login.go +++ b/cmd/argocd/commands/login.go @@ -12,7 +12,7 @@ import ( "strings" "time" - "github.com/coreos/go-oidc" + "github.com/coreos/go-oidc/v3/oidc" "github.com/golang-jwt/jwt/v4" log "github.com/sirupsen/logrus" "github.com/skratchdot/open-golang/open" diff --git a/cmd/argocd/commands/relogin.go b/cmd/argocd/commands/relogin.go index bb1e9e20ed06e..b4c1ef7fe9b81 100644 --- a/cmd/argocd/commands/relogin.go +++ b/cmd/argocd/commands/relogin.go @@ -4,7 +4,7 @@ import ( "fmt" "os" - "github.com/coreos/go-oidc" + "github.com/coreos/go-oidc/v3/oidc" log "github.com/sirupsen/logrus" "github.com/spf13/cobra" diff --git a/go.mod b/go.mod index e499eab369c24..4839121972f6e 100644 --- a/go.mod +++ b/go.mod @@ -16,7 +16,6 @@ require ( github.com/bradleyfalzon/ghinstallation/v2 v2.1.0 github.com/casbin/casbin/v2 v2.60.0 github.com/chai2010/gettext-go v0.0.0-20170215093142-bf70f2a70fb1 // indirect - github.com/coreos/go-oidc v2.2.1+incompatible github.com/dustin/go-humanize v1.0.0 github.com/evanphx/json-patch v5.6.0+incompatible github.com/fsnotify/fsnotify v1.5.1 @@ -59,7 +58,6 @@ require ( github.com/olekukonko/tablewriter v0.0.5 github.com/patrickmn/go-cache v2.1.0+incompatible github.com/pkg/errors v0.9.1 - github.com/pquerna/cachecontrol v0.1.0 // indirect github.com/prometheus/client_golang v1.14.0 github.com/r3labs/diff v1.1.0 github.com/rs/cors v1.8.0 // indirect @@ -75,10 +73,10 @@ require ( github.com/yuin/gopher-lua v0.0.0-20220504180219-658193537a64 golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa golang.org/x/net v0.1.0 // indirect - golang.org/x/oauth2 v0.0.0-20220608161450-d0670ef3b1eb + golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 golang.org/x/term v0.1.0 - google.golang.org/genproto v0.0.0-20220107163113-42d7afdf6368 + google.golang.org/genproto v0.0.0-20220616135557-88e70c0c3a90 google.golang.org/grpc v1.51.0 google.golang.org/protobuf v1.28.1 gopkg.in/go-playground/webhooks.v5 v5.17.0 @@ -108,6 +106,7 @@ require ( require ( github.com/Masterminds/sprig/v3 v3.2.2 github.com/antonmedv/expr v1.9.0 + github.com/coreos/go-oidc/v3 v3.4.0 github.com/gosimple/slug v1.13.1 github.com/microsoft/azure-devops-go-api/azuredevops v1.0.0-b5 github.com/robfig/cron/v3 v3.0.1 @@ -126,7 +125,7 @@ require ( ) require ( - cloud.google.com/go v0.99.0 // indirect + cloud.google.com/go/compute v1.7.0 // indirect github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect github.com/Azure/go-autorest v14.2.0+incompatible // indirect github.com/Azure/go-autorest/autorest v0.11.18 // indirect diff --git a/go.sum b/go.sum index c0db5467c35c1..2063e6fc9626c 100644 --- a/go.sum +++ b/go.sum @@ -27,17 +27,26 @@ cloud.google.com/go v0.90.0/go.mod h1:kRX0mNRHe0e2rC6oNakvwQqzyDmg57xJ+SZU1eT2aD cloud.google.com/go v0.93.3/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI= cloud.google.com/go v0.94.1/go.mod h1:qAlAugsXlC+JWO+Bke5vCtc9ONxjQT3drlTTnAplMW4= cloud.google.com/go v0.97.0/go.mod h1:GF7l59pYBVlXQIBLx3a761cZ41F9bBH3JUlihCt2Udc= -cloud.google.com/go v0.99.0 h1:y/cM2iqGgGi5D5DQZl6D9STN/3dR/Vx5Mp8s752oJTY= cloud.google.com/go v0.99.0/go.mod h1:w0Xx2nLzqWJPuozYQX+hFfCSI8WioryfRDzkoI/Y2ZA= +cloud.google.com/go v0.100.2/go.mod h1:4Xra9TjzAeYHrl5+oeLlzbM2k3mjVhZh4UqTZ//w99A= +cloud.google.com/go v0.102.0/go.mod h1:oWcCzKlqJ5zgHQt9YsaeTY9KzIvjyy0ArmiBUgpQ+nc= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg= cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= +cloud.google.com/go/compute v0.1.0/go.mod h1:GAesmwr110a34z04OlxYkATPBEfVhkymfTBXtfbBFow= +cloud.google.com/go/compute v1.3.0/go.mod h1:cCZiE1NHEtai4wiufUhW8I8S1JKkAnhnQJWM7YD99wM= +cloud.google.com/go/compute v1.5.0/go.mod h1:9SMHyhJlzhlkJqrPAc839t2BZFTSk6Jdj6mkzQJeu0M= +cloud.google.com/go/compute v1.6.0/go.mod h1:T29tfhtVbq1wvAPo0E3+7vhgmkOYeXjhFvz/FMzPu0s= +cloud.google.com/go/compute v1.6.1/go.mod h1:g85FgpzFvNULZ+S8AYq87axRKuf2Kh7deLqV/jJ3thU= +cloud.google.com/go/compute v1.7.0 h1:v/k9Eueb8aAJ0vZuxKMrgm6kPhCLZU9HxFU+AFDs9Uk= +cloud.google.com/go/compute v1.7.0/go.mod h1:435lt8av5oL9P3fv1OEzSbSUe+ybHXGMPQHHZWZxy9U= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk= +cloud.google.com/go/iam v0.3.0/go.mod h1:XzJPvDayI+9zsASAFO68Hk07u3z+f+JrT2xXNdp4bnY= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= @@ -47,6 +56,7 @@ cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0Zeo cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= +cloud.google.com/go/storage v1.22.1/go.mod h1:S8N1cAStu7BOeFfE8KAQzmyyLkK8p/vmRq6kuBTW58Y= code.gitea.io/gitea-vet v0.2.1/go.mod h1:zcNbT/aJEmivCAhfmkHOlT645KNOf9W2KnkLgFjGGfE= code.gitea.io/sdk/gitea v0.15.1 h1:WJreC7YYuxbn0UDaPuWIe/mtiNKTvLN8MLkaw71yx/M= code.gitea.io/sdk/gitea v0.15.1/go.mod h1:klY2LVI3s3NChzIk/MzMn7G1FHrfU7qd63iSMVoHRBA= @@ -214,6 +224,7 @@ github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XP github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= +github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8= github.com/cockroachdb/datadriven v0.0.0-20200714090401-bf6692d28da5/go.mod h1:h6jFvWxBdQXxjopDMZyH2UVceIRfR84bdzbkoKrsWNo= @@ -240,8 +251,8 @@ github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkE github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc= -github.com/coreos/go-oidc v2.2.1+incompatible h1:mh48q/BqXqgjVHpy2ZY7WnWAbenxRjsz9N1i1YxjHAk= -github.com/coreos/go-oidc v2.2.1+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc= +github.com/coreos/go-oidc/v3 v3.4.0 h1:xz7elHb/LDwm/ERpwHd+5nb7wFHL32rsr6bBOgaeu6g= +github.com/coreos/go-oidc/v3 v3.4.0/go.mod h1:eHUXhZtXPQLgEaDrOVTgwbgmz1xGOkJNye6h3zkD2Pw= github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= @@ -302,6 +313,7 @@ github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.m github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ= github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0= +github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go.mod h1:KJwIaB5Mv44NWtYuAOFCVOjcI94vtpEz2JU/D2v6IjE= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/euank/go-kmsg-parser v2.0.0+incompatible/go.mod h1:MhmAMZ8V4CYH4ybgdRwPr2TU5ThnS43puaKEMpja1uw= github.com/evanphx/json-patch v0.5.2/go.mod h1:ZWS5hhDbVDyob71nXKNL0+PWn6ToqBHMikGIFbs31qQ= @@ -565,11 +577,16 @@ github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+ github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/googleapis/enterprise-certificate-proxy v0.0.0-20220520183353-fd19c99a87aa/go.mod h1:17drOmN3MwGY7t0e+Ei9b45FFGA3fBs3x36SsCg1hq8= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0= github.com/googleapis/gax-go/v2 v2.1.1/go.mod h1:hddJymUZASv3XPyGkUpKj8pPO47Rmb0eJc8R6ouapiM= +github.com/googleapis/gax-go/v2 v2.2.0/go.mod h1:as02EH8zWkzwUoLbBaFeQ+arQaj/OthfcblKl4IGNaM= +github.com/googleapis/gax-go/v2 v2.3.0/go.mod h1:b8LNqSzNabLiUpXKkY7HAR5jr6bIT99EXz9pXxye9YM= +github.com/googleapis/gax-go/v2 v2.4.0/go.mod h1:XOTVJ59hdnfJLIP/dh8n5CGryZR2LxK9wbMD5+iXC6c= github.com/googleapis/gnostic v0.5.1/go.mod h1:6U4PtQXGIEt/Z3h5MAT7FNofLnw9vXk2cUuW7uA/OeU= +github.com/googleapis/go-type-adapters v1.0.0/go.mod h1:zHW75FOG2aur7gAO2B+MLby+cLsWGBF62rFAi7WjWO4= github.com/gopackage/ddp v0.0.0-20170117053602-652027933df4 h1:4EZlYQIiyecYJlUbVkFXCXHz1QPhVXcHnQKAzBTPfQo= github.com/gopackage/ddp v0.0.0-20170117053602-652027933df4/go.mod h1:lEO7XoHJ/xNRBCxrn4h/CEB67h0kW1B0t4ooP2yrjUA= github.com/gophercloud/gophercloud v0.1.0/go.mod h1:vxM41WHh5uqHVBMZHzuwNOHh8XEoIEcSTewFxm1c5g8= @@ -923,8 +940,6 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA= -github.com/pquerna/cachecontrol v0.1.0 h1:yJMy84ti9h/+OEWa752kBTKv4XC30OtVVHYv/8cTqKc= -github.com/pquerna/cachecontrol v0.1.0/go.mod h1:NrUG3Z7Rdu85UNR3vm7SOsl1nFIeSiQnrHV5K9mBcUI= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829/go.mod h1:p2iRAGwDERtqlqzRXnrOVns+ignqQo//hLXqYxZYVNs= github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso= @@ -1339,7 +1354,13 @@ golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qx golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= +golang.org/x/net v0.0.0-20220325170049-de3da57026de/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= +golang.org/x/net v0.0.0-20220412020605-290c469a71a5/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= +golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= +golang.org/x/net v0.0.0-20220607020251-c690dde0001d/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/net v0.0.0-20220624214902-1bab6f366d9e/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= golang.org/x/net v0.1.0 h1:hZ/3BUoy5aId7sCpA/Tc5lt8DkFgdVS2onTpJsZ/fl0= golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= golang.org/x/oauth2 v0.0.0-20180227000427-d7d64896b5ff/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -1362,8 +1383,11 @@ golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= -golang.org/x/oauth2 v0.0.0-20220608161450-d0670ef3b1eb h1:8tDJ3aechhddbdPAxpycgXHJRMLpk/Ab+aa4OgdN5/g= +golang.org/x/oauth2 v0.0.0-20220309155454-6242fa91716a/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= +golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= golang.org/x/oauth2 v0.0.0-20220608161450-d0670ef3b1eb/go.mod h1:jaDAt6Dkxork7LmZnYtzbRWj0W47D86a3TGe0YHBvmE= +golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094 h1:2o1E+E8TpNLklK9nHiPiK1uzIYrIHt+cQx3ynCwq9V8= +golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -1376,6 +1400,7 @@ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 h1:uVc8UZUe6tr40fFVnUP5Oj+veunVezqYl9z7DYw9xzw= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180224232135-f6cff0780e54/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -1477,14 +1502,23 @@ golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20211210111614-af8b64212486/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220328115105-d36c6a25d886/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220406155245-289d7a0edf71/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220502124256-b6088ccd6cba/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220610221304-9f5ed59c137d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0 h1:kunALQeHf1/185U1i0GOB/fy1IPRDDpuoOOqRReG57U= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -1590,6 +1624,9 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20220411194840-2f41105eb62f/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20220517211312-f3a8303e98df/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8= +golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8= gomodules.xyz/envconfig v1.3.1-0.20190308184047-426f31af0d45 h1:juzzlx91nWAOsHuOVfXZPMXHtJEKouZvY9bBbwlOeYs= gomodules.xyz/envconfig v1.3.1-0.20190308184047-426f31af0d45/go.mod h1:41y72mzHT7+jFNgyBpJRrZWuZJcLmLrTpq6iGgOFJMQ= gomodules.xyz/jsonpatch/v2 v2.2.0 h1:4pT439QV83L+G9FkcCriY6EkpcK6r6bK+A5FBUMI7qY= @@ -1636,6 +1673,15 @@ google.golang.org/api v0.55.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqiv google.golang.org/api v0.56.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE= google.golang.org/api v0.57.0/go.mod h1:dVPlbZyBo2/OjBpmvNdpn2GRm6rPy75jyU7bmhdrMgI= google.golang.org/api v0.61.0/go.mod h1:xQRti5UdCmoCEqFxcz93fTl338AVqDgyaDRuOZ3hg9I= +google.golang.org/api v0.63.0/go.mod h1:gs4ij2ffTRXwuzzgJl/56BdwJaA194ijkfn++9tDuPo= +google.golang.org/api v0.67.0/go.mod h1:ShHKP8E60yPsKNw/w8w+VYaj9H6buA5UqDp8dhbQZ6g= +google.golang.org/api v0.70.0/go.mod h1:Bs4ZM2HGifEvXwd50TtW70ovgJffJYw2oRCOFU/SkfA= +google.golang.org/api v0.71.0/go.mod h1:4PyU6e6JogV1f9eA4voyrTY2batOLdgZ5qZ5HOCc4j8= +google.golang.org/api v0.74.0/go.mod h1:ZpfMZOVRMywNyvJFeqL9HRWBgAuRfSjJFpe9QtRRyDs= +google.golang.org/api v0.75.0/go.mod h1:pU9QmyHLnzlpar1Mjt4IbapUCy8J+6HD6GeELN69ljA= +google.golang.org/api v0.78.0/go.mod h1:1Sg78yoMLOhlQTeF+ARBoytAcH1NNyyl390YMy6rKmw= +google.golang.org/api v0.80.0/go.mod h1:xY3nI94gbvBrE0J6NHXhxOmW97HG7Khjkku6AFB3Hyg= +google.golang.org/api v0.84.0/go.mod h1:NTsGnUFJMYROtiquksZHBWtHfeMC7iYthki7Eq3pa8o= google.golang.org/appengine v1.0.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -1690,6 +1736,7 @@ google.golang.org/genproto v0.0.0-20210222152913-aa3ee6e6a81c/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20210329143202-679c6ae281ee/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210429181445-86c259c2b4ab/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= google.golang.org/genproto v0.0.0-20210513213006-bf773b8c8384/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= @@ -1710,8 +1757,27 @@ google.golang.org/genproto v0.0.0-20210909211513-a8c4777a87af/go.mod h1:eFjDcFEc google.golang.org/genproto v0.0.0-20210924002016-3dee208752a0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/genproto v0.0.0-20211118181313-81c1377c94b1/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/genproto v0.0.0-20211206160659-862468c7d6e0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20220107163113-42d7afdf6368 h1:Et6SkiuvnBn+SgrSYXs/BrUpGB4mbdwt4R3vaPIlicA= +google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= +google.golang.org/genproto v0.0.0-20211221195035-429b39de9b1c/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/genproto v0.0.0-20220107163113-42d7afdf6368/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= +google.golang.org/genproto v0.0.0-20220126215142-9970aeb2e350/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= +google.golang.org/genproto v0.0.0-20220207164111-0872dc986b00/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= +google.golang.org/genproto v0.0.0-20220218161850-94dd64e39d7c/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI= +google.golang.org/genproto v0.0.0-20220222213610-43724f9ea8cf/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI= +google.golang.org/genproto v0.0.0-20220304144024-325a89244dc8/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI= +google.golang.org/genproto v0.0.0-20220310185008-1973136f34c6/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI= +google.golang.org/genproto v0.0.0-20220324131243-acbaeb5b85eb/go.mod h1:hAL49I2IFola2sVEjAn7MEwsja0xp51I0tlGAf9hz4E= +google.golang.org/genproto v0.0.0-20220407144326-9054f6ed7bac/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo= +google.golang.org/genproto v0.0.0-20220413183235-5e96e2839df9/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo= +google.golang.org/genproto v0.0.0-20220414192740-2d67ff6cf2b4/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo= +google.golang.org/genproto v0.0.0-20220421151946-72621c1f0bd3/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo= +google.golang.org/genproto v0.0.0-20220429170224-98d788798c3e/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo= +google.golang.org/genproto v0.0.0-20220505152158-f39f71e6c8f3/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4= +google.golang.org/genproto v0.0.0-20220518221133-4f43b3371335/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4= +google.golang.org/genproto v0.0.0-20220523171625-347a074981d8/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4= +google.golang.org/genproto v0.0.0-20220608133413-ed9918b62aac/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA= +google.golang.org/genproto v0.0.0-20220616135557-88e70c0c3a90 h1:4SPz2GL2CXJt28MTF8V6Ap/9ZiVbQlJeGSd9qtA7DLs= +google.golang.org/genproto v0.0.0-20220616135557-88e70c0c3a90/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA= google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.0/go.mod h1:chYK+tFQF0nDUGJgXMSgLCQk3phJEuONr2DCgLDdAQM= @@ -1742,8 +1808,13 @@ google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQ google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= +google.golang.org/grpc v1.40.1/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= google.golang.org/grpc v1.42.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= +google.golang.org/grpc v1.44.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ= +google.golang.org/grpc v1.46.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= +google.golang.org/grpc v1.46.2/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= +google.golang.org/grpc v1.47.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= google.golang.org/grpc v1.51.0 h1:E1eGv1FTqoLIdnBCZufiSHgKjlqG6fKFf6pPWtMTh8U= google.golang.org/grpc v1.51.0/go.mod h1:wgNDFcnuBGmxLKI/qn4T+m5BtEBYXJPvibbUPsAIPww= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= @@ -1755,6 +1826,7 @@ google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlba google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= +google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w= google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= diff --git a/pkg/apiclient/apiclient.go b/pkg/apiclient/apiclient.go index 9b90e0ecca667..5f122433ee285 100644 --- a/pkg/apiclient/apiclient.go +++ b/pkg/apiclient/apiclient.go @@ -15,12 +15,12 @@ import ( "sync" "time" - "github.com/coreos/go-oidc" + "github.com/coreos/go-oidc/v3/oidc" "github.com/golang-jwt/jwt/v4" "github.com/golang/protobuf/ptypes/empty" grpc_middleware "github.com/grpc-ecosystem/go-grpc-middleware" grpc_retry "github.com/grpc-ecosystem/go-grpc-middleware/retry" - retryablehttp "github.com/hashicorp/go-retryablehttp" + "github.com/hashicorp/go-retryablehttp" log "github.com/sirupsen/logrus" "go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc" "golang.org/x/oauth2" diff --git a/util/oidc/oidc.go b/util/oidc/oidc.go index 4f93e200c28c9..def1f9de00827 100644 --- a/util/oidc/oidc.go +++ b/util/oidc/oidc.go @@ -14,7 +14,7 @@ import ( "strings" "time" - gooidc "github.com/coreos/go-oidc" + gooidc "github.com/coreos/go-oidc/v3/oidc" "github.com/golang-jwt/jwt/v4" log "github.com/sirupsen/logrus" "golang.org/x/oauth2" diff --git a/util/oidc/oidc_test.go b/util/oidc/oidc_test.go index 9e5fc59ae105a..b02ca17a37a8c 100644 --- a/util/oidc/oidc_test.go +++ b/util/oidc/oidc_test.go @@ -12,7 +12,7 @@ import ( "strings" "testing" - gooidc "github.com/coreos/go-oidc" + gooidc "github.com/coreos/go-oidc/v3/oidc" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "golang.org/x/oauth2" diff --git a/util/oidc/provider.go b/util/oidc/provider.go index eba797635b7e6..a3fcba547c340 100644 --- a/util/oidc/provider.go +++ b/util/oidc/provider.go @@ -6,7 +6,7 @@ import ( "net/http" "strings" - gooidc "github.com/coreos/go-oidc" + gooidc "github.com/coreos/go-oidc/v3/oidc" log "github.com/sirupsen/logrus" "golang.org/x/oauth2" ) diff --git a/util/session/sessionmanager.go b/util/session/sessionmanager.go index 14f4f489278f3..3571e2b39e114 100644 --- a/util/session/sessionmanager.go +++ b/util/session/sessionmanager.go @@ -12,7 +12,7 @@ import ( "strings" "time" - oidc "github.com/coreos/go-oidc" + "github.com/coreos/go-oidc/v3/oidc" "github.com/golang-jwt/jwt/v4" "github.com/google/uuid" log "github.com/sirupsen/logrus" @@ -419,7 +419,7 @@ func (mgr *SessionManager) VerifyUsernamePassword(username string, password stri // introduces random delay to protect from timing-based user enumeration attack delayNanoseconds := verificationDelayNoiseMin.Nanoseconds() + int64(rand.Intn(int(verificationDelayNoiseMax.Nanoseconds()-verificationDelayNoiseMin.Nanoseconds()))) - // take into account amount of time spent since the request start + // take into account amount of time spent since the request start delayNanoseconds = delayNanoseconds - time.Since(start).Nanoseconds() if delayNanoseconds > 0 { mgr.sleep(time.Duration(delayNanoseconds)) @@ -497,7 +497,8 @@ func (mgr *SessionManager) VerifyToken(tokenString string) (jwt.Claims, string, // return a dummy claims only containing a value for the issuer, so the // UI can handle expired tokens appropriately. if err != nil { - if strings.HasPrefix(err.Error(), "oidc: token is expired") { + tokenExpiredError := &oidc.TokenExpiredError{} + if errors.As(err, &tokenExpiredError) { claims = jwt.RegisteredClaims{ Issuer: "sso", } From aca01026a74b96b9e3f37168b069e4e0101e7ab5 Mon Sep 17 00:00:00 2001 From: Justin Marquis <34fathombelow@protonmail.com> Date: Mon, 19 Dec 2022 17:44:41 -0800 Subject: [PATCH 208/304] fix: sign container images by digest (#11151) * chore: sign container images by digest Signed-off-by: Justin Marquis <34fathombelow@protonmail.com> * use sha hash Signed-off-by: Justin Marquis <34fathombelow@protonmail.com> Signed-off-by: Justin Marquis <34fathombelow@protonmail.com> Signed-off-by: emirot --- .github/workflows/image.yaml | 8 ++++++-- .github/workflows/release.yaml | 8 ++++++-- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/.github/workflows/image.yaml b/.github/workflows/image.yaml index 332d1c118aab8..5ee3b92499bec 100644 --- a/.github/workflows/image.yaml +++ b/.github/workflows/image.yaml @@ -71,11 +71,15 @@ jobs: - name: Install cosign uses: sigstore/cosign-installer@9becc617647dfa20ae7b1151972e9b3a2c338a2b # v2.8.1 with: - cosign-release: 'v1.13.0' + cosign-release: 'v1.13.1' + + - name: Install crane to get digest of image + uses: imjasonh/setup-crane@e82f1b9a8007d399333baba4d75915558e9fb6a4 - name: Sign Argo CD latest image run: | - cosign sign --key env://COSIGN_PRIVATE_KEY quay.io/argoproj/argocd:latest + echo "IMAGE_DIGEST=$(crane digest quay.io/argoproj/argocd:latest)" >> $GITHUB_ENV + cosign sign --key env://COSIGN_PRIVATE_KEY quay.io/argoproj/argocd@${{ env.IMAGE_DIGEST }} # Displays the public key to share. cosign public-key --key env://COSIGN_PRIVATE_KEY env: diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index d24f9e5c4afef..ee073729bba88 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -217,11 +217,15 @@ jobs: - name: Install cosign uses: sigstore/cosign-installer@9becc617647dfa20ae7b1151972e9b3a2c338a2b # v2.8.1 with: - cosign-release: 'v1.13.0' + cosign-release: 'v1.13.1' + + - name: Install crane to get digest of image + uses: imjasonh/setup-crane@e82f1b9a8007d399333baba4d75915558e9fb6a4 - name: Sign Argo CD container images and assets run: | - cosign sign --key env://COSIGN_PRIVATE_KEY ${IMAGE_NAMESPACE}/argocd:v${TARGET_VERSION} + echo "IMAGE_DIGEST=$(crane digest quay.io/argoproj/argocd:v${TARGET_VERSION})" >> $GITHUB_ENV + cosign sign --key env://COSIGN_PRIVATE_KEY ${IMAGE_NAMESPACE}/argocd@${{ env.IMAGE_DIGEST }} cosign sign-blob --key env://COSIGN_PRIVATE_KEY ./dist/argocd-${TARGET_VERSION}-checksums.txt > ./dist/argocd-${TARGET_VERSION}-checksums.sig # Retrieves the public key to release as an asset cosign public-key --key env://COSIGN_PRIVATE_KEY > ./dist/argocd-cosign.pub From 0bfa7027e135979120db984049f78e17d5b453f3 Mon Sep 17 00:00:00 2001 From: yanyx Date: Tue, 20 Dec 2022 21:37:35 +0800 Subject: [PATCH 209/304] doc: correct kustomize demo path (#11762) Signed-off-by: Yixing Yan Signed-off-by: Yixing Yan Signed-off-by: emirot --- docs/user-guide/kustomize.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/user-guide/kustomize.md b/docs/user-guide/kustomize.md index 67d91f184c25c..c7829821320b6 100644 --- a/docs/user-guide/kustomize.md +++ b/docs/user-guide/kustomize.md @@ -69,7 +69,7 @@ spec: source: repoURL: https://github.com/argoproj/argocd-example-apps.git targetRevision: HEAD - path: guestbook-kustomize + path: kustomize-guestbook kustomize: version: v3.5.4 From 3528311469e3c290baaaf1aba5a4630c3176a8b4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 20 Dec 2022 08:40:33 -0500 Subject: [PATCH 210/304] chore(deps): bump actions/setup-go from 3.4.0 to 3.5.0 (#11697) Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.4.0 to 3.5.0. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/d0a58c1c4d2b25278816e339b944508c875f3613...6edd4406fa81c3da01a34fa6f6343087c207a568) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: emirot --- .github/workflows/ci-build.yaml | 14 +++++++------- .github/workflows/image.yaml | 2 +- .github/workflows/release.yaml | 2 +- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/ci-build.yaml b/.github/workflows/ci-build.yaml index 07a256132ac7f..1eafa5e88e041 100644 --- a/.github/workflows/ci-build.yaml +++ b/.github/workflows/ci-build.yaml @@ -29,7 +29,7 @@ jobs: - name: Checkout code uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 - name: Setup Golang - uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613 # v3.4.0 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 with: go-version: ${{ env.GOLANG_VERSION }} - name: Download all Go modules @@ -47,7 +47,7 @@ jobs: - name: Checkout code uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 - name: Setup Golang - uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613 # v3.4.0 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 with: go-version: ${{ env.GOLANG_VERSION }} - name: Restore go build cache @@ -71,7 +71,7 @@ jobs: - name: Checkout code uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 - name: Setup Golang - uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613 # v3.4.0 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 with: go-version: ${{ env.GOLANG_VERSION }} - name: Run golangci-lint @@ -96,7 +96,7 @@ jobs: - name: Create symlink in GOPATH run: ln -s $(pwd) ~/go/src/github.com/argoproj/argo-cd - name: Setup Golang - uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613 # v3.4.0 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 with: go-version: ${{ env.GOLANG_VERSION }} - name: Install required packages @@ -159,7 +159,7 @@ jobs: - name: Create symlink in GOPATH run: ln -s $(pwd) ~/go/src/github.com/argoproj/argo-cd - name: Setup Golang - uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613 # v3.4.0 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 with: go-version: ${{ env.GOLANG_VERSION }} - name: Install required packages @@ -208,7 +208,7 @@ jobs: - name: Checkout code uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 - name: Setup Golang - uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613 # v3.4.0 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 with: go-version: ${{ env.GOLANG_VERSION }} - name: Create symlink in GOPATH @@ -368,7 +368,7 @@ jobs: - name: Checkout code uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 - name: Setup Golang - uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613 # v3.4.0 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 with: go-version: ${{ env.GOLANG_VERSION }} - name: GH actions workaround - Kill XSP4 process diff --git a/.github/workflows/image.yaml b/.github/workflows/image.yaml index 5ee3b92499bec..897a904cd7763 100644 --- a/.github/workflows/image.yaml +++ b/.github/workflows/image.yaml @@ -29,7 +29,7 @@ jobs: env: GOPATH: /home/runner/work/argo-cd/argo-cd steps: - - uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613 # v3.4.0 + - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 with: go-version: ${{ env.GOLANG_VERSION }} - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index ee073729bba88..bd5be355b7f19 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -147,7 +147,7 @@ jobs: echo "RELEASE_NOTES=${RELEASE_NOTES}" >> $GITHUB_ENV - name: Setup Golang - uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613 # v3.4.0 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 with: go-version: ${{ env.GOLANG_VERSION }} From 6178516a9d0b3d62fa367b597c4a3e99ec023a22 Mon Sep 17 00:00:00 2001 From: Balaji Siva Date: Tue, 20 Dec 2022 05:43:45 -0800 Subject: [PATCH 211/304] chore: add OpsMx to USERS.md (#11765) adding our company name to Argo CD users. Signed-off-by: Balaji Siva Signed-off-by: Balaji Siva Signed-off-by: emirot --- USERS.md | 1 + 1 file changed, 1 insertion(+) diff --git a/USERS.md b/USERS.md index 8ba8600c6a96b..90404a8ceea2c 100644 --- a/USERS.md +++ b/USERS.md @@ -162,6 +162,7 @@ Currently, the following organizations are **officially** using Argo CD: 1. [openLooKeng](https://openlookeng.io) 1. [OpenSaaS Studio](https://opensaas.studio) 1. [Opensurvey](https://www.opensurvey.co.kr/) +1. [OpsMx](https://opsmx.io) 1. [OpsVerse](https://opsverse.io) 1. [Optoro](https://www.optoro.com/) 1. [Orbital Insight](https://orbitalinsight.com/) From 185a49dddc8bf70eb086c2a09d1a995b1be9e66d Mon Sep 17 00:00:00 2001 From: Nicholas Morey Date: Tue, 20 Dec 2022 08:45:55 -0500 Subject: [PATCH 212/304] docs: clarify that all labels must exist (#11693) It's unclear if all or any of the labels need to exist. This clarifies that all of the labels must exist. Signed-off-by: Nicholas Morey Signed-off-by: Nicholas Morey Signed-off-by: emirot --- docs/operator-manual/applicationset/Generators-Pull-Request.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/operator-manual/applicationset/Generators-Pull-Request.md b/docs/operator-manual/applicationset/Generators-Pull-Request.md index d406b529e4d4f..d90eb2d0f4695 100644 --- a/docs/operator-manual/applicationset/Generators-Pull-Request.md +++ b/docs/operator-manual/applicationset/Generators-Pull-Request.md @@ -60,7 +60,7 @@ spec: * `repo`: Required name of the GitHub repository. * `api`: If using GitHub Enterprise, the URL to access it. (Optional) * `tokenRef`: A `Secret` name and key containing the GitHub access token to use for requests. If not specified, will make anonymous requests which have a lower rate limit and can only see public repositories. (Optional) -* `labels`: Labels is used to filter the PRs that you want to target. (Optional) +* `labels`: Filter the PRs to those containing **all** of the labels listed. (Optional) * `appSecretName`: A `Secret` name containing a GitHub App secret in [repo-creds format][repo-creds]. [repo-creds]: ../declarative-setup.md#repository-credentials From e75a118a8c3399f7a37db9ac0f79d46477235e62 Mon Sep 17 00:00:00 2001 From: Leonardo Luz Almeida Date: Tue, 20 Dec 2022 08:48:55 -0500 Subject: [PATCH 213/304] fix: ssa e2e tests failing after updating to kubectl 1.26 (#11753) * fix: ssa e2e test failing after updating to kubectl 1.26 Signed-off-by: Leonardo Luz Almeida * Remove pinned kubectl version Signed-off-by: Leonardo Luz Almeida * Cleaner approach to fix e2e test Signed-off-by: Leonardo Luz Almeida * Fix Signed-off-by: Leonardo Luz Almeida Signed-off-by: Leonardo Luz Almeida Signed-off-by: emirot --- .github/workflows/ci-build.yaml | 8 -------- test/e2e/app_management_ns_test.go | 11 +++++++++++ test/e2e/app_management_test.go | 11 +++++++++++ test/e2e/testdata/data.go | 3 +++ 4 files changed, 25 insertions(+), 8 deletions(-) diff --git a/.github/workflows/ci-build.yaml b/.github/workflows/ci-build.yaml index 1eafa5e88e041..8b5a42c95acb7 100644 --- a/.github/workflows/ci-build.yaml +++ b/.github/workflows/ci-build.yaml @@ -374,14 +374,6 @@ jobs: - name: GH actions workaround - Kill XSP4 process run: | sudo pkill mono || true - # ubuntu-22.04 comes with kubectl, but the version is not pinned. The version as of 2022-12-05 is 1.26.0 which - # breaks the `TestNamespacedResourceDiffing` e2e test. So we'll pin to 1.25 and then fix the underlying issue. - - name: Install kubectl - run: | - rm /usr/local/bin/kubectl - curl -LO https://dl.k8s.io/release/v1.25.4/bin/linux/amd64/kubectl - mv kubectl /usr/local/bin/kubectl - chmod +x /usr/local/bin/kubectl - name: Install K3S env: INSTALL_K3S_VERSION: ${{ matrix.k3s-version }}+k3s1 diff --git a/test/e2e/app_management_ns_test.go b/test/e2e/app_management_ns_test.go index 68000825b09f1..7de62083689f8 100644 --- a/test/e2e/app_management_ns_test.go +++ b/test/e2e/app_management_ns_test.go @@ -764,6 +764,17 @@ func TestNamespacedResourceDiffing(t *testing.T) { }). Given(). When(). + // Now we migrate from client-side apply to server-side apply + // This is necessary, as starting with kubectl 1.26, all previously + // client-side owned fields have ownership migrated to the manager from + // the first ssa. + // More details: https://github.com/kubernetes/kubectl/issues/1337 + PatchApp(`[{ + "op": "add", + "path": "/spec/syncPolicy", + "value": { "syncOptions": ["ServerSideApply=true"] } + }]`). + Sync(). And(func() { output, err := RunWithStdin(testdata.SSARevisionHistoryDeployment, "", "kubectl", "apply", "-n", DeploymentNamespace(), "--server-side=true", "--field-manager=revision-history-manager", "--validate=false", "--force-conflicts", "-f", "-") assert.NoError(t, err) diff --git a/test/e2e/app_management_test.go b/test/e2e/app_management_test.go index 03cd0c109c2ae..338a6ce0bc590 100644 --- a/test/e2e/app_management_test.go +++ b/test/e2e/app_management_test.go @@ -742,6 +742,17 @@ func TestResourceDiffing(t *testing.T) { }). Given(). When(). + // Now we migrate from client-side apply to server-side apply + // This is necessary, as starting with kubectl 1.26, all previously + // client-side owned fields have ownership migrated to the manager from + // the first ssa. + // More details: https://github.com/kubernetes/kubectl/issues/1337 + PatchApp(`[{ + "op": "add", + "path": "/spec/syncPolicy", + "value": { "syncOptions": ["ServerSideApply=true"] } + }]`). + Sync(). And(func() { output, err := RunWithStdin(testdata.SSARevisionHistoryDeployment, "", "kubectl", "apply", "-n", DeploymentNamespace(), "--server-side=true", "--field-manager=revision-history-manager", "--validate=false", "--force-conflicts", "-f", "-") assert.NoError(t, err) diff --git a/test/e2e/testdata/data.go b/test/e2e/testdata/data.go index 84ed0eb2f5648..7d88f6b856e2b 100644 --- a/test/e2e/testdata/data.go +++ b/test/e2e/testdata/data.go @@ -5,4 +5,7 @@ import _ "embed" var ( //go:embed ssa-revision-history/deployment.yaml SSARevisionHistoryDeployment string + + //go:embed guestbook/guestbook-ui-deployment.yaml + GuestbookDeployment string ) From 86c7b081b4f426b80d01a931334506b37f80afd6 Mon Sep 17 00:00:00 2001 From: Phil Wright- Christie Date: Tue, 20 Dec 2022 13:54:27 +0000 Subject: [PATCH 214/304] docs: Update example dockerfile (#11721) The latest tag hasn't been updated in almost a year, and as a result, the ubuntu repositories are out of date and are throwing errors. This updates the example to use a fixed version, which are updated much more frequently. Signed-off-by: Phil Wright- Christie Signed-off-by: Phil Wright- Christie Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: emirot --- docs/operator-manual/custom_tools.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/operator-manual/custom_tools.md b/docs/operator-manual/custom_tools.md index 9f7483db7ea89..8e1d6f963f5b3 100644 --- a/docs/operator-manual/custom_tools.md +++ b/docs/operator-manual/custom_tools.md @@ -51,7 +51,7 @@ following example builds an entirely customized repo-server from a Dockerfile, i dependencies that may be needed for generating manifests. ```Dockerfile -FROM argoproj/argocd:latest +FROM argoproj/argocd:v2.5.4 # Replace tag with the appropriate argo version # Switch to root for the ability to perform install USER root From 903b113970d11774e2dd3817595c906a003dd050 Mon Sep 17 00:00:00 2001 From: Matt Clegg Date: Tue, 20 Dec 2022 19:42:00 +0545 Subject: [PATCH 215/304] docs: correct SSO configuration URL in example configmap (#11720) Signed-off-by: Matt Clegg Signed-off-by: Matt Clegg Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: emirot --- docs/operator-manual/argocd-cm.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/operator-manual/argocd-cm.yaml b/docs/operator-manual/argocd-cm.yaml index 851738380aec8..6618b567beac6 100644 --- a/docs/operator-manual/argocd-cm.yaml +++ b/docs/operator-manual/argocd-cm.yaml @@ -47,7 +47,7 @@ data: help.download.windows-amd64: "path-or-url-to-download" # A dex connector configuration (optional). See SSO configuration documentation: - # https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/sso + # https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/user-management/index.md#sso # https://dexidp.io/docs/connectors/ dex.config: | connectors: @@ -330,4 +330,4 @@ data: resource.links: | - url: https://mycompany.splunk.com?search={{.metadata.namespace}} title: Splunk - if: kind == "Pod" || kind == "Deployment" \ No newline at end of file + if: kind == "Pod" || kind == "Deployment" From 1146c10bf272a5de9a804b3155bc221657332ceb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 20 Dec 2022 14:57:43 +0000 Subject: [PATCH 216/304] chore(deps): bump github.com/itchyny/gojq from 0.12.9 to 0.12.10 (#11677) Bumps [github.com/itchyny/gojq](https://github.com/itchyny/gojq) from 0.12.9 to 0.12.10. - [Release notes](https://github.com/itchyny/gojq/releases) - [Changelog](https://github.com/itchyny/gojq/blob/main/CHANGELOG.md) - [Commits](https://github.com/itchyny/gojq/compare/v0.12.9...v0.12.10) --- updated-dependencies: - dependency-name: github.com/itchyny/gojq dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: emirot --- go.mod | 8 ++++---- go.sum | 15 ++++++++------- 2 files changed, 12 insertions(+), 11 deletions(-) diff --git a/go.mod b/go.mod index 4839121972f6e..276cbd164d8b3 100644 --- a/go.mod +++ b/go.mod @@ -48,7 +48,7 @@ require ( github.com/hashicorp/go-retryablehttp v0.7.0 github.com/imdario/mergo v0.3.13 github.com/improbable-eng/grpc-web v0.0.0-20181111100011-16092bd1d58a - github.com/itchyny/gojq v0.12.9 + github.com/itchyny/gojq v0.12.10 github.com/jeremywohl/flatten v1.0.1 github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 github.com/ktrysmt/go-bitbucket v0.9.55 @@ -182,7 +182,7 @@ require ( github.com/hashicorp/go-version v1.2.1 // indirect github.com/huandu/xstrings v1.3.1 // indirect github.com/inconshreveable/mousetrap v1.0.1 // indirect - github.com/itchyny/timefmt-go v0.1.4 // indirect + github.com/itchyny/timefmt-go v0.1.5 // indirect github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect github.com/jmespath/go-jmespath v0.4.0 // indirect github.com/jonboulle/clockwork v0.2.2 // indirect @@ -192,7 +192,7 @@ require ( github.com/klauspost/compress v1.15.9 // indirect github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect github.com/mailru/easyjson v0.7.7 // indirect - github.com/mattn/go-runewidth v0.0.13 // indirect + github.com/mattn/go-runewidth v0.0.14 // indirect github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect github.com/mitchellh/copystructure v1.0.0 // indirect github.com/mitchellh/go-homedir v1.1.0 // indirect @@ -231,7 +231,7 @@ require ( go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect golang.org/x/exp v0.0.0-20210901193431-a062eea981d2 // indirect golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect - golang.org/x/sys v0.1.0 // indirect + golang.org/x/sys v0.2.0 // indirect golang.org/x/text v0.4.0 // indirect golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect golang.org/x/tools v0.1.12 // indirect diff --git a/go.sum b/go.sum index 2063e6fc9626c..99d4e8c35ba8c 100644 --- a/go.sum +++ b/go.sum @@ -677,10 +677,10 @@ github.com/inconshreveable/mousetrap v1.0.1 h1:U3uMjPSQEBMNp1lFxmllqCPM6P5u/Xq7P github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d/go.mod h1:qj24IKcXYK6Iy9ceXlo3Tc+vtHo9lIhSX5JddghvEPo= github.com/ishidawataru/sctp v0.0.0-20190723014705-7c296d48a2b5/go.mod h1:DM4VvS+hD/kDi1U1QsX2fnZowwBhqD0Dk3bRPKF/Oc8= -github.com/itchyny/gojq v0.12.9 h1:biKpbKwMxVYhCU1d6mR7qMr3f0Hn9F5k5YykCVb3gmM= -github.com/itchyny/gojq v0.12.9/go.mod h1:T4Ip7AETUXeGpD+436m+UEl3m3tokRgajd5pRfsR5oE= -github.com/itchyny/timefmt-go v0.1.4 h1:hFEfWVdwsEi+CY8xY2FtgWHGQaBaC3JeHd+cve0ynVM= -github.com/itchyny/timefmt-go v0.1.4/go.mod h1:nEP7L+2YmAbT2kZ2HfSs1d8Xtw9LY8D2stDBckWakZ8= +github.com/itchyny/gojq v0.12.10 h1:6TcS0VYWS6wgntpF/4tnrzwdCMjiTxRAxIqZWfDsDQU= +github.com/itchyny/gojq v0.12.10/go.mod h1:o3FT8Gkbg/geT4pLI0tF3hvip5F3Y/uskjRz9OYa38g= +github.com/itchyny/timefmt-go v0.1.5 h1:G0INE2la8S6ru/ZI5JecgyzbbJNs5lG1RcBqa7Jm6GE= +github.com/itchyny/timefmt-go v0.1.5/go.mod h1:nEP7L+2YmAbT2kZ2HfSs1d8Xtw9LY8D2stDBckWakZ8= github.com/jaytaylor/html2text v0.0.0-20190408195923-01ec452cbe43/go.mod h1:CVKlgaMiht+LXvHG173ujK6JUhZXKb2u/BQtjPDIvyk= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= @@ -792,8 +792,8 @@ github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzp github.com/mattn/go-runewidth v0.0.7/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= github.com/mattn/go-runewidth v0.0.8/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= -github.com/mattn/go-runewidth v0.0.13 h1:lTGmDsbAYt5DmK6OnoV7EuIF1wEIFAcxld6ypU4OSgU= -github.com/mattn/go-runewidth v0.0.13/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= +github.com/mattn/go-runewidth v0.0.14 h1:+xnbZSEeDbOIg5/mE6JF0w6n9duR1l3/WmbinWVwUuU= +github.com/mattn/go-runewidth v0.0.14/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= github.com/mattn/go-zglob v0.0.4 h1:LQi2iOm0/fGgu80AioIJ/1j9w9Oh+9DZ39J4VAGzHQM= github.com/mattn/go-zglob v0.0.4/go.mod h1:MxxjyoXXnMxfIpxTK2GAkw1w8glPsQILx3N5wrKakiY= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= @@ -1520,8 +1520,9 @@ golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.1.0 h1:kunALQeHf1/185U1i0GOB/fy1IPRDDpuoOOqRReG57U= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.2.0 h1:ljd4t30dBnAvMZaQCevtY0xLLD0A+bRZXbgLMLU1F/A= +golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.1.0 h1:g6Z6vPFA9dYBAF7DWcH6sCcOntplXsDKcliusYijMlw= From 3957ae6ef0bb64daab1cdd60e067b188e0fd359a Mon Sep 17 00:00:00 2001 From: toyamagu <83329336+toyamagu-2021@users.noreply.github.com> Date: Wed, 21 Dec 2022 00:19:47 +0900 Subject: [PATCH 217/304] docs: bump elasticsearch version to 8.5.1 (#11771) Signed-off-by: toyamagu2021@gmail.com Signed-off-by: toyamagu2021@gmail.com Signed-off-by: emirot --- docs/user-guide/multiple_sources.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/user-guide/multiple_sources.md b/docs/user-guide/multiple_sources.md index 145eef19b619d..5aef3825389f7 100644 --- a/docs/user-guide/multiple_sources.md +++ b/docs/user-guide/multiple_sources.md @@ -27,7 +27,7 @@ spec: sources: - chart: elasticsearch repoURL: https://helm.elastic.co - targetRevision: 7.6.0 + targetRevision: 8.5.1 - repoURL: https://github.com/argoproj/argocd-example-apps.git path: guestbook targetRevision: HEAD From 3f7a3911731bed5597802693ceb89c20fb6840fe Mon Sep 17 00:00:00 2001 From: Ishita Sequeira <46771830+ishitasequeira@users.noreply.github.com> Date: Tue, 20 Dec 2022 11:37:39 -0500 Subject: [PATCH 218/304] chore: change logging level to Debug (#11773) Signed-off-by: ishitasequeira Signed-off-by: ishitasequeira Signed-off-by: emirot --- reposerver/repository/repository.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/reposerver/repository/repository.go b/reposerver/repository/repository.go index d420a7bd915c9..19a30f7182cda 100644 --- a/reposerver/repository/repository.go +++ b/reposerver/repository/repository.go @@ -334,7 +334,7 @@ func (s *Service) runRepoOperation( if hasMultipleSources && source.Path == "" && source.Chart == "" { log.WithFields(map[string]interface{}{ "source": source, - }).Warnf("not generating manifests as path and chart fields are empty") + }).Debugf("not generating manifests as path and chart fields are empty") return nil } From f316d887419aef8481f602b4c9f636548b385c0d Mon Sep 17 00:00:00 2001 From: Nicholas Morey Date: Tue, 20 Dec 2022 12:46:13 -0500 Subject: [PATCH 219/304] fix: support for enabling progressive rollouts from `argocd-cmd-params-cm` (#11776) * fix(applicationset): use consistent syntax for env vars Signed-off-by: Nicholas Morey * fix(manifests): add new appset env var from configmap Signed-off-by: Nicholas Morey Signed-off-by: Nicholas Morey Signed-off-by: emirot --- .../commands/applicationset_controller.go | 2 +- docs/operator-manual/applicationset/Progressive-Rollouts.md | 2 +- .../argocd-applicationset-controller-deployment.yaml | 6 ++++++ manifests/core-install.yaml | 6 ++++++ manifests/ha/install.yaml | 6 ++++++ manifests/ha/namespace-install.yaml | 6 ++++++ manifests/install.yaml | 6 ++++++ manifests/namespace-install.yaml | 6 ++++++ 8 files changed, 38 insertions(+), 2 deletions(-) diff --git a/cmd/argocd-applicationset-controller/commands/applicationset_controller.go b/cmd/argocd-applicationset-controller/commands/applicationset_controller.go index 1e7656f8cb66a..fa64a0f680940 100644 --- a/cmd/argocd-applicationset-controller/commands/applicationset_controller.go +++ b/cmd/argocd-applicationset-controller/commands/applicationset_controller.go @@ -207,7 +207,7 @@ func NewCommand() *cobra.Command { command.Flags().StringVar(&cmdutil.LogFormat, "logformat", env.StringFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_LOGFORMAT", "text"), "Set the logging format. One of: text|json") command.Flags().StringVar(&cmdutil.LogLevel, "loglevel", env.StringFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_LOGLEVEL", "info"), "Set the logging level. One of: debug|info|warn|error") command.Flags().BoolVar(&dryRun, "dry-run", env.ParseBoolFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_DRY_RUN", false), "Enable dry run mode") - command.Flags().BoolVar(&enableProgressiveRollouts, "enable-progressive-rollouts", env.ParseBoolFromEnv("ARGOCD_APPLICATIONSET_ENABLE_PROGRESSIVE_ROLLOUTS", false), "Enable use of the experimental progressive rollouts feature.") + command.Flags().BoolVar(&enableProgressiveRollouts, "enable-progressive-rollouts", env.ParseBoolFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_PROGRESSIVE_ROLLOUTS", false), "Enable use of the experimental progressive rollouts feature.") return &command } diff --git a/docs/operator-manual/applicationset/Progressive-Rollouts.md b/docs/operator-manual/applicationset/Progressive-Rollouts.md index c993dd8d44b3d..b5dec082536f7 100644 --- a/docs/operator-manual/applicationset/Progressive-Rollouts.md +++ b/docs/operator-manual/applicationset/Progressive-Rollouts.md @@ -13,7 +13,7 @@ The Progressive Rollouts feature set is intended to be light and flexible. The f ## Enabling Progressive Rollouts As an experimental feature, progressive rollouts must be explicitly enabled, in one of these ways. 1. Pass `--enable-progressive-rollouts` to the ApplicationSet controller args. -1. Set `ARGOCD_APPLICATIONSET_ENABLE_PROGRESSIVE_ROLLOUTS=true` in the ApplicationSet controller environment variables. +1. Set `ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_PROGRESSIVE_ROLLOUTS=true` in the ApplicationSet controller environment variables. 1. Set `applicationsetcontroller.enable.progressive.rollouts: true` in the ArgoCD ConfigMap. ## Strategies diff --git a/manifests/base/applicationset-controller/argocd-applicationset-controller-deployment.yaml b/manifests/base/applicationset-controller/argocd-applicationset-controller-deployment.yaml index 8d4c19a1b0f38..da67ac8433e84 100644 --- a/manifests/base/applicationset-controller/argocd-applicationset-controller-deployment.yaml +++ b/manifests/base/applicationset-controller/argocd-applicationset-controller-deployment.yaml @@ -86,6 +86,12 @@ spec: key: applicationsetcontroller.enable.git.submodule name: argocd-cmd-params-cm optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_PROGRESSIVE_ROLLOUTS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.progressive.rollouts + name: argocd-cmd-params-cm + optional: true volumeMounts: - mountPath: /app/config/ssh name: ssh-known-hosts diff --git a/manifests/core-install.yaml b/manifests/core-install.yaml index f5ab604dc9530..74c37b90ae0a2 100644 --- a/manifests/core-install.yaml +++ b/manifests/core-install.yaml @@ -15551,6 +15551,12 @@ spec: key: applicationsetcontroller.enable.git.submodule name: argocd-cmd-params-cm optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_PROGRESSIVE_ROLLOUTS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.progressive.rollouts + name: argocd-cmd-params-cm + optional: true image: quay.io/argoproj/argocd:latest imagePullPolicy: Always name: argocd-applicationset-controller diff --git a/manifests/ha/install.yaml b/manifests/ha/install.yaml index c440acc0d4b77..27334063578f1 100644 --- a/manifests/ha/install.yaml +++ b/manifests/ha/install.yaml @@ -16793,6 +16793,12 @@ spec: key: applicationsetcontroller.enable.git.submodule name: argocd-cmd-params-cm optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_PROGRESSIVE_ROLLOUTS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.progressive.rollouts + name: argocd-cmd-params-cm + optional: true image: quay.io/argoproj/argocd:latest imagePullPolicy: Always name: argocd-applicationset-controller diff --git a/manifests/ha/namespace-install.yaml b/manifests/ha/namespace-install.yaml index d3613c05d2244..cd8bf27b1c708 100644 --- a/manifests/ha/namespace-install.yaml +++ b/manifests/ha/namespace-install.yaml @@ -1597,6 +1597,12 @@ spec: key: applicationsetcontroller.enable.git.submodule name: argocd-cmd-params-cm optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_PROGRESSIVE_ROLLOUTS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.progressive.rollouts + name: argocd-cmd-params-cm + optional: true image: quay.io/argoproj/argocd:latest imagePullPolicy: Always name: argocd-applicationset-controller diff --git a/manifests/install.yaml b/manifests/install.yaml index acd47cd20cf4a..4cfb331054e70 100644 --- a/manifests/install.yaml +++ b/manifests/install.yaml @@ -15871,6 +15871,12 @@ spec: key: applicationsetcontroller.enable.git.submodule name: argocd-cmd-params-cm optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_PROGRESSIVE_ROLLOUTS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.progressive.rollouts + name: argocd-cmd-params-cm + optional: true image: quay.io/argoproj/argocd:latest imagePullPolicy: Always name: argocd-applicationset-controller diff --git a/manifests/namespace-install.yaml b/manifests/namespace-install.yaml index 3fdce41b9e2bf..40d660d469be1 100644 --- a/manifests/namespace-install.yaml +++ b/manifests/namespace-install.yaml @@ -675,6 +675,12 @@ spec: key: applicationsetcontroller.enable.git.submodule name: argocd-cmd-params-cm optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_PROGRESSIVE_ROLLOUTS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.progressive.rollouts + name: argocd-cmd-params-cm + optional: true image: quay.io/argoproj/argocd:latest imagePullPolicy: Always name: argocd-applicationset-controller From 69708694b371f407a5999b6f697f93f6ec04c394 Mon Sep 17 00:00:00 2001 From: toyamagu <83329336+toyamagu-2021@users.noreply.github.com> Date: Wed, 21 Dec 2022 02:50:07 +0900 Subject: [PATCH 220/304] fix: sources.ref allow hyphen and underscore (#11775) Signed-off-by: toyamagu2021@gmail.com Signed-off-by: toyamagu2021@gmail.com Signed-off-by: emirot --- util/argo/argo.go | 4 ++-- util/argo/argo_test.go | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/util/argo/argo.go b/util/argo/argo.go index b8535e20ec6c0..1dda11f167019 100644 --- a/util/argo/argo.go +++ b/util/argo/argo.go @@ -348,9 +348,9 @@ func GetRefSources(ctx context.Context, spec argoappv1.ApplicationSpec, db db.Ar refKeys := make(map[string]bool) for _, source := range spec.Sources { if source.Ref != "" { - isValidRefKey := regexp.MustCompile(`^[a-zA-Z0-9]+$`).MatchString + isValidRefKey := regexp.MustCompile(`^[a-zA-Z0-9_-]+$`).MatchString if !isValidRefKey(source.Ref) { - return nil, fmt.Errorf("source.ref %s cannot contain any special characters except '_' and '-'", source.Ref) + return nil, fmt.Errorf("sources.ref %s cannot contain any special characters except '_' and '-'", source.Ref) } refKey := "$" + source.Ref if _, ok := refKeys[refKey]; ok { diff --git a/util/argo/argo_test.go b/util/argo/argo_test.go index d44aa7f6134b7..1e883f5e0b8c4 100644 --- a/util/argo/argo_test.go +++ b/util/argo/argo_test.go @@ -1043,14 +1043,14 @@ func Test_GetRefSources(t *testing.T) { repoDB.On("GetRepository", context.Background(), repo.Repo).Return(repo, nil) argoSpec := getMultiSourceAppSpec(argoappv1.ApplicationSources{ - {RepoURL: fmt.Sprintf("file://%s", repoPath), Ref: "source1"}, + {RepoURL: fmt.Sprintf("file://%s", repoPath), Ref: "source-1_2"}, {RepoURL: fmt.Sprintf("file://%s", repoPath)}, }) refSources, err := GetRefSources(context.TODO(), *argoSpec, repoDB) expectedRefSource := argoappv1.RefTargetRevisionMapping{ - "$source1": &argoappv1.RefTarget{ + "$source-1_2": &argoappv1.RefTarget{ Repo: *repo, }, } From e712ab0346257adee7c76e94db344604162390ec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ga=C3=ABl=20Jourdan-Weil?= Date: Tue, 20 Dec 2022 18:51:41 +0100 Subject: [PATCH 221/304] docs: clarify project destination possibilities (#11706) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Clarify that it's possible to reference clusters by `cluster` or by `name`. Signed-off-by: Gaël Jourdan-Weil Signed-off-by: Gaël Jourdan-Weil Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: emirot --- docs/operator-manual/project.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/operator-manual/project.yaml b/docs/operator-manual/project.yaml index 60e26466c5d12..20dcfa87ab29c 100644 --- a/docs/operator-manual/project.yaml +++ b/docs/operator-manual/project.yaml @@ -15,9 +15,11 @@ spec: - '*' # Only permit applications to deploy to the guestbook namespace in the same cluster + # Destination clusters can be identified by 'server', 'name', or both. destinations: - namespace: guestbook server: https://kubernetes.default.svc + name: in-cluster # Deny all cluster-scoped resources from being created, except for Namespace clusterResourceWhitelist: From 58ea7046a54a034bf07615d5199861fb3572dac2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 20 Dec 2022 18:17:09 +0000 Subject: [PATCH 222/304] chore(deps): bump github.com/fsnotify/fsnotify from 1.5.1 to 1.6.0 (#11553) Bumps [github.com/fsnotify/fsnotify](https://github.com/fsnotify/fsnotify) from 1.5.1 to 1.6.0. - [Release notes](https://github.com/fsnotify/fsnotify/releases) - [Changelog](https://github.com/fsnotify/fsnotify/blob/main/CHANGELOG.md) - [Commits](https://github.com/fsnotify/fsnotify/compare/v1.5.1...v1.6.0) --- updated-dependencies: - dependency-name: github.com/fsnotify/fsnotify dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: emirot --- go.mod | 2 +- go.sum | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 276cbd164d8b3..dffbebe76c608 100644 --- a/go.mod +++ b/go.mod @@ -18,7 +18,7 @@ require ( github.com/chai2010/gettext-go v0.0.0-20170215093142-bf70f2a70fb1 // indirect github.com/dustin/go-humanize v1.0.0 github.com/evanphx/json-patch v5.6.0+incompatible - github.com/fsnotify/fsnotify v1.5.1 + github.com/fsnotify/fsnotify v1.6.0 github.com/ghodss/yaml v1.0.0 github.com/go-git/go-git/v5 v5.4.2 github.com/go-logr/logr v1.2.3 diff --git a/go.sum b/go.sum index 99d4e8c35ba8c..dd165c83145ea 100644 --- a/go.sum +++ b/go.sum @@ -343,8 +343,8 @@ github.com/franela/goreq v0.0.0-20171204163338-bcd34c9993f8/go.mod h1:ZhphrRTfi2 github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= -github.com/fsnotify/fsnotify v1.5.1 h1:mZcQUHVQUQWoPXXtuf9yuEXKudkV2sx1E06UadKWpgI= -github.com/fsnotify/fsnotify v1.5.1/go.mod h1:T3375wBYaZdLLcVNkcVbzGHY7f1l/uK5T5Ai1i3InKU= +github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY= +github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw= github.com/fvbommel/sortorder v1.0.1 h1:dSnXLt4mJYH25uDDGa3biZNQsozaUWDSWeKJ0qqFfzE= github.com/fvbommel/sortorder v1.0.1/go.mod h1:uk88iVf1ovNn1iLfgUVU2F9o5eO30ui720w+kxuqRs0= github.com/gdamore/encoding v1.0.0/go.mod h1:alR0ol34c49FCSBLjhosxzcPHQbf2trDkoo5dl+VrEg= @@ -1520,6 +1520,7 @@ golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.2.0 h1:ljd4t30dBnAvMZaQCevtY0xLLD0A+bRZXbgLMLU1F/A= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= From 4416e38bc61b57e9d8714c673f46e7fe7755b7e5 Mon Sep 17 00:00:00 2001 From: Justin Marquis <34fathombelow@protonmail.com> Date: Tue, 20 Dec 2022 14:21:45 -0800 Subject: [PATCH 223/304] chore: get image digest in seperate step (#11778) * chore: get image digest in seperate step Signed-off-by: Justin Marquis <34fathombelow@protonmail.com> * Retrigger CI pipeline Signed-off-by: Justin Marquis <34fathombelow@protonmail.com> Signed-off-by: Justin Marquis <34fathombelow@protonmail.com> Signed-off-by: emirot --- .github/workflows/image.yaml | 5 ++++- .github/workflows/release.yaml | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/.github/workflows/image.yaml b/.github/workflows/image.yaml index 897a904cd7763..08697a1bcb003 100644 --- a/.github/workflows/image.yaml +++ b/.github/workflows/image.yaml @@ -76,9 +76,12 @@ jobs: - name: Install crane to get digest of image uses: imjasonh/setup-crane@e82f1b9a8007d399333baba4d75915558e9fb6a4 - - name: Sign Argo CD latest image + - name: Get digest of image run: | echo "IMAGE_DIGEST=$(crane digest quay.io/argoproj/argocd:latest)" >> $GITHUB_ENV + + - name: Sign Argo CD latest image + run: | cosign sign --key env://COSIGN_PRIVATE_KEY quay.io/argoproj/argocd@${{ env.IMAGE_DIGEST }} # Displays the public key to share. cosign public-key --key env://COSIGN_PRIVATE_KEY diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index bd5be355b7f19..564eb0f044e76 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -222,9 +222,12 @@ jobs: - name: Install crane to get digest of image uses: imjasonh/setup-crane@e82f1b9a8007d399333baba4d75915558e9fb6a4 + - name: Get digest of image + run: | + echo "IMAGE_DIGEST=$(crane digest quay.io/argoproj/argocd:v${TARGET_VERSION})" >> $GITHUB_ENV + - name: Sign Argo CD container images and assets run: | - echo "IMAGE_DIGEST=$(crane digest quay.io/argoproj/argocd:v${TARGET_VERSION})" >> $GITHUB_ENV cosign sign --key env://COSIGN_PRIVATE_KEY ${IMAGE_NAMESPACE}/argocd@${{ env.IMAGE_DIGEST }} cosign sign-blob --key env://COSIGN_PRIVATE_KEY ./dist/argocd-${TARGET_VERSION}-checksums.txt > ./dist/argocd-${TARGET_VERSION}-checksums.sig # Retrieves the public key to release as an asset From c825a38ad5ac6b073b945c72c6457ffc70cb5768 Mon Sep 17 00:00:00 2001 From: Justin Marquis <34fathombelow@protonmail.com> Date: Wed, 21 Dec 2022 05:13:27 -0800 Subject: [PATCH 224/304] chore: fix lint error (#11788) Signed-off-by: Justin Marquis <34fathombelow@protonmail.com> Signed-off-by: Justin Marquis <34fathombelow@protonmail.com> Signed-off-by: emirot --- .github/workflows/release.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 564eb0f044e76..8382ee131eed3 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -12,7 +12,7 @@ on: - "!release-v0*" env: - GOLANG_VERSION: '1.18' + GOLANG_VERSION: '1.18' permissions: contents: read @@ -222,8 +222,8 @@ jobs: - name: Install crane to get digest of image uses: imjasonh/setup-crane@e82f1b9a8007d399333baba4d75915558e9fb6a4 - - name: Get digest of image - run: | + - name: Get digest of image + run: | echo "IMAGE_DIGEST=$(crane digest quay.io/argoproj/argocd:v${TARGET_VERSION})" >> $GITHUB_ENV - name: Sign Argo CD container images and assets @@ -271,7 +271,7 @@ jobs: SIGS_BOM_VERSION: v0.2.1 # comma delimited list of project relative folders to inspect for package # managers (gomod, yarn, npm). - PROJECT_FOLDERS: ".,./ui" + PROJECT_FOLDERS: ".,./ui" # full qualified name of the docker image to be inspected DOCKER_IMAGE: ${{env.IMAGE_NAMESPACE}}/argocd:v${{env.TARGET_VERSION}} run: | From 8e4b6a976669c61076178074d6fc55a20c36bf1f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 21 Dec 2022 08:42:42 -0500 Subject: [PATCH 225/304] chore(deps): bump golang.org/x/term from 0.1.0 to 0.3.0 (#11792) Bumps [golang.org/x/term](https://github.com/golang/term) from 0.1.0 to 0.3.0. - [Release notes](https://github.com/golang/term/releases) - [Commits](https://github.com/golang/term/compare/v0.1.0...v0.3.0) --- updated-dependencies: - dependency-name: golang.org/x/term dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: emirot --- go.mod | 4 ++-- go.sum | 7 ++++--- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/go.mod b/go.mod index dffbebe76c608..f7a1894716267 100644 --- a/go.mod +++ b/go.mod @@ -75,7 +75,7 @@ require ( golang.org/x/net v0.1.0 // indirect golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 - golang.org/x/term v0.1.0 + golang.org/x/term v0.3.0 google.golang.org/genproto v0.0.0-20220616135557-88e70c0c3a90 google.golang.org/grpc v1.51.0 google.golang.org/protobuf v1.28.1 @@ -231,7 +231,7 @@ require ( go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect golang.org/x/exp v0.0.0-20210901193431-a062eea981d2 // indirect golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect - golang.org/x/sys v0.2.0 // indirect + golang.org/x/sys v0.3.0 // indirect golang.org/x/text v0.4.0 // indirect golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect golang.org/x/tools v0.1.12 // indirect diff --git a/go.sum b/go.sum index dd165c83145ea..b90deaaa9d534 100644 --- a/go.sum +++ b/go.sum @@ -1522,12 +1522,13 @@ golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.2.0 h1:ljd4t30dBnAvMZaQCevtY0xLLD0A+bRZXbgLMLU1F/A= -golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.3.0 h1:w8ZOecv6NaNa/zC8944JTU3vz4u6Lagfk4RPQxv92NQ= +golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.1.0 h1:g6Z6vPFA9dYBAF7DWcH6sCcOntplXsDKcliusYijMlw= golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.3.0 h1:qoo4akIqOcDME5bhc/NgxUdovd6BSS2uMsVjB56q1xI= +golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= From 4a8811be69234a00431f8f2cad44ab2248f66ba1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 21 Dec 2022 08:44:14 -0500 Subject: [PATCH 226/304] chore(deps): bump github.com/aws/aws-sdk-go from 1.44.156 to 1.44.164 (#11791) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.156 to 1.44.164. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.156...v1.44.164) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: emirot --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index f7a1894716267..eca27228cfeb8 100644 --- a/go.mod +++ b/go.mod @@ -11,7 +11,7 @@ require ( github.com/argoproj/gitops-engine v0.7.1-0.20221108210551-e284fd71cb96 github.com/argoproj/notifications-engine v0.3.1-0.20221203221941-490d98afd1d6 github.com/argoproj/pkg v0.13.7-0.20221115212233-27bd8ce31415 - github.com/aws/aws-sdk-go v1.44.156 + github.com/aws/aws-sdk-go v1.44.164 github.com/bombsimon/logrusr/v2 v2.0.1 github.com/bradleyfalzon/ghinstallation/v2 v2.1.0 github.com/casbin/casbin/v2 v2.60.0 diff --git a/go.sum b/go.sum index b90deaaa9d534..9f46b062bde1d 100644 --- a/go.sum +++ b/go.sum @@ -170,8 +170,8 @@ github.com/aws/aws-sdk-go v1.27.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN github.com/aws/aws-sdk-go v1.35.24/go.mod h1:tlPOdRjfxPBpNIwqDj61rmsnA85v9jc0Ps9+muhnW+k= github.com/aws/aws-sdk-go v1.38.49/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= github.com/aws/aws-sdk-go v1.44.129/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo= -github.com/aws/aws-sdk-go v1.44.156 h1:3RhbBTZ87HoI5OP2JjcKdd5qOnyo9YOAW8+Bb/h0vSE= -github.com/aws/aws-sdk-go v1.44.156/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= +github.com/aws/aws-sdk-go v1.44.164 h1:qDj0RutF2Ut0HZYyUJxFdReLxpYrjupsu2JmDIgCvX8= +github.com/aws/aws-sdk-go v1.44.164/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g= github.com/beevik/ntp v0.2.0/go.mod h1:hIHWr+l3+/clUnF44zdK+CWW7fO8dR5cIylAQ76NRpg= github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM= From 7c61c321bb47f1e75677f6829eb31c67f2facc4b Mon Sep 17 00:00:00 2001 From: Ishita Sequeira <46771830+ishitasequeira@users.noreply.github.com> Date: Wed, 21 Dec 2022 08:44:52 -0500 Subject: [PATCH 227/304] fix: set Path as empty if path is not specified for a source in multiple sources (#11756) (#11774) * set Path as '' if path is not specified for a source in multiple sources Signed-off-by: ishitasequeira * update check for not setting value of path Signed-off-by: ishitasequeira * cleanup Signed-off-by: ishitasequeira * address comments Signed-off-by: ishitasequeira * fix lint Signed-off-by: ishitasequeira * fix lint Signed-off-by: ishitasequeira * Update ui/src/app/shared/components/revision.tsx Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: Ishita Sequeira <46771830+ishitasequeira@users.noreply.github.com> Signed-off-by: ishitasequeira Signed-off-by: Ishita Sequeira <46771830+ishitasequeira@users.noreply.github.com> Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: emirot --- .../components/application-summary/application-summary.tsx | 4 ++-- ui/src/app/shared/components/revision.tsx | 6 +++++- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/ui/src/app/applications/components/application-summary/application-summary.tsx b/ui/src/app/applications/components/application-summary/application-summary.tsx index 9ba867183bdb8..9e75c3bb4e78a 100644 --- a/ui/src/app/applications/components/application-summary/application-summary.tsx +++ b/ui/src/app/applications/components/application-summary/application-summary.tsx @@ -222,8 +222,8 @@ export const ApplicationSummary = (props: ApplicationSummaryProps) => { { title: 'PATH', view: ( - - {source.path} + + {source.path ?? ''} ), edit: (formApi: FormApi) => diff --git a/ui/src/app/shared/components/revision.tsx b/ui/src/app/shared/components/revision.tsx index a29fb63467a77..fe9c2046e2c04 100644 --- a/ui/src/app/shared/components/revision.tsx +++ b/ui/src/app/shared/components/revision.tsx @@ -1,7 +1,11 @@ import * as React from 'react'; import {revisionUrl} from './urls'; -export const Revision = ({repoUrl, revision, path, children}: {repoUrl: string; revision: string; path?: string; children?: React.ReactNode}) => { +export const Revision = ({repoUrl, revision, path, isForPath, children}: {repoUrl: string; revision: string; path?: string; isForPath?: boolean; children?: React.ReactNode}) => { + if (isForPath && !path) { + // This source literally has no path, so we won't show one. + return ; + } revision = revision || ''; const hasPath = path && path !== '.'; let url = revisionUrl(repoUrl, revision, hasPath); From 656591049c5ba8d6736c2e3f223a38df753b36fd Mon Sep 17 00:00:00 2001 From: Chris Reilly Date: Wed, 21 Dec 2022 05:52:10 -0800 Subject: [PATCH 228/304] docs: Update bullet formatting on Progressive Rollouts.md (#11777) The bullet list in the example format was rendering inline in the paragraph on the doc site rather than showing a bulleted list. This also makes the rest of the doc follow the same convention. Signed-off-by: Chris Reilly Signed-off-by: Chris Reilly Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: emirot --- docs/operator-manual/applicationset/Progressive-Rollouts.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/operator-manual/applicationset/Progressive-Rollouts.md b/docs/operator-manual/applicationset/Progressive-Rollouts.md index b5dec082536f7..aa7d01702102f 100644 --- a/docs/operator-manual/applicationset/Progressive-Rollouts.md +++ b/docs/operator-manual/applicationset/Progressive-Rollouts.md @@ -12,6 +12,7 @@ The Progressive Rollouts feature set is intended to be light and flexible. The f ## Enabling Progressive Rollouts As an experimental feature, progressive rollouts must be explicitly enabled, in one of these ways. + 1. Pass `--enable-progressive-rollouts` to the ApplicationSet controller args. 1. Set `ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_PROGRESSIVE_ROLLOUTS=true` in the ApplicationSet controller environment variables. 1. Set `applicationsetcontroller.enable.progressive.rollouts: true` in the ArgoCD ConfigMap. @@ -46,6 +47,7 @@ When the ApplicationSet changes, the changes will be applied to each group of Ap The following example illustrates how to stage a progressive rollout over Applications with explicitly configured environment labels. Once a change is pushed, the following will happen in order. + * All `env-dev` Applications will be updated simultaneously. * The rollout will wait for all `env-qa` Applications to be manually synced via the `argocd` CLI or by clicking the Sync button in the UI. * 10% of all `env-prod` Applications will be updated at a time until all `env-prod` Applications have been updated. From 47800c0ce0e9120cf5844b34ce332daa08594964 Mon Sep 17 00:00:00 2001 From: Ishita Sequeira <46771830+ishitasequeira@users.noreply.github.com> Date: Wed, 21 Dec 2022 12:37:24 -0500 Subject: [PATCH 229/304] fix: disable rollback button for apps with multiple sources (#11785) * disble rollback button for apps with multiple sources Signed-off-by: ishitasequeira * fix lint errors Signed-off-by: ishitasequeira * disble rollback button for apps with multiple sources Signed-off-by: ishitasequeira Signed-off-by: ishitasequeira Signed-off-by: emirot --- .../application-details.tsx | 20 ++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/ui/src/app/applications/components/application-details/application-details.tsx b/ui/src/app/applications/components/application-details/application-details.tsx index b6c0d9d13ade7..2865390001424 100644 --- a/ui/src/app/applications/components/application-details/application-details.tsx +++ b/ui/src/app/applications/components/application-details/application-details.tsx @@ -1,4 +1,4 @@ -import {DropDownMenu, NotificationType, SlidingPanel} from 'argo-ui'; +import {DropDownMenu, NotificationType, SlidingPanel, Tooltip} from 'argo-ui'; import * as classNames from 'classnames'; import * as PropTypes from 'prop-types'; import * as React from 'react'; @@ -24,7 +24,7 @@ import {ResourceDetails} from '../resource-details/resource-details'; import * as AppUtils from '../utils'; import {ApplicationResourceList} from './application-resource-list'; import {Filters, FiltersProps} from './application-resource-filter'; -import {getAppDefaultSource, urlPattern} from '../utils'; +import {getAppDefaultSource, urlPattern, helpTip} from '../utils'; import {ResourceStatus} from '../../../shared/models'; import {ApplicationsDetailsAppDropdown} from './application-details-app-dropdown'; import {useSidebarTarget} from '../../../sidebar/sidebar'; @@ -613,6 +613,7 @@ export class ApplicationDetails extends React.Component {prop.actionLabel}; + const hasMultipleSources = app.spec.sources && app.spec.sources.length > 0; return [ { iconClassName: 'fa fa-info-circle', @@ -638,9 +639,18 @@ export class ApplicationDetails extends React.Component, - action: () => this.setRollbackPanelVisible(0), - disabled: !app.status.operationState + title: hasMultipleSources ? ( + + + {helpTip('Rollback is not supported for apps with multiple sources')} + + ) : ( + + ), + action: () => { + this.setRollbackPanelVisible(0); + }, + disabled: !app.status.operationState || hasMultipleSources }, { iconClassName: 'fa fa-times-circle', From 8b89f40d10f34193c6dad94a7bed1616e4fc9044 Mon Sep 17 00:00:00 2001 From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Date: Wed, 21 Dec 2022 14:35:03 -0500 Subject: [PATCH 230/304] ci: enforce semantic PR title (#11779) * ci: enforce semantic PR title Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * concurrency limit Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * remove scopes Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: emirot --- .github/workflows/pr-title-check.yml | 38 ++++++++++++++++++++++++++++ .github/workflows/update-snyk.yaml | 2 +- 2 files changed, 39 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/pr-title-check.yml diff --git a/.github/workflows/pr-title-check.yml b/.github/workflows/pr-title-check.yml new file mode 100644 index 0000000000000..f1e80e237ce44 --- /dev/null +++ b/.github/workflows/pr-title-check.yml @@ -0,0 +1,38 @@ +name: "Lint PR" + +on: + pull_request_target: + types: + - opened + - edited + - synchronize + +permissions: + contents: read + +# PR updates can happen in quick succession leading to this +# workflow being trigger a number of times. This limits it +# to one run per PR. +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + +jobs: + main: + permissions: + pull-requests: read # for amannn/action-semantic-pull-request to analyze PRs + statuses: write # for amannn/action-semantic-pull-request to mark status of analyzed PR + name: Validate PR title + runs-on: ubuntu-latest + steps: + - uses: amannn/action-semantic-pull-request@01d5fd8a8ebb9aafe902c40c53f0f4744f7381eb # v5.0.2 + with: + types: | + feat + fix + docs + test + ci + chore + [Bot] docs + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/update-snyk.yaml b/.github/workflows/update-snyk.yaml index 02c83f6fab78a..3dd74e86f8404 100644 --- a/.github/workflows/update-snyk.yaml +++ b/.github/workflows/update-snyk.yaml @@ -31,6 +31,6 @@ jobs: git config --global user.email 'ci@argoproj.com' git config --global user.name 'CI' git add docs/snyk - git commit -m "[Bot] Update Snyk reports" --signoff + git commit -m "[Bot] docs: Update Snyk reports" --signoff git push --set-upstream origin "$pr_branch" gh pr create -B master -H "$pr_branch" --title '[Bot] docs: Update Snyk report' --body '' From 934c1d2828c4f99d73cace4435c13d3ed7cb4608 Mon Sep 17 00:00:00 2001 From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Date: Thu, 22 Dec 2022 13:28:53 -0500 Subject: [PATCH 231/304] fix: web terminal outside argocd namespace (#11166) (#11400) * fix: web terminal outside argocd namespace (#11166) Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * reorganize Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * fix reference Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * move things around, fix stuff maybe Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * tests Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: emirot --- .../v1alpha1/applicationset_types.go | 5 ++ pkg/apis/application/v1alpha1/types.go | 7 +-- server/application/application.go | 11 ++-- server/application/terminal.go | 28 +++++++-- server/application/terminal_test.go | 23 +++++-- server/applicationset/applicationset.go | 15 +++-- server/server.go | 2 +- .../pod-terminal-viewer.tsx | 13 +++- .../resource-details/resource-details.tsx | 1 + util/appset/appset.go | 12 ---- util/rbac/rbac.go | 2 +- util/security/application_namespaces.go | 15 +++++ util/security/application_namespaces_test.go | 62 +++++++++++++++++++ util/security/rbac.go | 14 +++++ util/security/rbac_test.go | 52 ++++++++++++++++ 15 files changed, 215 insertions(+), 47 deletions(-) delete mode 100644 util/appset/appset.go create mode 100644 util/security/application_namespaces.go create mode 100644 util/security/application_namespaces_test.go create mode 100644 util/security/rbac.go create mode 100644 util/security/rbac_test.go diff --git a/pkg/apis/application/v1alpha1/applicationset_types.go b/pkg/apis/application/v1alpha1/applicationset_types.go index a6c7998bc16f7..3ba2e51ede047 100644 --- a/pkg/apis/application/v1alpha1/applicationset_types.go +++ b/pkg/apis/application/v1alpha1/applicationset_types.go @@ -47,6 +47,11 @@ type ApplicationSet struct { Status ApplicationSetStatus `json:"status,omitempty" protobuf:"bytes,3,opt,name=status"` } +// RBACName formats fully qualified application name for RBAC check. +func (a *ApplicationSet) RBACName() string { + return fmt.Sprintf("%s/%s", a.Spec.Template.Spec.GetProject(), a.ObjectMeta.Name) +} + // ApplicationSetSpec represents a class of application set state. type ApplicationSetSpec struct { GoTemplate bool `json:"goTemplate,omitempty" protobuf:"bytes,1,name=goTemplate"` diff --git a/pkg/apis/application/v1alpha1/types.go b/pkg/apis/application/v1alpha1/types.go index 79063da09f920..3aada49a29022 100644 --- a/pkg/apis/application/v1alpha1/types.go +++ b/pkg/apis/application/v1alpha1/types.go @@ -35,6 +35,7 @@ import ( "github.com/argoproj/argo-cd/v2/util/collections" "github.com/argoproj/argo-cd/v2/util/helm" + "github.com/argoproj/argo-cd/v2/util/security" ) // Application is a definition of Application resource. @@ -2695,9 +2696,5 @@ func (a *Application) QualifiedName() string { // RBACName returns the full qualified RBAC resource name for the application // in a backwards-compatible way. func (a *Application) RBACName(defaultNS string) string { - if defaultNS != "" && a.Namespace != defaultNS && a.Namespace != "" { - return fmt.Sprintf("%s/%s/%s", a.Spec.GetProject(), a.Namespace, a.Name) - } else { - return fmt.Sprintf("%s/%s", a.Spec.GetProject(), a.Name) - } + return security.AppRBACName(defaultNS, a.Spec.GetProject(), a.Namespace, a.Name) } diff --git a/server/application/application.go b/server/application/application.go index 5a06315811e52..090ce5f8219b1 100644 --- a/server/application/application.go +++ b/server/application/application.go @@ -54,6 +54,7 @@ import ( "github.com/argoproj/argo-cd/v2/util/lua" "github.com/argoproj/argo-cd/v2/util/manifeststream" "github.com/argoproj/argo-cd/v2/util/rbac" + "github.com/argoproj/argo-cd/v2/util/security" "github.com/argoproj/argo-cd/v2/util/session" "github.com/argoproj/argo-cd/v2/util/settings" ) @@ -210,7 +211,7 @@ func (s *Server) Create(ctx context.Context, q *application.ApplicationCreateReq appNs := s.appNamespaceOrDefault(a.Namespace) if !s.isNamespaceEnabled(appNs) { - return nil, namespaceNotPermittedError(appNs) + return nil, security.NamespaceNotPermittedError(appNs) } created, err := s.appclientset.ArgoprojV1alpha1().Applications(appNs).Create(ctx, a, metav1.CreateOptions{}) @@ -343,7 +344,7 @@ func (s *Server) GetManifests(ctx context.Context, q *application.ApplicationMan } if !s.isNamespaceEnabled(a.Namespace) { - return nil, namespaceNotPermittedError(a.Namespace) + return nil, security.NamespaceNotPermittedError(a.Namespace) } var manifestInfo *apiclient.ManifestResponse @@ -2350,9 +2351,5 @@ func (s *Server) appNamespaceOrDefault(appNs string) string { } func (s *Server) isNamespaceEnabled(namespace string) bool { - return namespace == s.ns || glob.MatchStringInList(s.enabledNamespaces, namespace, false) -} - -func namespaceNotPermittedError(namespace string) error { - return fmt.Errorf("namespace '%s' is not permitted", namespace) + return security.IsNamespaceEnabled(namespace, s.ns, s.enabledNamespaces) } diff --git a/server/application/terminal.go b/server/application/terminal.go index 4644facee8880..b23d718b5d20e 100644 --- a/server/application/terminal.go +++ b/server/application/terminal.go @@ -2,7 +2,6 @@ package application import ( "context" - "fmt" "io" "net/http" @@ -24,6 +23,7 @@ import ( "github.com/argoproj/argo-cd/v2/util/argo" "github.com/argoproj/argo-cd/v2/util/db" "github.com/argoproj/argo-cd/v2/util/rbac" + "github.com/argoproj/argo-cd/v2/util/security" sessionmgr "github.com/argoproj/argo-cd/v2/util/session" ) @@ -35,10 +35,11 @@ type terminalHandler struct { appResourceTreeFn func(ctx context.Context, app *appv1.Application) (*appv1.ApplicationTree, error) allowedShells []string namespace string + enabledNamespaces []string } // NewHandler returns a new terminal handler. -func NewHandler(appLister applisters.ApplicationLister, namespace string, db db.ArgoDB, enf *rbac.Enforcer, cache *servercache.Cache, +func NewHandler(appLister applisters.ApplicationLister, namespace string, enabledNamespaces []string, db db.ArgoDB, enf *rbac.Enforcer, cache *servercache.Cache, appResourceTree AppResourceTreeFn, allowedShells []string) *terminalHandler { return &terminalHandler{ appLister: appLister, @@ -107,6 +108,8 @@ func (s *terminalHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { return } + appNamespace := q.Get("appNamespace") + if !isValidPodName(podName) { http.Error(w, "Pod name is not valid", http.StatusBadRequest) return @@ -127,11 +130,26 @@ func (s *terminalHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { http.Error(w, "Namespace name is not valid", http.StatusBadRequest) return } + if !isValidNamespaceName(appNamespace) { + http.Error(w, "App namespace name is not valid", http.StatusBadRequest) + return + } + + ns := appNamespace + if ns == "" { + ns = s.namespace + } + + if !security.IsNamespaceEnabled(ns, s.namespace, s.enabledNamespaces) { + http.Error(w, security.NamespaceNotPermittedError(ns).Error(), http.StatusForbidden) + return + } + shell := q.Get("shell") // No need to validate. Will only be used if it's in the allow-list. ctx := r.Context() - appRBACName := fmt.Sprintf("%s/%s", project, app) + appRBACName := security.AppRBACName(s.namespace, project, appNamespace, app) if err := s.enf.EnforceErr(ctx.Value("claims"), rbacpolicy.ResourceApplications, rbacpolicy.ActionGet, appRBACName); err != nil { http.Error(w, err.Error(), http.StatusUnauthorized) return @@ -143,9 +161,9 @@ func (s *terminalHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { } fieldLog := log.WithFields(log.Fields{"application": app, "userName": sessionmgr.Username(ctx), "container": container, - "podName": podName, "namespace": namespace, "cluster": project}) + "podName": podName, "namespace": namespace, "project": project, "appNamespace": appNamespace}) - a, err := s.appLister.Applications(s.namespace).Get(app) + a, err := s.appLister.Applications(ns).Get(app) if err != nil { if apierr.IsNotFound(err) { http.Error(w, "App not found", http.StatusNotFound) diff --git a/server/application/terminal_test.go b/server/application/terminal_test.go index 778dec4138453..4e7a2652521bc 100644 --- a/server/application/terminal_test.go +++ b/server/application/terminal_test.go @@ -10,6 +10,7 @@ import ( "github.com/stretchr/testify/assert" appv1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" + "github.com/argoproj/argo-cd/v2/util/security" ) func TestPodExists(t *testing.T) { @@ -195,24 +196,24 @@ func TestTerminalHandler_ServeHTTP_empty_params(t *testing.T) { for _, testValue := range testValues { testValueCopy := testValue - t.Run(testKeyCopy+ " " + testValueCopy, func(t *testing.T) { + t.Run(testKeyCopy+" "+testValueCopy, func(t *testing.T) { t.Parallel() handler := terminalHandler{} params := map[string]string{ - "pod": "valid", + "pod": "valid", "container": "valid", - "app": "valid", - "project": "valid", + "app": "valid", + "project": "valid", "namespace": "valid", } params[testKeyCopy] = testValueCopy var paramsArray []string for key, value := range params { - paramsArray = append(paramsArray, key + "=" + value) + paramsArray = append(paramsArray, key+"="+value) } paramsString := strings.Join(paramsArray, "&") - request := httptest.NewRequest("GET", "https://argocd.example.com/api/v1/terminal?" + paramsString, nil) + request := httptest.NewRequest("GET", "https://argocd.example.com/api/v1/terminal?"+paramsString, nil) recorder := httptest.NewRecorder() handler.ServeHTTP(recorder, request) response := recorder.Result() @@ -221,3 +222,13 @@ func TestTerminalHandler_ServeHTTP_empty_params(t *testing.T) { } } } + +func TestTerminalHandler_ServeHTTP_disallowed_namespace(t *testing.T) { + handler := terminalHandler{namespace: "argocd", enabledNamespaces: []string{"allowed"}} + request := httptest.NewRequest("GET", "https://argocd.example.com/api/v1/terminal?pod=valid&container=valid&appName=valid&projectName=valid&namespace=test&appNamespace=disallowed", nil) + recorder := httptest.NewRecorder() + handler.ServeHTTP(recorder, request) + response := recorder.Result() + assert.Equal(t, http.StatusForbidden, response.StatusCode) + assert.Equal(t, security.NamespaceNotPermittedError("disallowed").Error()+"\n", recorder.Body.String()) +} diff --git a/server/applicationset/applicationset.go b/server/applicationset/applicationset.go index d7844e41b23e2..44ae512d5f1c7 100644 --- a/server/applicationset/applicationset.go +++ b/server/applicationset/applicationset.go @@ -27,7 +27,6 @@ import ( applisters "github.com/argoproj/argo-cd/v2/pkg/client/listers/application/v1alpha1" servercache "github.com/argoproj/argo-cd/v2/server/cache" "github.com/argoproj/argo-cd/v2/server/rbacpolicy" - apputil "github.com/argoproj/argo-cd/v2/util/appset" "github.com/argoproj/argo-cd/v2/util/argo" argoutil "github.com/argoproj/argo-cd/v2/util/argo" "github.com/argoproj/argo-cd/v2/util/db" @@ -89,7 +88,7 @@ func (s *Server) Get(ctx context.Context, q *applicationset.ApplicationSetGetQue if err != nil { return nil, fmt.Errorf("error getting ApplicationSet: %w", err) } - if err = s.enf.EnforceErr(ctx.Value("claims"), rbacpolicy.ResourceApplicationSets, rbacpolicy.ActionGet, apputil.AppSetRBACName(a)); err != nil { + if err = s.enf.EnforceErr(ctx.Value("claims"), rbacpolicy.ResourceApplicationSets, rbacpolicy.ActionGet, a.RBACName()); err != nil { return nil, err } @@ -111,7 +110,7 @@ func (s *Server) List(ctx context.Context, q *applicationset.ApplicationSetListQ newItems := make([]v1alpha1.ApplicationSet, 0) for _, a := range appsetList.Items { - if s.enf.Enforce(ctx.Value("claims"), rbacpolicy.ResourceApplicationSets, rbacpolicy.ActionGet, apputil.AppSetRBACName(&a)) { + if s.enf.Enforce(ctx.Value("claims"), rbacpolicy.ResourceApplicationSets, rbacpolicy.ActionGet, a.RBACName()) { newItems = append(newItems, a) } } @@ -182,7 +181,7 @@ func (s *Server) Create(ctx context.Context, q *applicationset.ApplicationSetCre if !q.Upsert { return nil, status.Errorf(codes.InvalidArgument, "existing ApplicationSet spec is different, use upsert flag to force update") } - if err = s.enf.EnforceErr(ctx.Value("claims"), rbacpolicy.ResourceApplicationSets, rbacpolicy.ActionUpdate, apputil.AppSetRBACName(appset)); err != nil { + if err = s.enf.EnforceErr(ctx.Value("claims"), rbacpolicy.ResourceApplicationSets, rbacpolicy.ActionUpdate, appset.RBACName()); err != nil { return nil, err } updated, err := s.updateAppSet(existing, appset, ctx, true) @@ -210,11 +209,11 @@ func (s *Server) updateAppSet(appset *v1alpha1.ApplicationSet, newAppset *v1alph if appset != nil && appset.Spec.Template.Spec.Project != newAppset.Spec.Template.Spec.Project { // When changing projects, caller must have applicationset create and update privileges in new project // NOTE: the update check was already verified in the caller to this function - if err := s.enf.EnforceErr(ctx.Value("claims"), rbacpolicy.ResourceApplicationSets, rbacpolicy.ActionCreate, apputil.AppSetRBACName(newAppset)); err != nil { + if err := s.enf.EnforceErr(ctx.Value("claims"), rbacpolicy.ResourceApplicationSets, rbacpolicy.ActionCreate, newAppset.RBACName()); err != nil { return nil, err } // They also need 'update' privileges in the old project - if err := s.enf.EnforceErr(ctx.Value("claims"), rbacpolicy.ResourceApplicationSets, rbacpolicy.ActionUpdate, apputil.AppSetRBACName(appset)); err != nil { + if err := s.enf.EnforceErr(ctx.Value("claims"), rbacpolicy.ResourceApplicationSets, rbacpolicy.ActionUpdate, appset.RBACName()); err != nil { return nil, err } } @@ -254,7 +253,7 @@ func (s *Server) Delete(ctx context.Context, q *applicationset.ApplicationSetDel return nil, fmt.Errorf("error getting ApplicationSets: %w", err) } - if err := s.enf.EnforceErr(ctx.Value("claims"), rbacpolicy.ResourceApplicationSets, rbacpolicy.ActionDelete, apputil.AppSetRBACName(appset)); err != nil { + if err := s.enf.EnforceErr(ctx.Value("claims"), rbacpolicy.ResourceApplicationSets, rbacpolicy.ActionDelete, appset.RBACName()); err != nil { return nil, err } @@ -290,7 +289,7 @@ func (s *Server) validateAppSet(ctx context.Context, appset *v1alpha1.Applicatio func (s *Server) checkCreatePermissions(ctx context.Context, appset *v1alpha1.ApplicationSet, projectName string) error { - if err := s.enf.EnforceErr(ctx.Value("claims"), rbacpolicy.ResourceApplicationSets, rbacpolicy.ActionCreate, apputil.AppSetRBACName(appset)); err != nil { + if err := s.enf.EnforceErr(ctx.Value("claims"), rbacpolicy.ResourceApplicationSets, rbacpolicy.ActionCreate, appset.RBACName()); err != nil { return err } diff --git a/server/server.go b/server/server.go index ab5b3a6cff12a..6853754709922 100644 --- a/server/server.go +++ b/server/server.go @@ -906,7 +906,7 @@ func (a *ArgoCDServer) newHTTPServer(ctx context.Context, port int, grpcWebHandl } mux.Handle("/api/", handler) - terminalHandler := application.NewHandler(a.appLister, a.Namespace, a.db, a.enf, a.Cache, appResourceTreeFn, a.settings.ExecShells) + terminalHandler := application.NewHandler(a.appLister, a.Namespace, a.ApplicationNamespaces, a.db, a.enf, a.Cache, appResourceTreeFn, a.settings.ExecShells) mux.HandleFunc("/terminal", func(writer http.ResponseWriter, request *http.Request) { argocdSettings, err := a.settingsMgr.GetSettings() if err != nil { diff --git a/ui/src/app/applications/components/pod-terminal-viewer/pod-terminal-viewer.tsx b/ui/src/app/applications/components/pod-terminal-viewer/pod-terminal-viewer.tsx index 60aa775497fd6..62080741c249f 100644 --- a/ui/src/app/applications/components/pod-terminal-viewer/pod-terminal-viewer.tsx +++ b/ui/src/app/applications/components/pod-terminal-viewer/pod-terminal-viewer.tsx @@ -11,6 +11,7 @@ import {Context} from '../../../shared/context'; import {ErrorNotification, NotificationType} from 'argo-ui'; export interface PodTerminalViewerProps { applicationName: string; + applicationNamespace: string; projectName: string; selectedNode: models.ResourceNode; podState: models.State; @@ -24,7 +25,15 @@ export interface ShellFrame { cols?: number; } -export const PodTerminalViewer: React.FC = ({selectedNode, applicationName, projectName, podState, containerName, onClickContainer}) => { +export const PodTerminalViewer: React.FC = ({ + selectedNode, + applicationName, + applicationNamespace, + projectName, + podState, + containerName, + onClickContainer +}) => { const terminalRef = React.useRef(null); const appContext = React.useContext(Context); // used to show toast const fitAddon = new FitAddon(); @@ -145,7 +154,7 @@ export const PodTerminalViewer: React.FC = ({selectedNod webSocket = new WebSocket( `${ location.protocol === 'https:' ? 'wss' : 'ws' - }://${url}/terminal?pod=${name}&container=${containerName}&appName=${applicationName}&projectName=${projectName}&namespace=${namespace}` + }://${url}/terminal?pod=${name}&container=${containerName}&appName=${applicationName}&appNamespace=${applicationNamespace}&projectName=${projectName}&namespace=${namespace}` ); webSocket.onopen = onConnectionOpen; webSocket.onclose = onConnectionClose; diff --git a/ui/src/app/applications/components/resource-details/resource-details.tsx b/ui/src/app/applications/components/resource-details/resource-details.tsx index 2fd8b76e71b06..8f8500e20268b 100644 --- a/ui/src/app/applications/components/resource-details/resource-details.tsx +++ b/ui/src/app/applications/components/resource-details/resource-details.tsx @@ -129,6 +129,7 @@ export const ResourceDetails = (props: ResourceDetailsProps) => { content: ( Date: Thu, 22 Dec 2022 13:38:26 -0500 Subject: [PATCH 232/304] chore(deps): bump actions/cache from 3.0.11 to 3.2.0 (#11809) Bumps [actions/cache](https://github.com/actions/cache) from 3.0.11 to 3.2.0. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7...c17f4bf4666a8001b1a45c09eb7a485c41aa64c3) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: emirot --- .github/workflows/ci-build.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ci-build.yaml b/.github/workflows/ci-build.yaml index 8b5a42c95acb7..bff7a8b97dd93 100644 --- a/.github/workflows/ci-build.yaml +++ b/.github/workflows/ci-build.yaml @@ -51,7 +51,7 @@ jobs: with: go-version: ${{ env.GOLANG_VERSION }} - name: Restore go build cache - uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # v3.0.11 + uses: actions/cache@c17f4bf4666a8001b1a45c09eb7a485c41aa64c3 # v3.2.0 with: path: ~/.cache/go-build key: ${{ runner.os }}-go-build-v1-${{ github.run_id }} @@ -116,7 +116,7 @@ jobs: run: | echo "/usr/local/bin" >> $GITHUB_PATH - name: Restore go build cache - uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # v3.0.11 + uses: actions/cache@c17f4bf4666a8001b1a45c09eb7a485c41aa64c3 # v3.2.0 with: path: ~/.cache/go-build key: ${{ runner.os }}-go-build-v1-${{ github.run_id }} @@ -179,7 +179,7 @@ jobs: run: | echo "/usr/local/bin" >> $GITHUB_PATH - name: Restore go build cache - uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # v3.0.11 + uses: actions/cache@c17f4bf4666a8001b1a45c09eb7a485c41aa64c3 # v3.2.0 with: path: ~/.cache/go-build key: ${{ runner.os }}-go-build-v1-${{ github.run_id }} @@ -257,7 +257,7 @@ jobs: node-version: '12.18.4' - name: Restore node dependency cache id: cache-dependencies - uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # v3.0.11 + uses: actions/cache@c17f4bf4666a8001b1a45c09eb7a485c41aa64c3 # v3.2.0 with: path: ui/node_modules key: ${{ runner.os }}-node-dep-v2-${{ hashFiles('**/yarn.lock') }} @@ -292,7 +292,7 @@ jobs: fetch-depth: 0 - name: Restore node dependency cache id: cache-dependencies - uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # v3.0.11 + uses: actions/cache@c17f4bf4666a8001b1a45c09eb7a485c41aa64c3 # v3.2.0 with: path: ui/node_modules key: ${{ runner.os }}-node-dep-v2-${{ hashFiles('**/yarn.lock') }} @@ -386,7 +386,7 @@ jobs: sudo chown runner $HOME/.kube/config kubectl version - name: Restore go build cache - uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # v3.0.11 + uses: actions/cache@c17f4bf4666a8001b1a45c09eb7a485c41aa64c3 # v3.2.0 with: path: ~/.cache/go-build key: ${{ runner.os }}-go-build-v1-${{ github.run_id }} From a777fdc474f5058fca445413627a5eb02d8e4e68 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 3 Jan 2023 16:33:08 +0000 Subject: [PATCH 233/304] [Bot] docs: Update Snyk reports (#11865) Signed-off-by: CI Signed-off-by: CI Co-authored-by: CI Signed-off-by: emirot --- docs/snyk/index.md | 23 +- docs/snyk/master/argocd-iac-install.html | 48 +- .../master/argocd-iac-namespace-install.html | 48 +- docs/snyk/master/argocd-test.html | 316 +- .../master/ghcr.io_dexidp_dex_v2.35.3.html | 2 +- docs/snyk/master/haproxy_2.6.2-alpine.html | 2 +- .../quay.io_argoproj_argocd_latest.html | 144 +- docs/snyk/master/redis_7.0.5-alpine.html | 2 +- docs/snyk/v2.3.12/argocd-iac-install.html | 2 +- .../v2.3.12/argocd-iac-namespace-install.html | 2 +- docs/snyk/v2.3.12/argocd-test.html | 2 +- .../v2.3.12/ghcr.io_dexidp_dex_v2.35.3.html | 2 +- docs/snyk/v2.3.12/haproxy_2.0.29-alpine.html | 2 +- ...argoproj_argocd-applicationset_v0.4.1.html | 14 +- .../quay.io_argoproj_argocd_v2.3.12.html | 144 +- docs/snyk/v2.3.12/redis_6.2.7-alpine.html | 2 +- docs/snyk/v2.4.18/argocd-iac-install.html | 2 +- .../v2.4.18/argocd-iac-namespace-install.html | 2 +- docs/snyk/v2.4.18/argocd-test.html | 2 +- .../v2.4.18/ghcr.io_dexidp_dex_v2.35.3.html | 2 +- docs/snyk/v2.4.18/haproxy_2.0.29-alpine.html | 2 +- .../quay.io_argoproj_argocd_v2.4.18.html | 144 +- docs/snyk/v2.4.18/redis_7.0.4-alpine.html | 2 +- docs/snyk/v2.5.5/argocd-iac-install.html | 2 +- .../v2.5.5/argocd-iac-namespace-install.html | 2 +- docs/snyk/v2.5.5/argocd-test.html | 2 +- .../v2.5.5/ghcr.io_dexidp_dex_v2.35.3.html | 2 +- docs/snyk/v2.5.5/haproxy_2.6.2-alpine.html | 2 +- .../quay.io_argoproj_argocd_v2.5.5.html | 144 +- docs/snyk/v2.5.5/redis_7.0.5-alpine.html | 2 +- docs/snyk/v2.6.0-rc1/argocd-iac-install.html | 2231 +++++++++++++ .../argocd-iac-namespace-install.html | 2231 +++++++++++++ docs/snyk/v2.6.0-rc1/argocd-test.html | 2747 +++++++++++++++++ .../ghcr.io_dexidp_dex_v2.35.3.html | 492 +++ .../snyk/v2.6.0-rc1/haproxy_2.6.2-alpine.html | 492 +++ .../quay.io_argoproj_argocd_v2.6.0-rc1.html | 2559 +++++++++++++++ docs/snyk/v2.6.0-rc1/redis_7.0.5-alpine.html | 492 +++ 37 files changed, 11909 insertions(+), 402 deletions(-) create mode 100644 docs/snyk/v2.6.0-rc1/argocd-iac-install.html create mode 100644 docs/snyk/v2.6.0-rc1/argocd-iac-namespace-install.html create mode 100644 docs/snyk/v2.6.0-rc1/argocd-test.html create mode 100644 docs/snyk/v2.6.0-rc1/ghcr.io_dexidp_dex_v2.35.3.html create mode 100644 docs/snyk/v2.6.0-rc1/haproxy_2.6.2-alpine.html create mode 100644 docs/snyk/v2.6.0-rc1/quay.io_argoproj_argocd_v2.6.0-rc1.html create mode 100644 docs/snyk/v2.6.0-rc1/redis_7.0.5-alpine.html diff --git a/docs/snyk/index.md b/docs/snyk/index.md index 8ebad6e8d1113..864a3c3a44372 100644 --- a/docs/snyk/index.md +++ b/docs/snyk/index.md @@ -14,14 +14,27 @@ recent minor releases. | | Critical | High | Medium | Low | |---:|:--------:|:----:|:------:|:---:| | [go.mod](master/argocd-test.html) | 0 | 0 | 1 | 0 | -| [ui/yarn.lock](master/argocd-test.html) | 0 | 1 | 3 | 0 | +| [ui/yarn.lock](master/argocd-test.html) | 0 | 1 | 0 | 0 | | [dex:v2.35.3](master/ghcr.io_dexidp_dex_v2.35.3.html) | 0 | 0 | 0 | 0 | | [haproxy:2.6.2-alpine](master/haproxy_2.6.2-alpine.html) | 0 | 0 | 0 | 0 | -| [argocd:latest](master/quay.io_argoproj_argocd_latest.html) | 0 | 0 | 2 | 13 | +| [argocd:latest](master/quay.io_argoproj_argocd_latest.html) | 0 | 0 | 4 | 13 | | [redis:7.0.5-alpine](master/redis_7.0.5-alpine.html) | 0 | 0 | 0 | 0 | | [install.yaml](master/argocd-iac-install.html) | - | - | - | - | | [namespace-install.yaml](master/argocd-iac-namespace-install.html) | - | - | - | - | +### v2.6.0-rc1 + +| | Critical | High | Medium | Low | +|---:|:--------:|:----:|:------:|:---:| +| [go.mod](v2.6.0-rc1/argocd-test.html) | 0 | 0 | 1 | 0 | +| [ui/yarn.lock](v2.6.0-rc1/argocd-test.html) | 0 | 1 | 0 | 0 | +| [dex:v2.35.3](v2.6.0-rc1/ghcr.io_dexidp_dex_v2.35.3.html) | 0 | 0 | 0 | 0 | +| [haproxy:2.6.2-alpine](v2.6.0-rc1/haproxy_2.6.2-alpine.html) | 0 | 0 | 0 | 0 | +| [argocd:v2.6.0-rc1](v2.6.0-rc1/quay.io_argoproj_argocd_v2.6.0-rc1.html) | 0 | 0 | 4 | 13 | +| [redis:7.0.5-alpine](v2.6.0-rc1/redis_7.0.5-alpine.html) | 0 | 0 | 0 | 0 | +| [install.yaml](v2.6.0-rc1/argocd-iac-install.html) | - | - | - | - | +| [namespace-install.yaml](v2.6.0-rc1/argocd-iac-namespace-install.html) | - | - | - | - | + ### v2.5.5 | | Critical | High | Medium | Low | @@ -30,7 +43,7 @@ recent minor releases. | [ui/yarn.lock](v2.5.5/argocd-test.html) | 0 | 1 | 3 | 0 | | [dex:v2.35.3](v2.5.5/ghcr.io_dexidp_dex_v2.35.3.html) | 0 | 0 | 0 | 0 | | [haproxy:2.6.2-alpine](v2.5.5/haproxy_2.6.2-alpine.html) | 0 | 0 | 0 | 0 | -| [argocd:v2.5.5](v2.5.5/quay.io_argoproj_argocd_v2.5.5.html) | 0 | 0 | 2 | 13 | +| [argocd:v2.5.5](v2.5.5/quay.io_argoproj_argocd_v2.5.5.html) | 0 | 0 | 4 | 13 | | [redis:7.0.5-alpine](v2.5.5/redis_7.0.5-alpine.html) | 0 | 0 | 0 | 0 | | [install.yaml](v2.5.5/argocd-iac-install.html) | - | - | - | - | | [namespace-install.yaml](v2.5.5/argocd-iac-namespace-install.html) | - | - | - | - | @@ -43,7 +56,7 @@ recent minor releases. | [ui/yarn.lock](v2.4.18/argocd-test.html) | 0 | 1 | 3 | 0 | | [dex:v2.35.3](v2.4.18/ghcr.io_dexidp_dex_v2.35.3.html) | 0 | 0 | 0 | 0 | | [haproxy:2.0.29-alpine](v2.4.18/haproxy_2.0.29-alpine.html) | 0 | 0 | 0 | 0 | -| [argocd:v2.4.18](v2.4.18/quay.io_argoproj_argocd_v2.4.18.html) | 0 | 0 | 2 | 13 | +| [argocd:v2.4.18](v2.4.18/quay.io_argoproj_argocd_v2.4.18.html) | 0 | 0 | 4 | 13 | | [redis:7.0.4-alpine](v2.4.18/redis_7.0.4-alpine.html) | 0 | 0 | 0 | 0 | | [install.yaml](v2.4.18/argocd-iac-install.html) | - | - | - | - | | [namespace-install.yaml](v2.4.18/argocd-iac-namespace-install.html) | - | - | - | - | @@ -57,7 +70,7 @@ recent minor releases. | [dex:v2.35.3](v2.3.12/ghcr.io_dexidp_dex_v2.35.3.html) | 0 | 0 | 0 | 0 | | [haproxy:2.0.29-alpine](v2.3.12/haproxy_2.0.29-alpine.html) | 0 | 0 | 0 | 0 | | [argocd-applicationset:v0.4.1](v2.3.12/quay.io_argoproj_argocd-applicationset_v0.4.1.html) | 0 | 4 | 38 | 29 | -| [argocd:v2.3.12](v2.3.12/quay.io_argoproj_argocd_v2.3.12.html) | 0 | 0 | 2 | 13 | +| [argocd:v2.3.12](v2.3.12/quay.io_argoproj_argocd_v2.3.12.html) | 0 | 0 | 4 | 13 | | [redis:6.2.7-alpine](v2.3.12/redis_6.2.7-alpine.html) | 0 | 0 | 0 | 0 | | [install.yaml](v2.3.12/argocd-iac-install.html) | - | - | - | - | | [namespace-install.yaml](v2.3.12/argocd-iac-namespace-install.html) | - | - | - | - | diff --git a/docs/snyk/master/argocd-iac-install.html b/docs/snyk/master/argocd-iac-install.html index 64dcb9d74814a..79078bdccf89e 100644 --- a/docs/snyk/master/argocd-iac-install.html +++ b/docs/snyk/master/argocd-iac-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    December 18th 2022, 12:16:18 am

    +

    January 1st 2023, 12:18:15 am

    Scanned the following path: @@ -789,7 +789,7 @@

    Container could be running with outdated image

  • - Line number: 16343 + Line number: 16349
    • @@ -905,7 +905,7 @@

    Container has no CPU limit

  • - Line number: 15979 + Line number: 15985
    • @@ -963,7 +963,7 @@

    Container has no CPU limit

  • - Line number: 15945 + Line number: 15951
    • @@ -1021,7 +1021,7 @@

    Container has no CPU limit

  • - Line number: 16035 + Line number: 16041
    • @@ -1079,7 +1079,7 @@

    Container has no CPU limit

  • - Line number: 16109 + Line number: 16115
    • @@ -1137,7 +1137,7 @@

    Container has no CPU limit

  • - Line number: 16343 + Line number: 16349
    • @@ -1195,7 +1195,7 @@

    Container has no CPU limit

  • - Line number: 16165 + Line number: 16171
    • @@ -1253,7 +1253,7 @@

    Container has no CPU limit

  • - Line number: 16428 + Line number: 16434
    • @@ -1311,7 +1311,7 @@

    Container has no CPU limit

  • - Line number: 16732 + Line number: 16738
    • @@ -1363,7 +1363,7 @@

    Container is running with multiple open ports

  • - Line number: 15959 + Line number: 15965
    • @@ -1419,7 +1419,7 @@

    Container is running with writable root filesystem

  • - Line number: 16119 + Line number: 16125
    • @@ -1523,7 +1523,7 @@

    Container is running without liveness probe

  • - Line number: 15945 + Line number: 15951
    • @@ -1575,7 +1575,7 @@

    Container is running without liveness probe

  • - Line number: 15979 + Line number: 15985
    • @@ -1627,7 +1627,7 @@

    Container is running without liveness probe

  • - Line number: 16109 + Line number: 16115
    • @@ -1679,7 +1679,7 @@

    Container is running without liveness probe

  • - Line number: 16343 + Line number: 16349
    • @@ -1795,7 +1795,7 @@

    Container is running without memory limit

  • - Line number: 15945 + Line number: 15951
    • @@ -1853,7 +1853,7 @@

    Container is running without memory limit

  • - Line number: 15979 + Line number: 15985
    • @@ -1911,7 +1911,7 @@

    Container is running without memory limit

  • - Line number: 16035 + Line number: 16041
    • @@ -1969,7 +1969,7 @@

    Container is running without memory limit

  • - Line number: 16109 + Line number: 16115
    • @@ -2027,7 +2027,7 @@

    Container is running without memory limit

  • - Line number: 16343 + Line number: 16349
    • @@ -2085,7 +2085,7 @@

    Container is running without memory limit

  • - Line number: 16165 + Line number: 16171
    • @@ -2143,7 +2143,7 @@

    Container is running without memory limit

  • - Line number: 16428 + Line number: 16434
    • @@ -2201,7 +2201,7 @@

    Container is running without memory limit

  • - Line number: 16732 + Line number: 16738
    • diff --git a/docs/snyk/master/argocd-iac-namespace-install.html b/docs/snyk/master/argocd-iac-namespace-install.html index 56e020c6e7705..8dff249ec9858 100644 --- a/docs/snyk/master/argocd-iac-namespace-install.html +++ b/docs/snyk/master/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    December 18th 2022, 12:16:27 am

    +

    January 1st 2023, 12:18:24 am

    Scanned the following path: @@ -789,7 +789,7 @@

    Container could be running with outdated image

  • - Line number: 1147 + Line number: 1153
    • @@ -905,7 +905,7 @@

    Container has no CPU limit

  • - Line number: 783 + Line number: 789
    • @@ -963,7 +963,7 @@

    Container has no CPU limit

  • - Line number: 749 + Line number: 755
    • @@ -1021,7 +1021,7 @@

    Container has no CPU limit

  • - Line number: 839 + Line number: 845
    • @@ -1079,7 +1079,7 @@

    Container has no CPU limit

  • - Line number: 913 + Line number: 919
    • @@ -1137,7 +1137,7 @@

    Container has no CPU limit

  • - Line number: 1147 + Line number: 1153
    • @@ -1195,7 +1195,7 @@

    Container has no CPU limit

  • - Line number: 969 + Line number: 975
    • @@ -1253,7 +1253,7 @@

    Container has no CPU limit

  • - Line number: 1232 + Line number: 1238
    • @@ -1311,7 +1311,7 @@

    Container has no CPU limit

  • - Line number: 1536 + Line number: 1542
    • @@ -1363,7 +1363,7 @@

    Container is running with multiple open ports

  • - Line number: 763 + Line number: 769
    • @@ -1419,7 +1419,7 @@

    Container is running with writable root filesystem

  • - Line number: 923 + Line number: 929
    • @@ -1523,7 +1523,7 @@

    Container is running without liveness probe

  • - Line number: 749 + Line number: 755
    • @@ -1575,7 +1575,7 @@

    Container is running without liveness probe

  • - Line number: 783 + Line number: 789
    • @@ -1627,7 +1627,7 @@

    Container is running without liveness probe

  • - Line number: 913 + Line number: 919
    • @@ -1679,7 +1679,7 @@

    Container is running without liveness probe

  • - Line number: 1147 + Line number: 1153
    • @@ -1795,7 +1795,7 @@

    Container is running without memory limit

  • - Line number: 749 + Line number: 755
    • @@ -1853,7 +1853,7 @@

    Container is running without memory limit

  • - Line number: 783 + Line number: 789
    • @@ -1911,7 +1911,7 @@

    Container is running without memory limit

  • - Line number: 839 + Line number: 845
    • @@ -1969,7 +1969,7 @@

    Container is running without memory limit

  • - Line number: 913 + Line number: 919
    • @@ -2027,7 +2027,7 @@

    Container is running without memory limit

  • - Line number: 1147 + Line number: 1153
    • @@ -2085,7 +2085,7 @@

    Container is running without memory limit

  • - Line number: 969 + Line number: 975
    • @@ -2143,7 +2143,7 @@

    Container is running without memory limit

  • - Line number: 1232 + Line number: 1238
    • @@ -2201,7 +2201,7 @@

    Container is running without memory limit

  • - Line number: 1536 + Line number: 1542
    • diff --git a/docs/snyk/master/argocd-test.html b/docs/snyk/master/argocd-test.html index 3c7659dcb6be6..b07f14b6aed42 100644 --- a/docs/snyk/master/argocd-test.html +++ b/docs/snyk/master/argocd-test.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    December 18th 2022, 12:14:08 am

    +

    January 1st 2023, 12:16:15 am

    Scanned the following paths: @@ -466,9 +466,9 @@

    Snyk test report

    -
    5 known vulnerabilities
    -
    120 vulnerable dependency paths
    -
    1738 dependencies
    +
    2 known vulnerabilities
    +
    117 vulnerable dependency paths
    +
    1729 dependencies
    @@ -559,312 +559,6 @@

    References

    More about this vulnerability

    -
    -
    -

    Server-side Request Forgery (SSRF)

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: npm -
      • -
    • - Vulnerable module: - - parse-url -
      • - -
    • Introduced through: - - - argo-cd-ui@1.0.0, git-url-parse@11.6.0 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - argo-cd-ui@1.0.0 - - git-url-parse@11.6.0 - - git-up@4.0.5 - - parse-url@6.0.5 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    parse-url is an An advanced url parser supporting git urls too.

    -

    Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) due to improper detection of protocol, resource, and pathname fields. Exploiting this vulnerability results in bypassing protocol verification.

    -

    PoC:

    - 
    import parseUrl from "parse-url";
-        import fetch from 'node-fetch';
-        var parsed=parseUrl("http://nnnn@localhost:808:/?id=xss")
-        if(parsed.resource=="localhost"){
-        console.log("internal network access is blocked")
-        }
-        else{
-           const response = await fetch('http://'+parsed.resource+parsed.pathname);
-                console.log(response)
-         }
-
    -

    Remediation

    -

    Upgrade parse-url to version 8.1.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Input Validation

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: npm -
      • -
    • - Vulnerable module: - - parse-url -
      • - -
    • Introduced through: - - - argo-cd-ui@1.0.0, git-url-parse@11.6.0 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - argo-cd-ui@1.0.0 - - git-url-parse@11.6.0 - - git-up@4.0.5 - - parse-url@6.0.5 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    parse-url is an An advanced url parser supporting git urls too.

    -

    Affected versions of this package are vulnerable to Improper Input Validation due to incorrect parsing of URLs. This allows the attacker to craft a malformed URL which can lead to a phishing attack.

    - 
    
-        const parseUrl = require("parse-url");
-        const Url = require("url");
-        
-        const express = require('express');
-        const app = express();
-        
-        var url = "https://www.google.com:x@fakesite.com:x";
-        parsed = parseUrl(url);
-        console.log("[*]`parse-url` output: ")
-        console.log(parsed);
-        
-        parsed2 = Url.parse(url);
-        console.log("[*]`url` output: ")
-        console.log(parsed2)
-        
-        app.get('/', (req, res) => {
-            if (parsed.host == "www.google.com") {
-                res.send("<a href=\'" + parsed2.href + "\'>CLICK ME!</a>")
-            }
-        })
-        
-        app.listen(8888,"0.0.0.0");
-
    -

    Remediation

    -

    Upgrade parse-url to version 8.1.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Regular Expression Denial of Service (ReDoS)

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: npm -
      • -
    • - Vulnerable module: - - minimatch -
      • - -
    • Introduced through: - - - argo-cd-ui@1.0.0, redoc@2.0.0-rc.64 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - argo-cd-ui@1.0.0 - - redoc@2.0.0-rc.64 - - @redocly/openapi-core@1.0.0-beta.82 - - minimatch@3.0.4 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    minimatch is a minimal matching utility.

    -

    Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the braceExpand function in minimatch.js.

    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.

    -

    The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.

    -

    Let’s take the following regular expression as an example:

    - 
    regex = /A(B|C+)+D/
-
    -

    This regular expression accomplishes the following:

    -
      -
    • A The string must start with the letter 'A'
      • -
    • (B|C+)+ The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the + matches one or more times). The + at the end of this section states that we can look for one or more matches of this section.
      • -
    • D Finally, we ensure this section of the string ends with a 'D'
      • -
    -

    The expression would match inputs such as ABBD, ABCCCCD, ABCBCCCD and ACCCCCD

    -

    It most cases, it doesn't take very long for a regex engine to find a match:

    - 
    $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD")'
-        0.04s user 0.01s system 95% cpu 0.052 total
-        
-        $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX")'
-        1.79s user 0.02s system 99% cpu 1.812 total
-
    -

    The entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.

    -

    Most Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as catastrophic backtracking.

    -

    Let's look at how our expression runs into this problem, using a shorter string: "ACCCX". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:

    -
      -
    1. CCC
      2. -
    2. CC+C
      3. -
    3. C+CC
      4. -
    4. C+C+C.
      5. -
    -

    The engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use RegEx 101 debugger to see the engine has to take a total of 38 steps before it can determine the string doesn't match.

    -

    From there, the number of steps the engine must use to validate a string just continues to grow.

    -
    Project docker-image|quay.io/argoproj/argocd
    Path quay.io/argoproj/argocd:v2.5.4/argoproj/argocd
    Path quay.io/argoproj/argocd:v2.5.5/argoproj/argocd
    Package Manager deb
    Manifest Dockerfile
    - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    StringNumber of C'sNumber of steps
    ACCCX338
    ACCCCX471
    ACCCCCX5136
    ACCCCCCCCCCCCCCX1465,553
    -

    By the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.

    -

    Remediation

    -

    Upgrade minimatch to version 3.0.5 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    -

    Denial of Service (DoS)

    diff --git a/docs/snyk/master/ghcr.io_dexidp_dex_v2.35.3.html b/docs/snyk/master/ghcr.io_dexidp_dex_v2.35.3.html index 0aa0589ba7fc4..e6b1e560e65e9 100644 --- a/docs/snyk/master/ghcr.io_dexidp_dex_v2.35.3.html +++ b/docs/snyk/master/ghcr.io_dexidp_dex_v2.35.3.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    December 18th 2022, 12:14:17 am

    +

    January 1st 2023, 12:16:21 am

    Scanned the following path: diff --git a/docs/snyk/master/haproxy_2.6.2-alpine.html b/docs/snyk/master/haproxy_2.6.2-alpine.html index f3dd5b08945c9..70df7d67c76c5 100644 --- a/docs/snyk/master/haproxy_2.6.2-alpine.html +++ b/docs/snyk/master/haproxy_2.6.2-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    December 18th 2022, 12:14:22 am

    +

    January 1st 2023, 12:16:25 am

    Scanned the following path: diff --git a/docs/snyk/master/quay.io_argoproj_argocd_latest.html b/docs/snyk/master/quay.io_argoproj_argocd_latest.html index b47b792e50970..90cbeae12cd8b 100644 --- a/docs/snyk/master/quay.io_argoproj_argocd_latest.html +++ b/docs/snyk/master/quay.io_argoproj_argocd_latest.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    December 18th 2022, 12:14:47 am

    +

    January 1st 2023, 12:16:48 am

    Scanned the following path: @@ -466,8 +466,8 @@

    Snyk test report

    -
    15 known vulnerabilities
    -
    91 vulnerable dependency paths
    +
    17 known vulnerabilities
    +
    93 vulnerable dependency paths
    162 dependencies
    @@ -725,6 +725,142 @@

    References

    More about this vulnerability

    +
    +
    +

    CVE-2022-43552

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + curl/libcurl3-gnutls +
      • + +
    • Introduced through: + + + docker-image|quay.io/argoproj/argocd@latest, git@1:2.34.1-1ubuntu1.5 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + git@1:2.34.1-1ubuntu1.5 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.6 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    This vulnerability has not been analyzed by NVD yet.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 curl.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    CVE-2022-43551

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + curl/libcurl3-gnutls +
      • + +
    • Introduced through: + + + docker-image|quay.io/argoproj/argocd@latest, git@1:2.34.1-1ubuntu1.5 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + git@1:2.34.1-1ubuntu1.5 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.6 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply to the upstream curl package.

    +

    A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypassed if the host name in the given URL first uses IDN characters that get replaced to ASCII counterparts as part of the IDN conversion. Like using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop (U+002E) .. Then in a subsequent request, it does not detect the HSTS state and makes a clear text transfer. Because it would store the info IDN encoded but look for it IDN decoded.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 curl.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    Uncontrolled Recursion

    diff --git a/docs/snyk/master/redis_7.0.5-alpine.html b/docs/snyk/master/redis_7.0.5-alpine.html index c3986886461bb..cf910387f3364 100644 --- a/docs/snyk/master/redis_7.0.5-alpine.html +++ b/docs/snyk/master/redis_7.0.5-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    December 18th 2022, 12:14:52 am

    +

    January 1st 2023, 12:16:53 am

    Scanned the following path: diff --git a/docs/snyk/v2.3.12/argocd-iac-install.html b/docs/snyk/v2.3.12/argocd-iac-install.html index 316c2647684ef..c185be71146b5 100644 --- a/docs/snyk/v2.3.12/argocd-iac-install.html +++ b/docs/snyk/v2.3.12/argocd-iac-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    December 18th 2022, 12:21:52 am

    +

    January 1st 2023, 12:25:48 am

    Scanned the following path: diff --git a/docs/snyk/v2.3.12/argocd-iac-namespace-install.html b/docs/snyk/v2.3.12/argocd-iac-namespace-install.html index d54d77e3fdf3c..1b69dbeef1580 100644 --- a/docs/snyk/v2.3.12/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.3.12/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    December 18th 2022, 12:22:24 am

    +

    January 1st 2023, 12:26:19 am

    Scanned the following path: diff --git a/docs/snyk/v2.3.12/argocd-test.html b/docs/snyk/v2.3.12/argocd-test.html index 8788a0dae4c10..61c5f6f175b5c 100644 --- a/docs/snyk/v2.3.12/argocd-test.html +++ b/docs/snyk/v2.3.12/argocd-test.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    December 18th 2022, 12:20:14 am

    +

    January 1st 2023, 12:24:11 am

    Scanned the following paths: diff --git a/docs/snyk/v2.3.12/ghcr.io_dexidp_dex_v2.35.3.html b/docs/snyk/v2.3.12/ghcr.io_dexidp_dex_v2.35.3.html index 1c86fbb61739d..15412c600c9cf 100644 --- a/docs/snyk/v2.3.12/ghcr.io_dexidp_dex_v2.35.3.html +++ b/docs/snyk/v2.3.12/ghcr.io_dexidp_dex_v2.35.3.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    December 18th 2022, 12:20:18 am

    +

    January 1st 2023, 12:24:15 am

    Scanned the following path: diff --git a/docs/snyk/v2.3.12/haproxy_2.0.29-alpine.html b/docs/snyk/v2.3.12/haproxy_2.0.29-alpine.html index ff8eb9d95a11e..7b284680014d6 100644 --- a/docs/snyk/v2.3.12/haproxy_2.0.29-alpine.html +++ b/docs/snyk/v2.3.12/haproxy_2.0.29-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    December 18th 2022, 12:20:20 am

    +

    January 1st 2023, 12:24:17 am

    Scanned the following path: diff --git a/docs/snyk/v2.3.12/quay.io_argoproj_argocd-applicationset_v0.4.1.html b/docs/snyk/v2.3.12/quay.io_argoproj_argocd-applicationset_v0.4.1.html index b6f65989340c4..1ae897644aed8 100644 --- a/docs/snyk/v2.3.12/quay.io_argoproj_argocd-applicationset_v0.4.1.html +++ b/docs/snyk/v2.3.12/quay.io_argoproj_argocd-applicationset_v0.4.1.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    December 18th 2022, 12:20:34 am

    +

    January 1st 2023, 12:24:29 am

    Scanned the following path: @@ -4746,6 +4746,7 @@

    References

  • CONFIRM
  • DEBIAN
  • MLIST
    • +
  • GENTOO
    • @@ -4817,6 +4818,7 @@

    References

  • MISC
  • CONFIRM
  • DEBIAN
    • +
  • GENTOO
    • @@ -4889,6 +4891,7 @@

    References

  • CONFIRM
  • DEBIAN
  • MLIST
    • +
  • GENTOO
    • @@ -4964,6 +4967,8 @@

    References

  • CONFIRM
  • CONFIRM
  • FULLDISC
    • +
  • FULLDISC
    • +
  • GENTOO
    • @@ -5038,6 +5043,8 @@

    References

  • CONFIRM
  • CONFIRM
  • FULLDISC
    • +
  • FULLDISC
    • +
  • GENTOO
    • @@ -5115,6 +5122,7 @@

    References

  • FULLDISC
  • FULLDISC
  • CONFIRM
    • +
  • GENTOO
    • @@ -5191,6 +5199,7 @@

    References

  • FULLDISC
  • FULLDISC
  • CONFIRM
    • +
  • GENTOO
    • @@ -7639,6 +7648,7 @@

    References

  • MISC
  • CONFIRM
  • DEBIAN
    • +
  • GENTOO
    • @@ -7713,6 +7723,7 @@

    References

  • MLIST
  • FEDORA
  • FEDORA
    • +
  • GENTOO
    • @@ -7785,6 +7796,7 @@

    References

  • CONFIRM
  • DEBIAN
  • MLIST
    • +
  • GENTOO
    • diff --git a/docs/snyk/v2.3.12/quay.io_argoproj_argocd_v2.3.12.html b/docs/snyk/v2.3.12/quay.io_argoproj_argocd_v2.3.12.html index b3c56db90a0f6..90a025671a121 100644 --- a/docs/snyk/v2.3.12/quay.io_argoproj_argocd_v2.3.12.html +++ b/docs/snyk/v2.3.12/quay.io_argoproj_argocd_v2.3.12.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    December 18th 2022, 12:21:00 am

    +

    January 1st 2023, 12:24:55 am

    Scanned the following path: @@ -466,8 +466,8 @@

    Snyk test report

    -
    15 known vulnerabilities
    -
    91 vulnerable dependency paths
    +
    17 known vulnerabilities
    +
    93 vulnerable dependency paths
    162 dependencies
    @@ -725,6 +725,142 @@

    References

    More about this vulnerability

    +
    +
    +

    CVE-2022-43552

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + curl/libcurl3-gnutls +
      • + +
    • Introduced through: + + + docker-image|quay.io/argoproj/argocd@v2.3.12, git@1:2.34.1-1ubuntu1.5 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.3.12 + + git@1:2.34.1-1ubuntu1.5 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.6 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    This vulnerability has not been analyzed by NVD yet.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 curl.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    CVE-2022-43551

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + curl/libcurl3-gnutls +
      • + +
    • Introduced through: + + + docker-image|quay.io/argoproj/argocd@v2.3.12, git@1:2.34.1-1ubuntu1.5 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.3.12 + + git@1:2.34.1-1ubuntu1.5 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.6 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply to the upstream curl package.

    +

    A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypassed if the host name in the given URL first uses IDN characters that get replaced to ASCII counterparts as part of the IDN conversion. Like using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop (U+002E) .. Then in a subsequent request, it does not detect the HSTS state and makes a clear text transfer. Because it would store the info IDN encoded but look for it IDN decoded.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 curl.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    Uncontrolled Recursion

    diff --git a/docs/snyk/v2.3.12/redis_6.2.7-alpine.html b/docs/snyk/v2.3.12/redis_6.2.7-alpine.html index a9e65651135ff..7d25c3c4cd9f4 100644 --- a/docs/snyk/v2.3.12/redis_6.2.7-alpine.html +++ b/docs/snyk/v2.3.12/redis_6.2.7-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    December 18th 2022, 12:21:05 am

    +

    January 1st 2023, 12:24:59 am

    Scanned the following path: diff --git a/docs/snyk/v2.4.18/argocd-iac-install.html b/docs/snyk/v2.4.18/argocd-iac-install.html index 11d8bde709476..ecba25d06164e 100644 --- a/docs/snyk/v2.4.18/argocd-iac-install.html +++ b/docs/snyk/v2.4.18/argocd-iac-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    December 18th 2022, 12:19:52 am

    +

    January 1st 2023, 12:23:51 am

    Scanned the following path: diff --git a/docs/snyk/v2.4.18/argocd-iac-namespace-install.html b/docs/snyk/v2.4.18/argocd-iac-namespace-install.html index 0def5f8de9ac6..95265ea2a613d 100644 --- a/docs/snyk/v2.4.18/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.4.18/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    December 18th 2022, 12:20:00 am

    +

    January 1st 2023, 12:23:58 am

    Scanned the following path: diff --git a/docs/snyk/v2.4.18/argocd-test.html b/docs/snyk/v2.4.18/argocd-test.html index bb378bd29f787..a71b87a583128 100644 --- a/docs/snyk/v2.4.18/argocd-test.html +++ b/docs/snyk/v2.4.18/argocd-test.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    December 18th 2022, 12:18:34 am

    +

    January 1st 2023, 12:22:34 am

    Scanned the following paths: diff --git a/docs/snyk/v2.4.18/ghcr.io_dexidp_dex_v2.35.3.html b/docs/snyk/v2.4.18/ghcr.io_dexidp_dex_v2.35.3.html index d98e4c41affab..362ba2bd3d4ed 100644 --- a/docs/snyk/v2.4.18/ghcr.io_dexidp_dex_v2.35.3.html +++ b/docs/snyk/v2.4.18/ghcr.io_dexidp_dex_v2.35.3.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    December 18th 2022, 12:18:38 am

    +

    January 1st 2023, 12:22:40 am

    Scanned the following path: diff --git a/docs/snyk/v2.4.18/haproxy_2.0.29-alpine.html b/docs/snyk/v2.4.18/haproxy_2.0.29-alpine.html index 94f74f00ee43a..fbdd39e837326 100644 --- a/docs/snyk/v2.4.18/haproxy_2.0.29-alpine.html +++ b/docs/snyk/v2.4.18/haproxy_2.0.29-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    December 18th 2022, 12:18:42 am

    +

    January 1st 2023, 12:22:43 am

    Scanned the following path: diff --git a/docs/snyk/v2.4.18/quay.io_argoproj_argocd_v2.4.18.html b/docs/snyk/v2.4.18/quay.io_argoproj_argocd_v2.4.18.html index c86c3f6e4e9af..a4b91a9ba4ca2 100644 --- a/docs/snyk/v2.4.18/quay.io_argoproj_argocd_v2.4.18.html +++ b/docs/snyk/v2.4.18/quay.io_argoproj_argocd_v2.4.18.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    December 18th 2022, 12:18:59 am

    +

    January 1st 2023, 12:22:59 am

    Scanned the following path: @@ -466,8 +466,8 @@

    Snyk test report

    -
    15 known vulnerabilities
    -
    91 vulnerable dependency paths
    +
    17 known vulnerabilities
    +
    93 vulnerable dependency paths
    162 dependencies
    @@ -725,6 +725,142 @@

    References

    More about this vulnerability

    +
    +
    +

    CVE-2022-43552

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + curl/libcurl3-gnutls +
      • + +
    • Introduced through: + + + docker-image|quay.io/argoproj/argocd@v2.4.18, git@1:2.34.1-1ubuntu1.5 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.4.18 + + git@1:2.34.1-1ubuntu1.5 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.6 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    This vulnerability has not been analyzed by NVD yet.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 curl.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    CVE-2022-43551

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + curl/libcurl3-gnutls +
      • + +
    • Introduced through: + + + docker-image|quay.io/argoproj/argocd@v2.4.18, git@1:2.34.1-1ubuntu1.5 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.4.18 + + git@1:2.34.1-1ubuntu1.5 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.6 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply to the upstream curl package.

    +

    A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypassed if the host name in the given URL first uses IDN characters that get replaced to ASCII counterparts as part of the IDN conversion. Like using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop (U+002E) .. Then in a subsequent request, it does not detect the HSTS state and makes a clear text transfer. Because it would store the info IDN encoded but look for it IDN decoded.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 curl.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    Uncontrolled Recursion

    diff --git a/docs/snyk/v2.4.18/redis_7.0.4-alpine.html b/docs/snyk/v2.4.18/redis_7.0.4-alpine.html index 44b1da159aea2..37c3418ae567d 100644 --- a/docs/snyk/v2.4.18/redis_7.0.4-alpine.html +++ b/docs/snyk/v2.4.18/redis_7.0.4-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    December 18th 2022, 12:19:04 am

    +

    January 1st 2023, 12:23:03 am

    Scanned the following path: diff --git a/docs/snyk/v2.5.5/argocd-iac-install.html b/docs/snyk/v2.5.5/argocd-iac-install.html index 623ba2062b78b..806f190e167e2 100644 --- a/docs/snyk/v2.5.5/argocd-iac-install.html +++ b/docs/snyk/v2.5.5/argocd-iac-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    December 18th 2022, 12:18:08 am

    +

    January 1st 2023, 12:22:09 am

    Scanned the following path: diff --git a/docs/snyk/v2.5.5/argocd-iac-namespace-install.html b/docs/snyk/v2.5.5/argocd-iac-namespace-install.html index 9469235487314..66ff26429c82e 100644 --- a/docs/snyk/v2.5.5/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.5.5/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    December 18th 2022, 12:18:17 am

    +

    January 1st 2023, 12:22:17 am

    Scanned the following path: diff --git a/docs/snyk/v2.5.5/argocd-test.html b/docs/snyk/v2.5.5/argocd-test.html index 722c5ed72620e..466d781170cff 100644 --- a/docs/snyk/v2.5.5/argocd-test.html +++ b/docs/snyk/v2.5.5/argocd-test.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    December 18th 2022, 12:16:48 am

    +

    January 1st 2023, 12:20:52 am

    Scanned the following paths: diff --git a/docs/snyk/v2.5.5/ghcr.io_dexidp_dex_v2.35.3.html b/docs/snyk/v2.5.5/ghcr.io_dexidp_dex_v2.35.3.html index 0c5ecc9b9c877..c759c41f6fc63 100644 --- a/docs/snyk/v2.5.5/ghcr.io_dexidp_dex_v2.35.3.html +++ b/docs/snyk/v2.5.5/ghcr.io_dexidp_dex_v2.35.3.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    December 18th 2022, 12:16:55 am

    +

    January 1st 2023, 12:20:56 am

    Scanned the following path: diff --git a/docs/snyk/v2.5.5/haproxy_2.6.2-alpine.html b/docs/snyk/v2.5.5/haproxy_2.6.2-alpine.html index 7506b5be60880..40443e3f914ba 100644 --- a/docs/snyk/v2.5.5/haproxy_2.6.2-alpine.html +++ b/docs/snyk/v2.5.5/haproxy_2.6.2-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    December 18th 2022, 12:16:57 am

    +

    January 1st 2023, 12:20:58 am

    Scanned the following path: diff --git a/docs/snyk/v2.5.5/quay.io_argoproj_argocd_v2.5.5.html b/docs/snyk/v2.5.5/quay.io_argoproj_argocd_v2.5.5.html index 3edf96ad85082..fbcdad887bd24 100644 --- a/docs/snyk/v2.5.5/quay.io_argoproj_argocd_v2.5.5.html +++ b/docs/snyk/v2.5.5/quay.io_argoproj_argocd_v2.5.5.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    December 18th 2022, 12:17:14 am

    +

    January 1st 2023, 12:21:14 am

    Scanned the following path: @@ -466,8 +466,8 @@

    Snyk test report

    -
    15 known vulnerabilities
    -
    91 vulnerable dependency paths
    +
    17 known vulnerabilities
    +
    93 vulnerable dependency paths
    162 dependencies
    @@ -725,6 +725,142 @@

    References

    More about this vulnerability

    +
    +
    +

    CVE-2022-43552

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + curl/libcurl3-gnutls +
      • + +
    • Introduced through: + + + docker-image|quay.io/argoproj/argocd@v2.5.5, git@1:2.34.1-1ubuntu1.5 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.5 + + git@1:2.34.1-1ubuntu1.5 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.6 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    This vulnerability has not been analyzed by NVD yet.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 curl.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    CVE-2022-43551

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + curl/libcurl3-gnutls +
      • + +
    • Introduced through: + + + docker-image|quay.io/argoproj/argocd@v2.5.5, git@1:2.34.1-1ubuntu1.5 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.5 + + git@1:2.34.1-1ubuntu1.5 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.6 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply to the upstream curl package.

    +

    A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypassed if the host name in the given URL first uses IDN characters that get replaced to ASCII counterparts as part of the IDN conversion. Like using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop (U+002E) .. Then in a subsequent request, it does not detect the HSTS state and makes a clear text transfer. Because it would store the info IDN encoded but look for it IDN decoded.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 curl.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    Uncontrolled Recursion

    diff --git a/docs/snyk/v2.5.5/redis_7.0.5-alpine.html b/docs/snyk/v2.5.5/redis_7.0.5-alpine.html index 70b01528eedfb..3e85c4ed31b2e 100644 --- a/docs/snyk/v2.5.5/redis_7.0.5-alpine.html +++ b/docs/snyk/v2.5.5/redis_7.0.5-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    December 18th 2022, 12:17:16 am

    +

    January 1st 2023, 12:21:17 am

    Scanned the following path: diff --git a/docs/snyk/v2.6.0-rc1/argocd-iac-install.html b/docs/snyk/v2.6.0-rc1/argocd-iac-install.html new file mode 100644 index 0000000000000..aa587038033b1 --- /dev/null +++ b/docs/snyk/v2.6.0-rc1/argocd-iac-install.html @@ -0,0 +1,2231 @@ + + + + + + + + + Snyk test report + + + + + + + + + +
    +
    +
    +
    + + + Snyk - Open Source Security + + + + + + + +
    +

    Snyk test report

    + +

    January 1st 2023, 12:20:26 am

    +
    +
    + Scanned the following path: +
      +
    • /argo-cd/manifests/install.yaml (Kubernetes)
      • +
    +
    + +
    +
    32 total issues
    +
    +
    +
    +
    + +
    + + + + + + +
    Project manifests/install.yaml
    Path /argo-cd/manifests/install.yaml
    Project Type Kubernetes
    +
    +
    +
    +

    Role with dangerous permissions

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-47 +
      • + +
    • Introduced through: + [DocId: 10] + + rules[0] + + resources + +
      • + +
    • + Line number: 15180 +
      • +
    + +
    + +

    Impact

    +

    Using this role grants dangerous permissions

    + +

    Remediation

    +

    Consider removing this permissions

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Role with dangerous permissions

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-47 +
      • + +
    • Introduced through: + [DocId: 11] + + rules[4] + + resources + +
      • + +
    • + Line number: 15257 +
      • +
    + +
    + +

    Impact

    +

    Using this role grants dangerous permissions

    + +

    Remediation

    +

    Consider removing this permissions

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Role with dangerous permissions

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-47 +
      • + +
    • Introduced through: + [DocId: 12] + + rules[0] + + resources + +
      • + +
    • + Line number: 15285 +
      • +
    + +
    + +

    Impact

    +

    Using this role grants dangerous permissions

    + +

    Remediation

    +

    Consider removing this permissions

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Role with dangerous permissions

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-47 +
      • + +
    • Introduced through: + [DocId: 13] + + rules[3] + + resources + +
      • + +
    • + Line number: 15329 +
      • +
    + +
    + +

    Impact

    +

    Using this role grants dangerous permissions

    + +

    Remediation

    +

    Consider removing this permissions

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Role with dangerous permissions

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-47 +
      • + +
    • Introduced through: + [DocId: 13] + + rules[1] + + resources + +
      • + +
    • + Line number: 15311 +
      • +
    + +
    + +

    Impact

    +

    Using this role grants dangerous permissions

    + +

    Remediation

    +

    Consider removing this permissions

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Role with dangerous permissions

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-47 +
      • + +
    • Introduced through: + [DocId: 14] + + rules[0] + + resources + +
      • + +
    • + Line number: 15345 +
      • +
    + +
    + +

    Impact

    +

    Using this role grants dangerous permissions

    + +

    Remediation

    +

    Consider removing this permissions

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container could be running with outdated image

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-42 +
      • + +
    • Introduced through: + [DocId: 46] + + spec + + template + + spec + + initContainers[copyutil] + + imagePullPolicy + +
      • + +
    • + Line number: 16343 +
      • +
    + +
    + +

    Impact

    +

    The container may run with outdated or unauthorized image

    + +

    Remediation

    +

    Set `imagePullPolicy` attribute to `Always`

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container has no CPU limit

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-5 +
      • + +
    • Introduced through: + [DocId: 42] + + input + + spec + + template + + spec + + containers[argocd-applicationset-controller] + + resources + + limits + + cpu + +
      • + +
    • + Line number: 15812 +
      • +
    + +
    + +

    Impact

    +

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    + +

    Remediation

    +

    Add `resources.limits.cpu` field with required CPU limit value

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container has no CPU limit

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-5 +
      • + +
    • Introduced through: + [DocId: 43] + + input + + spec + + template + + spec + + initContainers[copyutil] + + resources + + limits + + cpu + +
      • + +
    • + Line number: 15979 +
      • +
    + +
    + +

    Impact

    +

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    + +

    Remediation

    +

    Add `resources.limits.cpu` field with required CPU limit value

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container has no CPU limit

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-5 +
      • + +
    • Introduced through: + [DocId: 43] + + input + + spec + + template + + spec + + containers[dex] + + resources + + limits + + cpu + +
      • + +
    • + Line number: 15945 +
      • +
    + +
    + +

    Impact

    +

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    + +

    Remediation

    +

    Add `resources.limits.cpu` field with required CPU limit value

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container has no CPU limit

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-5 +
      • + +
    • Introduced through: + [DocId: 44] + + input + + spec + + template + + spec + + containers[argocd-notifications-controller] + + resources + + limits + + cpu + +
      • + +
    • + Line number: 16035 +
      • +
    + +
    + +

    Impact

    +

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    + +

    Remediation

    +

    Add `resources.limits.cpu` field with required CPU limit value

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container has no CPU limit

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-5 +
      • + +
    • Introduced through: + [DocId: 45] + + input + + spec + + template + + spec + + containers[redis] + + resources + + limits + + cpu + +
      • + +
    • + Line number: 16109 +
      • +
    + +
    + +

    Impact

    +

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    + +

    Remediation

    +

    Add `resources.limits.cpu` field with required CPU limit value

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container has no CPU limit

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-5 +
      • + +
    • Introduced through: + [DocId: 46] + + input + + spec + + template + + spec + + initContainers[copyutil] + + resources + + limits + + cpu + +
      • + +
    • + Line number: 16343 +
      • +
    + +
    + +

    Impact

    +

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    + +

    Remediation

    +

    Add `resources.limits.cpu` field with required CPU limit value

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container has no CPU limit

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-5 +
      • + +
    • Introduced through: + [DocId: 46] + + input + + spec + + template + + spec + + containers[argocd-repo-server] + + resources + + limits + + cpu + +
      • + +
    • + Line number: 16165 +
      • +
    + +
    + +

    Impact

    +

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    + +

    Remediation

    +

    Add `resources.limits.cpu` field with required CPU limit value

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container has no CPU limit

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-5 +
      • + +
    • Introduced through: + [DocId: 47] + + input + + spec + + template + + spec + + containers[argocd-server] + + resources + + limits + + cpu + +
      • + +
    • + Line number: 16428 +
      • +
    + +
    + +

    Impact

    +

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    + +

    Remediation

    +

    Add `resources.limits.cpu` field with required CPU limit value

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container has no CPU limit

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-5 +
      • + +
    • Introduced through: + [DocId: 48] + + input + + spec + + template + + spec + + containers[argocd-application-controller] + + resources + + limits + + cpu + +
      • + +
    • + Line number: 16732 +
      • +
    + +
    + +

    Impact

    +

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    + +

    Remediation

    +

    Add `resources.limits.cpu` field with required CPU limit value

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container is running with multiple open ports

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-36 +
      • + +
    • Introduced through: + [DocId: 43] + + spec + + template + + spec + + containers[dex] + + ports + +
      • + +
    • + Line number: 15959 +
      • +
    + +
    + +

    Impact

    +

    Increases the attack surface of the application and the container.

    + +

    Remediation

    +

    Reduce `ports` count to 2

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container is running with writable root filesystem

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-8 +
      • + +
    • Introduced through: + [DocId: 45] + + input + + spec + + template + + spec + + containers[redis] + + securityContext + + readOnlyRootFilesystem + +
      • + +
    • + Line number: 16119 +
      • +
    + +
    + +

    Impact

    +

    Compromised process could abuse writable root filesystem to elevate privileges

    + +

    Remediation

    +

    Set `securityContext.readOnlyRootFilesystem` to `true`

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container is running without liveness probe

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-41 +
      • + +
    • Introduced through: + [DocId: 42] + + spec + + template + + spec + + containers[argocd-applicationset-controller] + + livenessProbe + +
      • + +
    • + Line number: 15812 +
      • +
    + +
    + +

    Impact

    +

    Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

    + +

    Remediation

    +

    Add `livenessProbe` attribute

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container is running without liveness probe

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-41 +
      • + +
    • Introduced through: + [DocId: 43] + + spec + + template + + spec + + containers[dex] + + livenessProbe + +
      • + +
    • + Line number: 15945 +
      • +
    + +
    + +

    Impact

    +

    Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

    + +

    Remediation

    +

    Add `livenessProbe` attribute

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container is running without liveness probe

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-41 +
      • + +
    • Introduced through: + [DocId: 43] + + spec + + template + + spec + + initContainers[copyutil] + + livenessProbe + +
      • + +
    • + Line number: 15979 +
      • +
    + +
    + +

    Impact

    +

    Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

    + +

    Remediation

    +

    Add `livenessProbe` attribute

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container is running without liveness probe

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-41 +
      • + +
    • Introduced through: + [DocId: 45] + + spec + + template + + spec + + containers[redis] + + livenessProbe + +
      • + +
    • + Line number: 16109 +
      • +
    + +
    + +

    Impact

    +

    Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

    + +

    Remediation

    +

    Add `livenessProbe` attribute

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container is running without liveness probe

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-41 +
      • + +
    • Introduced through: + [DocId: 46] + + spec + + template + + spec + + initContainers[copyutil] + + livenessProbe + +
      • + +
    • + Line number: 16343 +
      • +
    + +
    + +

    Impact

    +

    Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

    + +

    Remediation

    +

    Add `livenessProbe` attribute

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container is running without memory limit

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-4 +
      • + +
    • Introduced through: + [DocId: 42] + + input + + spec + + template + + spec + + containers[argocd-applicationset-controller] + + resources + + limits + + memory + +
      • + +
    • + Line number: 15812 +
      • +
    + +
    + +

    Impact

    +

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    + +

    Remediation

    +

    Set `resources.limits.memory` value

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container is running without memory limit

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-4 +
      • + +
    • Introduced through: + [DocId: 43] + + input + + spec + + template + + spec + + containers[dex] + + resources + + limits + + memory + +
      • + +
    • + Line number: 15945 +
      • +
    + +
    + +

    Impact

    +

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    + +

    Remediation

    +

    Set `resources.limits.memory` value

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container is running without memory limit

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-4 +
      • + +
    • Introduced through: + [DocId: 43] + + input + + spec + + template + + spec + + initContainers[copyutil] + + resources + + limits + + memory + +
      • + +
    • + Line number: 15979 +
      • +
    + +
    + +

    Impact

    +

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    + +

    Remediation

    +

    Set `resources.limits.memory` value

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container is running without memory limit

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-4 +
      • + +
    • Introduced through: + [DocId: 44] + + input + + spec + + template + + spec + + containers[argocd-notifications-controller] + + resources + + limits + + memory + +
      • + +
    • + Line number: 16035 +
      • +
    + +
    + +

    Impact

    +

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    + +

    Remediation

    +

    Set `resources.limits.memory` value

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container is running without memory limit

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-4 +
      • + +
    • Introduced through: + [DocId: 45] + + input + + spec + + template + + spec + + containers[redis] + + resources + + limits + + memory + +
      • + +
    • + Line number: 16109 +
      • +
    + +
    + +

    Impact

    +

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    + +

    Remediation

    +

    Set `resources.limits.memory` value

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container is running without memory limit

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-4 +
      • + +
    • Introduced through: + [DocId: 46] + + input + + spec + + template + + spec + + initContainers[copyutil] + + resources + + limits + + memory + +
      • + +
    • + Line number: 16343 +
      • +
    + +
    + +

    Impact

    +

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    + +

    Remediation

    +

    Set `resources.limits.memory` value

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container is running without memory limit

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-4 +
      • + +
    • Introduced through: + [DocId: 46] + + input + + spec + + template + + spec + + containers[argocd-repo-server] + + resources + + limits + + memory + +
      • + +
    • + Line number: 16165 +
      • +
    + +
    + +

    Impact

    +

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    + +

    Remediation

    +

    Set `resources.limits.memory` value

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container is running without memory limit

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-4 +
      • + +
    • Introduced through: + [DocId: 47] + + input + + spec + + template + + spec + + containers[argocd-server] + + resources + + limits + + memory + +
      • + +
    • + Line number: 16428 +
      • +
    + +
    + +

    Impact

    +

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    + +

    Remediation

    +

    Set `resources.limits.memory` value

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container is running without memory limit

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-4 +
      • + +
    • Introduced through: + [DocId: 48] + + input + + spec + + template + + spec + + containers[argocd-application-controller] + + resources + + limits + + memory + +
      • + +
    • + Line number: 16732 +
      • +
    + +
    + +

    Impact

    +

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    + +

    Remediation

    +

    Set `resources.limits.memory` value

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +
    + +
    + + + diff --git a/docs/snyk/v2.6.0-rc1/argocd-iac-namespace-install.html b/docs/snyk/v2.6.0-rc1/argocd-iac-namespace-install.html new file mode 100644 index 0000000000000..f06631dfc6d46 --- /dev/null +++ b/docs/snyk/v2.6.0-rc1/argocd-iac-namespace-install.html @@ -0,0 +1,2231 @@ + + + + + + + + + Snyk test report + + + + + + + + + +
    +
    +
    +
    + + + Snyk - Open Source Security + + + + + + + +
    +

    Snyk test report

    + +

    January 1st 2023, 12:20:35 am

    +
    +
    + Scanned the following path: +
      +
    • /argo-cd/manifests/namespace-install.yaml (Kubernetes)
      • +
    +
    + +
    +
    32 total issues
    +
    +
    +
    +
    + +
    + + + + + + +
    Project manifests/namespace-install.yaml
    Path /argo-cd/manifests/namespace-install.yaml
    Project Type Kubernetes
    +
    +
    +
    +

    Role with dangerous permissions

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-47 +
      • + +
    • Introduced through: + [DocId: 7] + + rules[0] + + resources + +
      • + +
    • + Line number: 77 +
      • +
    + +
    + +

    Impact

    +

    Using this role grants dangerous permissions

    + +

    Remediation

    +

    Consider removing this permissions

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Role with dangerous permissions

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-47 +
      • + +
    • Introduced through: + [DocId: 8] + + rules[4] + + resources + +
      • + +
    • + Line number: 154 +
      • +
    + +
    + +

    Impact

    +

    Using this role grants dangerous permissions

    + +

    Remediation

    +

    Consider removing this permissions

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Role with dangerous permissions

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-47 +
      • + +
    • Introduced through: + [DocId: 9] + + rules[0] + + resources + +
      • + +
    • + Line number: 182 +
      • +
    + +
    + +

    Impact

    +

    Using this role grants dangerous permissions

    + +

    Remediation

    +

    Consider removing this permissions

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Role with dangerous permissions

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-47 +
      • + +
    • Introduced through: + [DocId: 10] + + rules[3] + + resources + +
      • + +
    • + Line number: 226 +
      • +
    + +
    + +

    Impact

    +

    Using this role grants dangerous permissions

    + +

    Remediation

    +

    Consider removing this permissions

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Role with dangerous permissions

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-47 +
      • + +
    • Introduced through: + [DocId: 10] + + rules[1] + + resources + +
      • + +
    • + Line number: 208 +
      • +
    + +
    + +

    Impact

    +

    Using this role grants dangerous permissions

    + +

    Remediation

    +

    Consider removing this permissions

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Role with dangerous permissions

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-47 +
      • + +
    • Introduced through: + [DocId: 11] + + rules[0] + + resources + +
      • + +
    • + Line number: 242 +
      • +
    + +
    + +

    Impact

    +

    Using this role grants dangerous permissions

    + +

    Remediation

    +

    Consider removing this permissions

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container could be running with outdated image

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-42 +
      • + +
    • Introduced through: + [DocId: 39] + + spec + + template + + spec + + initContainers[copyutil] + + imagePullPolicy + +
      • + +
    • + Line number: 1147 +
      • +
    + +
    + +

    Impact

    +

    The container may run with outdated or unauthorized image

    + +

    Remediation

    +

    Set `imagePullPolicy` attribute to `Always`

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container has no CPU limit

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-5 +
      • + +
    • Introduced through: + [DocId: 35] + + input + + spec + + template + + spec + + containers[argocd-applicationset-controller] + + resources + + limits + + cpu + +
      • + +
    • + Line number: 616 +
      • +
    + +
    + +

    Impact

    +

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    + +

    Remediation

    +

    Add `resources.limits.cpu` field with required CPU limit value

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container has no CPU limit

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-5 +
      • + +
    • Introduced through: + [DocId: 36] + + input + + spec + + template + + spec + + initContainers[copyutil] + + resources + + limits + + cpu + +
      • + +
    • + Line number: 783 +
      • +
    + +
    + +

    Impact

    +

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    + +

    Remediation

    +

    Add `resources.limits.cpu` field with required CPU limit value

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container has no CPU limit

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-5 +
      • + +
    • Introduced through: + [DocId: 36] + + input + + spec + + template + + spec + + containers[dex] + + resources + + limits + + cpu + +
      • + +
    • + Line number: 749 +
      • +
    + +
    + +

    Impact

    +

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    + +

    Remediation

    +

    Add `resources.limits.cpu` field with required CPU limit value

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container has no CPU limit

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-5 +
      • + +
    • Introduced through: + [DocId: 37] + + input + + spec + + template + + spec + + containers[argocd-notifications-controller] + + resources + + limits + + cpu + +
      • + +
    • + Line number: 839 +
      • +
    + +
    + +

    Impact

    +

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    + +

    Remediation

    +

    Add `resources.limits.cpu` field with required CPU limit value

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container has no CPU limit

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-5 +
      • + +
    • Introduced through: + [DocId: 38] + + input + + spec + + template + + spec + + containers[redis] + + resources + + limits + + cpu + +
      • + +
    • + Line number: 913 +
      • +
    + +
    + +

    Impact

    +

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    + +

    Remediation

    +

    Add `resources.limits.cpu` field with required CPU limit value

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container has no CPU limit

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-5 +
      • + +
    • Introduced through: + [DocId: 39] + + input + + spec + + template + + spec + + initContainers[copyutil] + + resources + + limits + + cpu + +
      • + +
    • + Line number: 1147 +
      • +
    + +
    + +

    Impact

    +

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    + +

    Remediation

    +

    Add `resources.limits.cpu` field with required CPU limit value

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container has no CPU limit

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-5 +
      • + +
    • Introduced through: + [DocId: 39] + + input + + spec + + template + + spec + + containers[argocd-repo-server] + + resources + + limits + + cpu + +
      • + +
    • + Line number: 969 +
      • +
    + +
    + +

    Impact

    +

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    + +

    Remediation

    +

    Add `resources.limits.cpu` field with required CPU limit value

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container has no CPU limit

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-5 +
      • + +
    • Introduced through: + [DocId: 40] + + input + + spec + + template + + spec + + containers[argocd-server] + + resources + + limits + + cpu + +
      • + +
    • + Line number: 1232 +
      • +
    + +
    + +

    Impact

    +

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    + +

    Remediation

    +

    Add `resources.limits.cpu` field with required CPU limit value

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container has no CPU limit

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-5 +
      • + +
    • Introduced through: + [DocId: 41] + + input + + spec + + template + + spec + + containers[argocd-application-controller] + + resources + + limits + + cpu + +
      • + +
    • + Line number: 1536 +
      • +
    + +
    + +

    Impact

    +

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    + +

    Remediation

    +

    Add `resources.limits.cpu` field with required CPU limit value

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container is running with multiple open ports

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-36 +
      • + +
    • Introduced through: + [DocId: 36] + + spec + + template + + spec + + containers[dex] + + ports + +
      • + +
    • + Line number: 763 +
      • +
    + +
    + +

    Impact

    +

    Increases the attack surface of the application and the container.

    + +

    Remediation

    +

    Reduce `ports` count to 2

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container is running with writable root filesystem

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-8 +
      • + +
    • Introduced through: + [DocId: 38] + + input + + spec + + template + + spec + + containers[redis] + + securityContext + + readOnlyRootFilesystem + +
      • + +
    • + Line number: 923 +
      • +
    + +
    + +

    Impact

    +

    Compromised process could abuse writable root filesystem to elevate privileges

    + +

    Remediation

    +

    Set `securityContext.readOnlyRootFilesystem` to `true`

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container is running without liveness probe

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-41 +
      • + +
    • Introduced through: + [DocId: 35] + + spec + + template + + spec + + containers[argocd-applicationset-controller] + + livenessProbe + +
      • + +
    • + Line number: 616 +
      • +
    + +
    + +

    Impact

    +

    Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

    + +

    Remediation

    +

    Add `livenessProbe` attribute

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container is running without liveness probe

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-41 +
      • + +
    • Introduced through: + [DocId: 36] + + spec + + template + + spec + + containers[dex] + + livenessProbe + +
      • + +
    • + Line number: 749 +
      • +
    + +
    + +

    Impact

    +

    Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

    + +

    Remediation

    +

    Add `livenessProbe` attribute

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container is running without liveness probe

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-41 +
      • + +
    • Introduced through: + [DocId: 36] + + spec + + template + + spec + + initContainers[copyutil] + + livenessProbe + +
      • + +
    • + Line number: 783 +
      • +
    + +
    + +

    Impact

    +

    Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

    + +

    Remediation

    +

    Add `livenessProbe` attribute

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container is running without liveness probe

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-41 +
      • + +
    • Introduced through: + [DocId: 38] + + spec + + template + + spec + + containers[redis] + + livenessProbe + +
      • + +
    • + Line number: 913 +
      • +
    + +
    + +

    Impact

    +

    Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

    + +

    Remediation

    +

    Add `livenessProbe` attribute

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container is running without liveness probe

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-41 +
      • + +
    • Introduced through: + [DocId: 39] + + spec + + template + + spec + + initContainers[copyutil] + + livenessProbe + +
      • + +
    • + Line number: 1147 +
      • +
    + +
    + +

    Impact

    +

    Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

    + +

    Remediation

    +

    Add `livenessProbe` attribute

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container is running without memory limit

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-4 +
      • + +
    • Introduced through: + [DocId: 35] + + input + + spec + + template + + spec + + containers[argocd-applicationset-controller] + + resources + + limits + + memory + +
      • + +
    • + Line number: 616 +
      • +
    + +
    + +

    Impact

    +

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    + +

    Remediation

    +

    Set `resources.limits.memory` value

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container is running without memory limit

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-4 +
      • + +
    • Introduced through: + [DocId: 36] + + input + + spec + + template + + spec + + containers[dex] + + resources + + limits + + memory + +
      • + +
    • + Line number: 749 +
      • +
    + +
    + +

    Impact

    +

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    + +

    Remediation

    +

    Set `resources.limits.memory` value

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container is running without memory limit

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-4 +
      • + +
    • Introduced through: + [DocId: 36] + + input + + spec + + template + + spec + + initContainers[copyutil] + + resources + + limits + + memory + +
      • + +
    • + Line number: 783 +
      • +
    + +
    + +

    Impact

    +

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    + +

    Remediation

    +

    Set `resources.limits.memory` value

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container is running without memory limit

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-4 +
      • + +
    • Introduced through: + [DocId: 37] + + input + + spec + + template + + spec + + containers[argocd-notifications-controller] + + resources + + limits + + memory + +
      • + +
    • + Line number: 839 +
      • +
    + +
    + +

    Impact

    +

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    + +

    Remediation

    +

    Set `resources.limits.memory` value

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container is running without memory limit

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-4 +
      • + +
    • Introduced through: + [DocId: 38] + + input + + spec + + template + + spec + + containers[redis] + + resources + + limits + + memory + +
      • + +
    • + Line number: 913 +
      • +
    + +
    + +

    Impact

    +

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    + +

    Remediation

    +

    Set `resources.limits.memory` value

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container is running without memory limit

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-4 +
      • + +
    • Introduced through: + [DocId: 39] + + input + + spec + + template + + spec + + initContainers[copyutil] + + resources + + limits + + memory + +
      • + +
    • + Line number: 1147 +
      • +
    + +
    + +

    Impact

    +

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    + +

    Remediation

    +

    Set `resources.limits.memory` value

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container is running without memory limit

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-4 +
      • + +
    • Introduced through: + [DocId: 39] + + input + + spec + + template + + spec + + containers[argocd-repo-server] + + resources + + limits + + memory + +
      • + +
    • + Line number: 969 +
      • +
    + +
    + +

    Impact

    +

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    + +

    Remediation

    +

    Set `resources.limits.memory` value

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container is running without memory limit

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-4 +
      • + +
    • Introduced through: + [DocId: 40] + + input + + spec + + template + + spec + + containers[argocd-server] + + resources + + limits + + memory + +
      • + +
    • + Line number: 1232 +
      • +
    + +
    + +

    Impact

    +

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    + +

    Remediation

    +

    Set `resources.limits.memory` value

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container is running without memory limit

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-4 +
      • + +
    • Introduced through: + [DocId: 41] + + input + + spec + + template + + spec + + containers[argocd-application-controller] + + resources + + limits + + memory + +
      • + +
    • + Line number: 1536 +
      • +
    + +
    + +

    Impact

    +

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    + +

    Remediation

    +

    Set `resources.limits.memory` value

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +
    + +
    + + + diff --git a/docs/snyk/v2.6.0-rc1/argocd-test.html b/docs/snyk/v2.6.0-rc1/argocd-test.html new file mode 100644 index 0000000000000..5b1a9a189fa8b --- /dev/null +++ b/docs/snyk/v2.6.0-rc1/argocd-test.html @@ -0,0 +1,2747 @@ + + + + + + + + + Snyk test report + + + + + + + + + +
    +
    +
    +
    + + + Snyk - Open Source Security + + + + + + + +
    +

    Snyk test report

    + +

    January 1st 2023, 12:18:40 am

    +
    +
    + Scanned the following paths: +
      +
    • /argo-cd/argoproj/argo-cd/v2 (gomodules)
    • /argo-cd (yarn)
      • +
    +
    + +
    +
    2 known vulnerabilities
    +
    117 vulnerable dependency paths
    +
    1731 dependencies
    +
    +
    +
    +
    + +
    +
    +
    +

    Prototype Poisoning

    +
    + +
    + high severity +
    + +
    + +
      +
    • + Package Manager: npm +
      • +
    • + Vulnerable module: + + qs +
      • + +
    • Introduced through: + + + argo-cd-ui@1.0.0, superagent@7.1.6 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + argo-cd-ui@1.0.0 + + superagent@7.1.6 + + formidable@2.0.1 + + qs@6.9.3 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    qs is a querystring parser that supports nesting and arrays, with a depth limit.

    +

    Affected versions of this package are vulnerable to Prototype Poisoning which allows attackers to cause a Node process to hang, processing an Array object whose prototype has been replaced by one with an excessive length value.

    +

    Note: In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as a[__proto__]=b&a[__proto__]&a[length]=100000000.

    +

    Details

    +

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    +

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    +

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    +

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    +

    Two common types of DoS vulnerabilities:

    +
      +

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      +
      • +

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      +
      • +
    +

    Remediation

    +

    Upgrade qs to version 6.2.4, 6.3.3, 6.4.1, 6.5.3, 6.6.1, 6.7.3, 6.8.3, 6.9.7, 6.10.3 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Denial of Service (DoS)

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + golang.org/x/net/http2 +
      • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, k8s.io/client-go/rest@0.24.2 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/improbable-eng/grpc-web/go/grpcweb@#16092bd1d58a + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/soheilhy/cmux@0.1.5 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/discovery@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/dynamic@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/transport/spdy@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/pkg/kubeclientmetrics@#27bd8ce31415 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/testing@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/cache@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/kubernetes@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/plugin/pkg/client/auth/azure@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/plugin/pkg/client/auth/gcp@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/plugin/pkg/client/auth/oidc@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/record@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/apimachinery/pkg/watch@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc@1.51.0 + + google.golang.org/grpc/internal/transport@1.51.0 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/kubectl/pkg/util/openapi@0.24.2 + + k8s.io/client-go/discovery@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/discovery/fake@0.24.2 + + k8s.io/client-go/testing@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/kubernetes/fake@0.24.2 + + k8s.io/client-go/testing@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/listers/core/v1@0.24.2 + + k8s.io/client-go/tools/cache@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/api@#490d98afd1d6 + + k8s.io/client-go/tools/cache@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/informers/core/v1@0.24.2 + + k8s.io/client-go/tools/cache@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/informers@0.24.2 + + k8s.io/client-go/tools/cache@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/clientcmd@0.24.2 + + k8s.io/client-go/tools/auth@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/controller@#490d98afd1d6 + + k8s.io/client-go/tools/cache@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/remotecommand@0.24.2 + + k8s.io/client-go/transport/spdy@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/rest@0.24.2 + + k8s.io/client-go/transport@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + + k8s.io/apimachinery/pkg/watch@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.3.0 + + google.golang.org/grpc@1.51.0 + + google.golang.org/grpc/internal/transport@1.51.0 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/auth@1.3.0 + + google.golang.org/grpc@1.51.0 + + google.golang.org/grpc/internal/transport@1.51.0 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/retry@1.3.0 + + google.golang.org/grpc@1.51.0 + + google.golang.org/grpc/internal/transport@1.51.0 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 + + google.golang.org/grpc@1.51.0 + + google.golang.org/grpc/internal/transport@1.51.0 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health/grpc_health_v1@1.51.0 + + google.golang.org/grpc@1.51.0 + + google.golang.org/grpc/internal/transport@1.51.0 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.3.0 + + google.golang.org/grpc@1.51.0 + + google.golang.org/grpc/internal/transport@1.51.0 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/improbable-eng/grpc-web/go/grpcweb@#16092bd1d58a + + google.golang.org/grpc@1.51.0 + + google.golang.org/grpc/internal/transport@1.51.0 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.31.0 + + google.golang.org/grpc@1.51.0 + + google.golang.org/grpc/internal/transport@1.51.0 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.11.1 + + google.golang.org/grpc@1.51.0 + + google.golang.org/grpc/internal/transport@1.51.0 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/cache@#e284fd71cb96 + + k8s.io/kubectl/pkg/util/openapi@0.24.2 + + k8s.io/client-go/discovery@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync@#e284fd71cb96 + + k8s.io/kubectl/pkg/util/openapi@0.24.2 + + k8s.io/client-go/discovery@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube@#e284fd71cb96 + + k8s.io/kubectl/pkg/util/openapi@0.24.2 + + k8s.io/client-go/discovery@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/cmd@#490d98afd1d6 + + k8s.io/client-go/tools/clientcmd@0.24.2 + + k8s.io/client-go/tools/auth@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/kubectl/pkg/util/term@0.24.2 + + k8s.io/client-go/tools/remotecommand@0.24.2 + + k8s.io/client-go/transport/spdy@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/apimachinery/pkg/api/equality@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + + k8s.io/apimachinery/pkg/watch@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/discovery@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + k8s.io/client-go/transport@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/dynamic@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + k8s.io/client-go/transport@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/transport/spdy@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + k8s.io/client-go/transport@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/pkg/kubeclientmetrics@#27bd8ce31415 + + k8s.io/client-go/rest@0.24.2 + + k8s.io/client-go/transport@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/testing@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + k8s.io/client-go/transport@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/kubernetes@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + k8s.io/client-go/transport@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/plugin/pkg/client/auth/azure@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + k8s.io/client-go/transport@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/plugin/pkg/client/auth/gcp@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + k8s.io/client-go/transport@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/plugin/pkg/client/auth/oidc@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + k8s.io/client-go/transport@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + + k8s.io/apimachinery/pkg/watch@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/api/rbac/v1@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + + k8s.io/apimachinery/pkg/watch@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + + k8s.io/apimachinery/pkg/watch@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/api/core/v1@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + + k8s.io/apimachinery/pkg/watch@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/apimachinery/pkg/api/errors@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + + k8s.io/apimachinery/pkg/watch@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/reflection@1.51.0 + + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.51.0 + + google.golang.org/grpc@1.51.0 + + google.golang.org/grpc/internal/transport@1.51.0 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health@1.51.0 + + google.golang.org/grpc/health/grpc_health_v1@1.51.0 + + google.golang.org/grpc@1.51.0 + + google.golang.org/grpc/internal/transport@1.51.0 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/health@#e284fd71cb96 + + github.com/argoproj/gitops-engine/pkg/utils/kube@#e284fd71cb96 + + k8s.io/kubectl/pkg/util/openapi@0.24.2 + + k8s.io/client-go/discovery@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/common@#e284fd71cb96 + + github.com/argoproj/gitops-engine/pkg/utils/kube@#e284fd71cb96 + + k8s.io/kubectl/pkg/util/openapi@0.24.2 + + k8s.io/client-go/discovery@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 + + k8s.io/client-go/restmapper@0.24.2 + + k8s.io/client-go/discovery@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/envtest@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/internal/testing/controlplane@0.11.0 + + k8s.io/client-go/tools/clientcmd@0.24.2 + + k8s.io/client-go/tools/auth@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/apimachinery/pkg/api/validation@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1/validation@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + + k8s.io/apimachinery/pkg/watch@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/portforward@0.24.2 + + k8s.io/api/core/v1@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + + k8s.io/apimachinery/pkg/watch@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/kubectl/pkg/util/openapi@0.24.2 + + k8s.io/client-go/discovery@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + k8s.io/client-go/transport@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/discovery/fake@0.24.2 + + k8s.io/client-go/testing@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + k8s.io/client-go/transport@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/kubernetes/fake@0.24.2 + + k8s.io/client-go/testing@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + k8s.io/client-go/transport@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/remotecommand@0.24.2 + + k8s.io/client-go/transport/spdy@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + k8s.io/client-go/transport@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/apimachinery/pkg/util/managedfields@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + + k8s.io/apimachinery/pkg/watch@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/resource@#e284fd71cb96 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + + k8s.io/apimachinery/pkg/watch@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/common@#e284fd71cb96 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + + k8s.io/apimachinery/pkg/watch@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/hook@#e284fd71cb96 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + + k8s.io/apimachinery/pkg/watch@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/ignore@#e284fd71cb96 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + + k8s.io/apimachinery/pkg/watch@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#e284fd71cb96 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + + k8s.io/apimachinery/pkg/watch@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/testing@#e284fd71cb96 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + + k8s.io/apimachinery/pkg/watch@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/record@0.24.2 + + k8s.io/client-go/tools/reference@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + + k8s.io/apimachinery/pkg/watch@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/cache@0.24.2 + + k8s.io/client-go/tools/pager@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + + k8s.io/apimachinery/pkg/watch@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.24.2 + + k8s.io/client-go/pkg/apis/clientauthentication@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + + k8s.io/apimachinery/pkg/watch@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/scheme@0.11.0 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + + k8s.io/apimachinery/pkg/watch@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/util/retry@0.24.2 + + k8s.io/apimachinery/pkg/api/errors@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + + k8s.io/apimachinery/pkg/watch@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/kubectl/pkg/util/resource@0.24.2 + + k8s.io/api/core/v1@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + + k8s.io/apimachinery/pkg/watch@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/health@#e284fd71cb96 + + k8s.io/kubectl/pkg/util/podutils@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + + k8s.io/apimachinery/pkg/watch@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.3.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.3.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags@1.3.0 + + google.golang.org/grpc@1.51.0 + + google.golang.org/grpc/internal/transport@1.51.0 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/client@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 + + k8s.io/client-go/restmapper@0.24.2 + + k8s.io/client-go/discovery@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/cache@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 + + k8s.io/client-go/restmapper@0.24.2 + + k8s.io/client-go/discovery@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/cache@#e284fd71cb96 + + k8s.io/kubectl/pkg/util/openapi@0.24.2 + + k8s.io/client-go/discovery@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + k8s.io/client-go/transport@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync@#e284fd71cb96 + + k8s.io/kubectl/pkg/util/openapi@0.24.2 + + k8s.io/client-go/discovery@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + k8s.io/client-go/transport@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube@#e284fd71cb96 + + k8s.io/kubectl/pkg/util/openapi@0.24.2 + + k8s.io/client-go/discovery@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + k8s.io/client-go/transport@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/kubectl/pkg/util/term@0.24.2 + + k8s.io/client-go/tools/remotecommand@0.24.2 + + k8s.io/client-go/transport/spdy@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + k8s.io/client-go/transport@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/apimachinery/pkg/runtime/serializer@0.24.2 + + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + + k8s.io/apimachinery/pkg/watch@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/listers/core/v1@0.24.2 + + k8s.io/client-go/tools/cache@0.24.2 + + k8s.io/client-go/tools/pager@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + + k8s.io/apimachinery/pkg/watch@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/api@#490d98afd1d6 + + k8s.io/client-go/tools/cache@0.24.2 + + k8s.io/client-go/tools/pager@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + + k8s.io/apimachinery/pkg/watch@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/informers/core/v1@0.24.2 + + k8s.io/client-go/tools/cache@0.24.2 + + k8s.io/client-go/tools/pager@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + + k8s.io/apimachinery/pkg/watch@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/informers@0.24.2 + + k8s.io/client-go/tools/cache@0.24.2 + + k8s.io/client-go/tools/pager@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + + k8s.io/apimachinery/pkg/watch@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/controller@#490d98afd1d6 + + k8s.io/client-go/tools/cache@0.24.2 + + k8s.io/client-go/tools/pager@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + + k8s.io/apimachinery/pkg/watch@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/hook@#e284fd71cb96 + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#e284fd71cb96 + + github.com/argoproj/gitops-engine/pkg/sync/common@#e284fd71cb96 + + github.com/argoproj/gitops-engine/pkg/utils/kube@#e284fd71cb96 + + k8s.io/kubectl/pkg/util/openapi@0.24.2 + + k8s.io/client-go/discovery@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#e284fd71cb96 + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#e284fd71cb96 + + github.com/argoproj/gitops-engine/pkg/sync/common@#e284fd71cb96 + + github.com/argoproj/gitops-engine/pkg/utils/kube@#e284fd71cb96 + + k8s.io/kubectl/pkg/util/openapi@0.24.2 + + k8s.io/client-go/discovery@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/manager@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/webhook@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/metrics@0.11.0 + + k8s.io/client-go/tools/cache@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/event@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/client@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 + + k8s.io/client-go/restmapper@0.24.2 + + k8s.io/client-go/discovery@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 + + k8s.io/client-go/restmapper@0.24.2 + + k8s.io/client-go/discovery@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + k8s.io/client-go/transport@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/clientcmd@0.24.2 + + k8s.io/client-go/tools/clientcmd/api/latest@0.24.2 + + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + + k8s.io/apimachinery/pkg/watch@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/kubernetes/scheme@0.24.2 + + k8s.io/apimachinery/pkg/runtime/serializer@0.24.2 + + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + + k8s.io/apimachinery/pkg/watch@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/ignore@#e284fd71cb96 + + github.com/argoproj/gitops-engine/pkg/sync/hook@#e284fd71cb96 + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#e284fd71cb96 + + github.com/argoproj/gitops-engine/pkg/sync/common@#e284fd71cb96 + + github.com/argoproj/gitops-engine/pkg/utils/kube@#e284fd71cb96 + + k8s.io/kubectl/pkg/util/openapi@0.24.2 + + k8s.io/client-go/discovery@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/handler@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/client@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 + + k8s.io/client-go/restmapper@0.24.2 + + k8s.io/client-go/discovery@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/client@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 + + k8s.io/client-go/restmapper@0.24.2 + + k8s.io/client-go/discovery@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + k8s.io/client-go/transport@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/cache@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 + + k8s.io/client-go/restmapper@0.24.2 + + k8s.io/client-go/discovery@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + k8s.io/client-go/transport@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/diff@#e284fd71cb96 + + k8s.io/client-go/kubernetes/scheme@0.24.2 + + k8s.io/apimachinery/pkg/runtime/serializer@0.24.2 + + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + + k8s.io/apimachinery/pkg/watch@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/envtest@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/webhook/conversion@0.11.0 + + k8s.io/apimachinery/pkg/runtime/serializer@0.24.2 + + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + + k8s.io/apimachinery/pkg/watch@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/cmd@#490d98afd1d6 + + k8s.io/client-go/tools/clientcmd@0.24.2 + + k8s.io/client-go/tools/clientcmd/api/latest@0.24.2 + + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + + k8s.io/apimachinery/pkg/watch@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#e284fd71cb96 + + k8s.io/kubernetes/pkg/apis/storage/install@1.24.2 + + k8s.io/kubernetes/pkg/apis/storage/v1beta1@1.24.2 + + k8s.io/kubernetes/pkg/apis/storage@1.24.2 + + k8s.io/kubernetes/pkg/apis/core@1.24.2 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + + k8s.io/apimachinery/pkg/watch@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/event@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/client@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 + + k8s.io/client-go/restmapper@0.24.2 + + k8s.io/client-go/discovery@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + k8s.io/client-go/transport@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/source@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/source/internal@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/predicate@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/event@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/client@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 + + k8s.io/client-go/restmapper@0.24.2 + + k8s.io/client-go/discovery@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/handler@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/client@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 + + k8s.io/client-go/restmapper@0.24.2 + + k8s.io/client-go/discovery@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + k8s.io/client-go/transport@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/source@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/source/internal@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/predicate@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/event@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/client@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 + + k8s.io/client-go/restmapper@0.24.2 + + k8s.io/client-go/discovery@0.24.2 + + k8s.io/client-go/rest@0.24.2 + + k8s.io/client-go/transport@0.24.2 + + k8s.io/apimachinery/pkg/util/net@0.24.2 + + golang.org/x/net/http2@0.1.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    +

    Affected versions of this package are vulnerable to Denial of Service (DoS) due to improper checks and limitations for the number of entries in the cache, which can allow an attacker to consume unbounded amounts of memory by sending a small number of very large keys.

    +

    Details

    +

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    +

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    +

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    +

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    +

    Two common types of DoS vulnerabilities:

    +
      +

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      +
      • +

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      +
      • +
    +

    Remediation

    +

    Upgrade golang.org/x/net/http2 to version 0.4.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +
    +
    + + + diff --git a/docs/snyk/v2.6.0-rc1/ghcr.io_dexidp_dex_v2.35.3.html b/docs/snyk/v2.6.0-rc1/ghcr.io_dexidp_dex_v2.35.3.html new file mode 100644 index 0000000000000..803f7caa9ed46 --- /dev/null +++ b/docs/snyk/v2.6.0-rc1/ghcr.io_dexidp_dex_v2.35.3.html @@ -0,0 +1,492 @@ + + + + + + + + + Snyk test report + + + + + + + + + +
    +
    +
    +
    + + + Snyk - Open Source Security + + + + + + + +
    +

    Snyk test report

    + +

    January 1st 2023, 12:18:44 am

    +
    +
    + Scanned the following path: +
      +
    • ghcr.io/dexidp/dex:v2.35.3/dexidp/dex (apk)
      • +
    +
    + +
    +
    0 known vulnerabilities
    +
    0 vulnerable dependency paths
    +
    14 dependencies
    +
    +
    +
    +
    +
    + + + + + + + +
    Project docker-image|ghcr.io/dexidp/dex
    Path ghcr.io/dexidp/dex:v2.35.3/dexidp/dex
    Package Manager apk
    +
    +
    + No known vulnerabilities detected. +
    +
    + + + diff --git a/docs/snyk/v2.6.0-rc1/haproxy_2.6.2-alpine.html b/docs/snyk/v2.6.0-rc1/haproxy_2.6.2-alpine.html new file mode 100644 index 0000000000000..93f3601521158 --- /dev/null +++ b/docs/snyk/v2.6.0-rc1/haproxy_2.6.2-alpine.html @@ -0,0 +1,492 @@ + + + + + + + + + Snyk test report + + + + + + + + + +
    +
    +
    +
    + + + Snyk - Open Source Security + + + + + + + +
    +

    Snyk test report

    + +

    January 1st 2023, 12:18:46 am

    +
    +
    + Scanned the following path: +
      +
    • haproxy:2.6.2-alpine (apk)
      • +
    +
    + +
    +
    0 known vulnerabilities
    +
    0 vulnerable dependency paths
    +
    17 dependencies
    +
    +
    +
    +
    +
    + + + + + + + +
    Project docker-image|haproxy
    Path haproxy:2.6.2-alpine
    Package Manager apk
    +
    +
    + No known vulnerabilities detected. +
    +
    + + + diff --git a/docs/snyk/v2.6.0-rc1/quay.io_argoproj_argocd_v2.6.0-rc1.html b/docs/snyk/v2.6.0-rc1/quay.io_argoproj_argocd_v2.6.0-rc1.html new file mode 100644 index 0000000000000..7d104185ee730 --- /dev/null +++ b/docs/snyk/v2.6.0-rc1/quay.io_argoproj_argocd_v2.6.0-rc1.html @@ -0,0 +1,2559 @@ + + + + + + + + + Snyk test report + + + + + + + + + +
    +
    +
    +
    + + + Snyk - Open Source Security + + + + + + + +
    +

    Snyk test report

    + +

    January 1st 2023, 12:19:03 am

    +
    +
    + Scanned the following path: +
      +
    • quay.io/argoproj/argocd:v2.6.0-rc1/argoproj/argocd (deb)
      • +
    +
    + +
    +
    17 known vulnerabilities
    +
    93 vulnerable dependency paths
    +
    162 dependencies
    +
    +
    +
    +
    +
    + + + + + + + +
    Project docker-image|quay.io/argoproj/argocd
    Path quay.io/argoproj/argocd:v2.6.0-rc1/argoproj/argocd
    Package Manager deb
    Manifest Dockerfile
    +
    +
    +
    +
    +

    Off-by-one Error

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + systemd/libsystemd0 +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 and systemd/libsystemd0@249.11-0ubuntu3.6 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + systemd/libsystemd0@249.11-0ubuntu3.6 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + apt@2.4.8 + + systemd/libsystemd0@249.11-0ubuntu3.6 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + procps/libprocps8@2:3.3.17-6ubuntu2 + + systemd/libsystemd0@249.11-0ubuntu3.6 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + util-linux@2.37.2-4ubuntu3 + + systemd/libsystemd0@249.11-0ubuntu3.6 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + util-linux/bsdutils@1:2.37.2-4ubuntu3 + + systemd/libsystemd0@249.11-0ubuntu3.6 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + apt@2.4.8 + + apt/libapt-pkg6.0@2.4.8 + + systemd/libsystemd0@249.11-0ubuntu3.6 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + systemd/libudev1@249.11-0ubuntu3.6 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + libfido2/libfido2-1@1.10.0-1 + + systemd/libudev1@249.11-0ubuntu3.6 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + util-linux@2.37.2-4ubuntu3 + + systemd/libudev1@249.11-0ubuntu3.6 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + apt@2.4.8 + + apt/libapt-pkg6.0@2.4.8 + + systemd/libudev1@249.11-0ubuntu3.6 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply to the upstream systemd package.

    +

    An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 systemd.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    CVE-2022-46908

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + sqlite3/libsqlite3-0 +
      • + +
    • Introduced through: + + + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1, gnupg2/gpg@2.2.27-3ubuntu2.1 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + gnupg2/gpg@2.2.27-3ubuntu2.1 + + sqlite3/libsqlite3-0@3.37.2-2ubuntu0.1 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply to the upstream sqlite3 package.

    +

    SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 sqlite3.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    CVE-2022-43552

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + curl/libcurl3-gnutls +
      • + +
    • Introduced through: + + + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1, git@1:2.34.1-1ubuntu1.5 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + git@1:2.34.1-1ubuntu1.5 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.6 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    This vulnerability has not been analyzed by NVD yet.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 curl.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    CVE-2022-43551

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + curl/libcurl3-gnutls +
      • + +
    • Introduced through: + + + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1, git@1:2.34.1-1ubuntu1.5 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + git@1:2.34.1-1ubuntu1.5 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.6 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply to the upstream curl package.

    +

    A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypassed if the host name in the given URL first uses IDN characters that get replaced to ASCII counterparts as part of the IDN conversion. Like using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop (U+002E) .. Then in a subsequent request, it does not detect the HSTS state and makes a clear text transfer. Because it would store the info IDN encoded but look for it IDN decoded.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 curl.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Uncontrolled Recursion

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + pcre3/libpcre3 +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + grep@3.7-1build1 + + pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply to the upstream pcre3 package.

    +

    In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 pcre3.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Release of Invalid Pointer or Reference

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + patch +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 and patch@2.7.6-7build2 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + patch@2.7.6-7build2 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply to the upstream patch package.

    +

    An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 patch.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Double Free

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + patch +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 and patch@2.7.6-7build2 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + patch@2.7.6-7build2 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply to the upstream patch package.

    +

    A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 patch.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Improper Locking

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + openssl/libssl3 +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 and openssl/libssl3@3.0.2-0ubuntu1.7 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + openssl/libssl3@3.0.2-0ubuntu1.7 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1 + + openssl/libssl3@3.0.2-0ubuntu1.7 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + libfido2/libfido2-1@1.10.0-1 + + openssl/libssl3@3.0.2-0ubuntu1.7 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + openssh/openssh-client@1:8.9p1-3 + + openssl/libssl3@3.0.2-0ubuntu1.7 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + ca-certificates@20211016ubuntu0.22.04.1 + + openssl@3.0.2-0ubuntu1.7 + + openssl/libssl3@3.0.2-0ubuntu1.7 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + git@1:2.34.1-1ubuntu1.5 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.6 + + libssh/libssh-4@0.9.6-2build1 + + openssl/libssl3@3.0.2-0ubuntu1.7 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.1 + + pam/libpam-modules@1.4.0-11ubuntu2 + + libnsl/libnsl2@1.3.0-2build2 + + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + + krb5/libgssapi-krb5-2@1.19.2-2 + + krb5/libkrb5-3@1.19.2-2 + + openssl/libssl3@3.0.2-0ubuntu1.7 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + openssl@3.0.2-0ubuntu1.7 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + ca-certificates@20211016ubuntu0.22.04.1 + + openssl@3.0.2-0ubuntu1.7 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply to the upstream openssl package.

    +

    If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems (most widely: Windows) this results in a denial of service when the affected process hangs. Policy processing being enabled on a publicly facing server is not considered to be a common setup. Policy processing is enabled by passing the -policy&#39; argument to the command line utilities or by calling either X509_VERIFY_PARAM_add0_policy()' or `X509_VERIFY_PARAM_set1_policies()' functions.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 openssl.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    CVE-2021-41617

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + openssh/openssh-client +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 and openssh/openssh-client@1:8.9p1-3 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + openssh/openssh-client@1:8.9p1-3 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply to the upstream openssh package.

    +

    sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 openssh.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Information Exposure

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + openssh/openssh-client +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 and openssh/openssh-client@1:8.9p1-3 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + openssh/openssh-client@1:8.9p1-3 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply to the upstream openssh package.

    +

    The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 openssh.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Out-of-bounds Read

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + ncurses/libtinfo6 +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 and ncurses/libtinfo6@6.3-2 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + ncurses/libtinfo6@6.3-2 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + bash@5.1-6ubuntu1 + + ncurses/libtinfo6@6.3-2 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + ncurses/libncursesw6@6.3-2 + + ncurses/libtinfo6@6.3-2 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + less@590-1build1 + + ncurses/libtinfo6@6.3-2 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + libedit/libedit2@3.1-20210910-1build1 + + ncurses/libtinfo6@6.3-2 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + ncurses/libncurses6@6.3-2 + + ncurses/libtinfo6@6.3-2 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + ncurses/ncurses-bin@6.3-2 + + ncurses/libtinfo6@6.3-2 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + procps@2:3.3.17-6ubuntu2 + + ncurses/libtinfo6@6.3-2 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + util-linux@2.37.2-4ubuntu3 + + ncurses/libtinfo6@6.3-2 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + gnupg2/gpg@2.2.27-3ubuntu2.1 + + gnupg2/gpgconf@2.2.27-3ubuntu2.1 + + readline/libreadline8@8.1.2-1 + + ncurses/libtinfo6@6.3-2 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + gnupg2/gnupg@2.2.27-3ubuntu2.1 + + gnupg2/gpg-agent@2.2.27-3ubuntu2.1 + + pinentry/pinentry-curses@1.1.1-1build2 + + ncurses/libtinfo6@6.3-2 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + ncurses/libncursesw6@6.3-2 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + procps@2:3.3.17-6ubuntu2 + + ncurses/libncursesw6@6.3-2 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + gnupg2/gnupg@2.2.27-3ubuntu2.1 + + gnupg2/gpg-agent@2.2.27-3ubuntu2.1 + + pinentry/pinentry-curses@1.1.1-1build2 + + ncurses/libncursesw6@6.3-2 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + ncurses/libncurses6@6.3-2 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + procps@2:3.3.17-6ubuntu2 + + ncurses/libncurses6@6.3-2 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + ncurses/ncurses-base@6.3-2 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + ncurses/ncurses-bin@6.3-2 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply to the upstream ncurses package.

    +

    ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 ncurses.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Integer Overflow or Wraparound

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + krb5/libk5crypto3 +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 and krb5/libk5crypto3@1.19.2-2 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + krb5/libk5crypto3@1.19.2-2 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.1 + + pam/libpam-modules@1.4.0-11ubuntu2 + + libnsl/libnsl2@1.3.0-2build2 + + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + + krb5/libgssapi-krb5-2@1.19.2-2 + + krb5/libk5crypto3@1.19.2-2 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.1 + + pam/libpam-modules@1.4.0-11ubuntu2 + + libnsl/libnsl2@1.3.0-2build2 + + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + + krb5/libgssapi-krb5-2@1.19.2-2 + + krb5/libkrb5-3@1.19.2-2 + + krb5/libk5crypto3@1.19.2-2 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + krb5/libkrb5-3@1.19.2-2 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.1 + + pam/libpam-modules@1.4.0-11ubuntu2 + + libnsl/libnsl2@1.3.0-2build2 + + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + + krb5/libgssapi-krb5-2@1.19.2-2 + + krb5/libkrb5-3@1.19.2-2 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + krb5/libgssapi-krb5-2@1.19.2-2 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + openssh/openssh-client@1:8.9p1-3 + + krb5/libgssapi-krb5-2@1.19.2-2 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + git@1:2.34.1-1ubuntu1.5 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.6 + + krb5/libgssapi-krb5-2@1.19.2-2 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + git@1:2.34.1-1ubuntu1.5 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.6 + + libssh/libssh-4@0.9.6-2build1 + + krb5/libgssapi-krb5-2@1.19.2-2 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.1 + + pam/libpam-modules@1.4.0-11ubuntu2 + + libnsl/libnsl2@1.3.0-2build2 + + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + + krb5/libgssapi-krb5-2@1.19.2-2 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + meta-common-packages@meta + + krb5/libkrb5support0@1.19.2-2 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply to the upstream krb5 package.

    +

    An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 krb5.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    CVE-2022-3219

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + gnupg2/gpgv +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 and gnupg2/gpgv@2.2.27-3ubuntu2.1 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + gnupg2/gpgv@2.2.27-3ubuntu2.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + apt@2.4.8 + + gnupg2/gpgv@2.2.27-3ubuntu2.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + gnupg2/gnupg@2.2.27-3ubuntu2.1 + + gnupg2/gpgv@2.2.27-3ubuntu2.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + gnupg2/dirmngr@2.2.27-3ubuntu2.1 + + gnupg2/gpgconf@2.2.27-3ubuntu2.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + gnupg2/gpg@2.2.27-3ubuntu2.1 + + gnupg2/gpgconf@2.2.27-3ubuntu2.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + gnupg2/gnupg@2.2.27-3ubuntu2.1 + + gnupg2/gpg-agent@2.2.27-3ubuntu2.1 + + gnupg2/gpgconf@2.2.27-3ubuntu2.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + gnupg2/gnupg@2.2.27-3ubuntu2.1 + + gnupg2/gpgsm@2.2.27-3ubuntu2.1 + + gnupg2/gpgconf@2.2.27-3ubuntu2.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + gnupg2/dirmngr@2.2.27-3ubuntu2.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + gnupg2/gnupg@2.2.27-3ubuntu2.1 + + gnupg2/dirmngr@2.2.27-3ubuntu2.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + gnupg2/gnupg@2.2.27-3ubuntu2.1 + + gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 + + gnupg2/dirmngr@2.2.27-3ubuntu2.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + gnupg2/gnupg@2.2.27-3ubuntu2.1 + + gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + gnupg2/gnupg@2.2.27-3ubuntu2.1 + + gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + gnupg2/gpg@2.2.27-3ubuntu2.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + gnupg2/gnupg@2.2.27-3ubuntu2.1 + + gnupg2/gpg@2.2.27-3ubuntu2.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + gnupg2/gnupg@2.2.27-3ubuntu2.1 + + gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 + + gnupg2/gpg@2.2.27-3ubuntu2.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + gnupg2/gnupg@2.2.27-3ubuntu2.1 + + gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 + + gnupg2/gpg@2.2.27-3ubuntu2.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + gnupg2/gpg-agent@2.2.27-3ubuntu2.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + gnupg2/gnupg@2.2.27-3ubuntu2.1 + + gnupg2/gpg-agent@2.2.27-3ubuntu2.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + gnupg2/gnupg@2.2.27-3ubuntu2.1 + + gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 + + gnupg2/gpg-agent@2.2.27-3ubuntu2.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + gnupg2/gnupg@2.2.27-3ubuntu2.1 + + gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 + + gnupg2/gpg-agent@2.2.27-3ubuntu2.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + gnupg2/gnupg@2.2.27-3ubuntu2.1 + + gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + gnupg2/gnupg@2.2.27-3ubuntu2.1 + + gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + gnupg2/gpgsm@2.2.27-3ubuntu2.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + gnupg2/gnupg@2.2.27-3ubuntu2.1 + + gnupg2/gpgsm@2.2.27-3ubuntu2.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + gnupg2/gnupg@2.2.27-3ubuntu2.1 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    This vulnerability has not been analyzed by NVD yet.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 gnupg2.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Allocation of Resources Without Limits or Throttling

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + glibc/libc-bin +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 and glibc/libc-bin@2.35-0ubuntu3.1 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + glibc/libc-bin@2.35-0ubuntu3.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + meta-common-packages@meta + + glibc/libc6@2.35-0ubuntu3.1 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply to the upstream glibc package.

    +

    sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 glibc.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Improper Input Validation

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + git/git-man +
      • + +
    • Introduced through: + + + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1, git@1:2.34.1-1ubuntu1.5 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + git@1:2.34.1-1ubuntu1.5 + + git/git-man@1:2.34.1-1ubuntu1.5 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + git@1:2.34.1-1ubuntu1.5 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + git-lfs@3.0.2-1 + + git@1:2.34.1-1ubuntu1.5 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply to the upstream git package.

    +

    GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack).

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 git.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Improper Input Validation

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + coreutils +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 and coreutils@8.32-4.1ubuntu1 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + coreutils@8.32-4.1ubuntu1 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply to the upstream coreutils package.

    +

    chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 coreutils.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    CVE-2022-3715

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + bash +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 and bash@5.1-6ubuntu1 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.0-rc1 + + bash@5.1-6ubuntu1 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    This vulnerability has not been analyzed by NVD yet.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 bash.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +
    +
    + + + diff --git a/docs/snyk/v2.6.0-rc1/redis_7.0.5-alpine.html b/docs/snyk/v2.6.0-rc1/redis_7.0.5-alpine.html new file mode 100644 index 0000000000000..37248b814298b --- /dev/null +++ b/docs/snyk/v2.6.0-rc1/redis_7.0.5-alpine.html @@ -0,0 +1,492 @@ + + + + + + + + + Snyk test report + + + + + + + + + +
    +
    +
    +
    + + + Snyk - Open Source Security + + + + + + + +
    +

    Snyk test report

    + +

    January 1st 2023, 12:19:06 am

    +
    +
    + Scanned the following path: +
      +
    • redis:7.0.5-alpine (apk)
      • +
    +
    + +
    +
    0 known vulnerabilities
    +
    0 vulnerable dependency paths
    +
    18 dependencies
    +
    +
    +
    +
    +
    + + + + + + + +
    Project docker-image|redis
    Path redis:7.0.5-alpine
    Package Manager apk
    +
    +
    + No known vulnerabilities detected. +
    +
    + + + From da86be4575e513c058656c300cdb7959e94bd07f Mon Sep 17 00:00:00 2001 From: asingh <11219262+ashutosh16@users.noreply.github.com> Date: Tue, 3 Jan 2023 13:19:43 -0800 Subject: [PATCH 234/304] fix: Applications with suspended jobs now marked "Suspended" instead of "Progressing" (#11603) (#11626) * fix: add suspended condition Signed-off-by: ashutosh16 <11219262+ashutosh16@users.noreply.github.com> * fix: add suspended condition Signed-off-by: ashutosh16 <11219262+ashutosh16@users.noreply.github.com> * Update go.sum Signed-off-by: asingh <11219262+ashutosh16@users.noreply.github.com> * fix: add suspended condition Signed-off-by: ashutosh16 <11219262+ashutosh16@users.noreply.github.com> * fix: add suspended condition Signed-off-by: ashutosh16 <11219262+ashutosh16@users.noreply.github.com> * Update go.sum Signed-off-by: asingh <11219262+ashutosh16@users.noreply.github.com> * upgrade notes for 2.6 Signed-off-by: ashutosh16 <11219262+ashutosh16@users.noreply.github.com> Signed-off-by: ashutosh16 <11219262+ashutosh16@users.noreply.github.com> Signed-off-by: asingh <11219262+ashutosh16@users.noreply.github.com> Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: emirot --- docs/operator-manual/health.md | 10 ++++++---- docs/operator-manual/upgrading/2.5-2.6.md | 5 +++++ go.mod | 2 +- go.sum | 4 ++-- 4 files changed, 14 insertions(+), 7 deletions(-) diff --git a/docs/operator-manual/health.md b/docs/operator-manual/health.md index f52cfd27d73ee..4475fa0e5eb20 100644 --- a/docs/operator-manual/health.md +++ b/docs/operator-manual/health.md @@ -16,6 +16,8 @@ with at least one value for `hostname` or `IP`. ### Ingress * The `status.loadBalancer.ingress` list is non-empty, with at least one value for `hostname` or `IP`. +### Job +* If job `.spec.suspended` is set to 'true', then the job and app health will be marked as suspended. ### PersistentVolumeClaim * The `status.phase` is `Bound` @@ -38,7 +40,7 @@ metadata: data: resource.customizations: | argoproj.io/Application: - health.lua: | + health.lua: | hs = {} hs.status = "Progressing" hs.message = "" @@ -64,11 +66,11 @@ There are two ways to configure a custom health check. The next two sections des ### Way 1. Define a Custom Health Check in `argocd-cm` ConfigMap -Custom health checks can be defined in +Custom health checks can be defined in ```yaml resource.customizations: | : - health.lua: | + health.lua: | ``` field of `argocd-cm`. If you are using argocd-operator, this is overridden by [the argocd-operator resourceCustomizations](https://argocd-operator.readthedocs.io/en/latest/reference/argocd/#resource-customizations). @@ -106,7 +108,7 @@ In order to prevent duplication of the same custom health check for potentially ```yaml resource.customizations: | ec2.aws.crossplane.io/*: - health.lua: | + health.lua: | ... ``` diff --git a/docs/operator-manual/upgrading/2.5-2.6.md b/docs/operator-manual/upgrading/2.5-2.6.md index de52bf09b7705..65864c88896ab 100644 --- a/docs/operator-manual/upgrading/2.5-2.6.md +++ b/docs/operator-manual/upgrading/2.5-2.6.md @@ -6,3 +6,8 @@ Argo CD 2.5 introduced [Go templating in ApplicationSets](https://argo-cd.readth Argo CD 2.6 upgrades Sprig to v3. That upgrade includes an upgrade of [Masterminds/semver](https://github.com/Masterminds/semver/releases) to v3. Masterminds/semver v3 changed the behavior of the `^` prefix in semantic version constraints. If you are using Go-templated ApplicationSets which include references to [Sprig's semver functions](https://masterminds.github.io/sprig/semver.html) and use the `^` prefix, read the [Masterminds/semver changelog](https://github.com/Masterminds/semver/releases/tag/v3.0.0) to understand how your ApplicationSets' behavior may change. + +## Applications with suspended jobs now marked "Suspended" instead of "Progressing" +Prior to Argo CD v2.6, an Application managing a suspended Job would be marked as "Progressing". This was confusing/unexpected behavior for many. Starting with v2.6, Argo CD will mark such Applications as "Suspended". + +If you have processes which rely on the previous behavior (for example, a CI job with an argocd app wait call), update those before upgrading to v2.6. \ No newline at end of file diff --git a/go.mod b/go.mod index eca27228cfeb8..8c58364fb8c93 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( github.com/Masterminds/semver/v3 v3.2.0 github.com/TomOnTime/utfutil v0.0.0-20180511104225-09c41003ee1d github.com/alicebob/miniredis/v2 v2.23.1 - github.com/argoproj/gitops-engine v0.7.1-0.20221108210551-e284fd71cb96 + github.com/argoproj/gitops-engine v0.7.1-0.20221208230615-917f5a0f16d5 github.com/argoproj/notifications-engine v0.3.1-0.20221203221941-490d98afd1d6 github.com/argoproj/pkg v0.13.7-0.20221115212233-27bd8ce31415 github.com/aws/aws-sdk-go v1.44.164 diff --git a/go.sum b/go.sum index 9f46b062bde1d..6ab3559a92e8d 100644 --- a/go.sum +++ b/go.sum @@ -147,8 +147,8 @@ github.com/antonmedv/expr v1.9.0/go.mod h1:5qsM3oLGDND7sDmQGDXHkYfkjYMUX14qsgqmH github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= github.com/apache/thrift v0.13.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= github.com/appscode/go v0.0.0-20191119085241-0887d8ec2ecc/go.mod h1:OawnOmAL4ZX3YaPdN+8HTNwBveT1jMsqP74moa9XUbE= -github.com/argoproj/gitops-engine v0.7.1-0.20221108210551-e284fd71cb96 h1:4CQn3gY9aAsQwHWGnADGyfGfBjE+yEw4zoy5SN7uuZc= -github.com/argoproj/gitops-engine v0.7.1-0.20221108210551-e284fd71cb96/go.mod h1:WpA/B7tgwfz+sdNE3LqrTrb7ArEY1FOPI2pAGI0hfPc= +github.com/argoproj/gitops-engine v0.7.1-0.20221208230615-917f5a0f16d5 h1:iRpHi7X3q9G55KTaMjxKicgNnS2blFHaEfOOgsmP8lE= +github.com/argoproj/gitops-engine v0.7.1-0.20221208230615-917f5a0f16d5/go.mod h1:WpA/B7tgwfz+sdNE3LqrTrb7ArEY1FOPI2pAGI0hfPc= github.com/argoproj/notifications-engine v0.3.1-0.20221203221941-490d98afd1d6 h1:b92Xft7MQv/SP56FW08zt5CMTE1rySH8UPDKOAgSzOM= github.com/argoproj/notifications-engine v0.3.1-0.20221203221941-490d98afd1d6/go.mod h1:pgPU59KCsBOMhyw9amRWPoSuBmUWvx3Xsc5r0mUriLg= github.com/argoproj/pkg v0.13.7-0.20221115212233-27bd8ce31415 h1:/5UtDHntvwPxbe/j2+xmQgvG83PQueGHko+9sf8+FA0= From cc0d97aac9f5fe711fae72ae10172d19a1fa462d Mon Sep 17 00:00:00 2001 From: Alex Eftimie Date: Wed, 4 Jan 2023 19:40:51 +0100 Subject: [PATCH 235/304] fix: Application's own link in UI (#11123) (#11124) Signed-off-by: Alex Eftimie Co-authored-by: Remington Breeze Signed-off-by: emirot --- controller/appcontroller.go | 4 +-- pkg/apis/application/v1alpha1/types.go | 9 ++++- pkg/apis/application/v1alpha1/types_test.go | 17 ++++++++++ .../application-resource-tree.tsx | 11 ++---- .../applications-list/applications-table.tsx | 2 +- .../applications/components/utils.test.tsx | 34 +------------------ ui/src/app/applications/components/utils.tsx | 16 --------- 7 files changed, 31 insertions(+), 62 deletions(-) diff --git a/controller/appcontroller.go b/controller/appcontroller.go index a989c5a16d7dd..97c48bf87d8c4 100644 --- a/controller/appcontroller.go +++ b/controller/appcontroller.go @@ -1356,7 +1356,7 @@ func (ctrl *ApplicationController) processAppRefreshQueueItem() (processNext boo } else { var tree *appv1.ApplicationTree if tree, err = ctrl.getResourceTree(app, managedResources); err == nil { - app.Status.Summary = tree.GetSummary() + app.Status.Summary = tree.GetSummary(app) if err := ctrl.cache.SetAppResourcesTree(app.InstanceName(ctrl.namespace), tree); err != nil { logCtx.Errorf("Failed to cache resources tree: %v", err) return @@ -1430,7 +1430,7 @@ func (ctrl *ApplicationController) processAppRefreshQueueItem() (processNext boo if err != nil { logCtx.Errorf("Failed to cache app resources: %v", err) } else { - app.Status.Summary = tree.GetSummary() + app.Status.Summary = tree.GetSummary(app) } if project.Spec.SyncWindows.Matches(app).CanSync(false) { diff --git a/pkg/apis/application/v1alpha1/types.go b/pkg/apis/application/v1alpha1/types.go index 3aada49a29022..73a1a32da8295 100644 --- a/pkg/apis/application/v1alpha1/types.go +++ b/pkg/apis/application/v1alpha1/types.go @@ -33,6 +33,7 @@ import ( "k8s.io/client-go/tools/clientcmd" "k8s.io/client-go/tools/clientcmd/api" + "github.com/argoproj/argo-cd/v2/common" "github.com/argoproj/argo-cd/v2/util/collections" "github.com/argoproj/argo-cd/v2/util/helm" "github.com/argoproj/argo-cd/v2/util/security" @@ -1235,7 +1236,7 @@ func (t *ApplicationTree) FindNode(group string, kind string, namespace string, } // TODO: Document purpose of this method -func (t *ApplicationTree) GetSummary() ApplicationSummary { +func (t *ApplicationTree) GetSummary(app *Application) ApplicationSummary { urlsSet := make(map[string]bool) imagesSet := make(map[string]bool) for _, node := range t.Nodes { @@ -1248,6 +1249,12 @@ func (t *ApplicationTree) GetSummary() ApplicationSummary { imagesSet[image] = true } } + // also add Application's own links + for k, v := range app.GetAnnotations() { + if strings.HasPrefix(k, common.AnnotationKeyLinkPrefix) { + urlsSet[v] = true + } + } urls := make([]string, 0) for url := range urlsSet { urls = append(urls, url) diff --git a/pkg/apis/application/v1alpha1/types_test.go b/pkg/apis/application/v1alpha1/types_test.go index 0546f007d18bf..17f6982581db3 100644 --- a/pkg/apis/application/v1alpha1/types_test.go +++ b/pkg/apis/application/v1alpha1/types_test.go @@ -3225,6 +3225,23 @@ func Test_RBACName(t *testing.T) { }) } +func TestGetSummary(t *testing.T) { + tree := ApplicationTree{} + app := newTestApp() + + summary := tree.GetSummary(app) + assert.Equal(t, len(summary.ExternalURLs), 0) + + const annotationName = argocdcommon.AnnotationKeyLinkPrefix + "/my-link" + const url = "https://example.com" + app.Annotations = make(map[string]string) + app.Annotations[annotationName] = url + + summary = tree.GetSummary(app) + assert.Equal(t, len(summary.ExternalURLs), 1) + assert.Equal(t, summary.ExternalURLs[0], url) +} + func TestApplicationSourcePluginParameters_Environ_string(t *testing.T) { params := ApplicationSourcePluginParameters{ { diff --git a/ui/src/app/applications/components/application-resource-tree/application-resource-tree.tsx b/ui/src/app/applications/components/application-resource-tree/application-resource-tree.tsx index 07af871a44455..7a958973f1b12 100644 --- a/ui/src/app/applications/components/application-resource-tree/application-resource-tree.tsx +++ b/ui/src/app/applications/components/application-resource-tree/application-resource-tree.tsx @@ -16,7 +16,6 @@ import { ComparisonStatusIcon, deletePodAction, getAppOverridesCount, - getExternalUrls, HealthStatusIcon, isAppNode, isYoungerThanXMinutes, @@ -376,10 +375,7 @@ function renderPodGroup(props: ApplicationResourceTreeProps, id: string, node: R } const appNode = isAppNode(node); const rootNode = !node.root; - let extLinks: string[] = props.app.status.summary.externalURLs; - if (rootNode) { - extLinks = getExternalUrls(props.app.metadata.annotations, props.app.status.summary.externalURLs); - } + const extLinks: string[] = props.app.status.summary.externalURLs; const podGroupChildren = childMap.get(treeNodeKey(node)); const nonPodChildren = podGroupChildren?.reduce((acc, child) => { if (child.kind !== 'Pod') { @@ -605,11 +601,8 @@ function renderResourceNode(props: ApplicationResourceTreeProps, id: string, nod } const appNode = isAppNode(node); const rootNode = !node.root; - let extLinks: string[] = props.app.status.summary.externalURLs; + const extLinks: string[] = props.app.status.summary.externalURLs; const childCount = nodesHavingChildren.get(node.uid); - if (rootNode) { - extLinks = getExternalUrls(props.app.metadata.annotations, props.app.status.summary.externalURLs); - } return (
    props.onNodeClick && props.onNodeClick(fullName)} diff --git a/ui/src/app/applications/components/applications-list/applications-table.tsx b/ui/src/app/applications/components/applications-list/applications-table.tsx index c3b0fa9dd9350..a34ea5d4d2191 100644 --- a/ui/src/app/applications/components/applications-list/applications-table.tsx +++ b/ui/src/app/applications/components/applications-list/applications-table.tsx @@ -83,7 +83,7 @@ export const ApplicationsTable = (props: { /> - +
    Project:
    diff --git a/ui/src/app/applications/components/utils.test.tsx b/ui/src/app/applications/components/utils.test.tsx index 8c453fdea9744..b7208f1854561 100644 --- a/ui/src/app/applications/components/utils.test.tsx +++ b/ui/src/app/applications/components/utils.test.tsx @@ -1,7 +1,7 @@ import * as React from 'react'; import * as renderer from 'react-test-renderer'; import {Application, HealthStatus, HealthStatuses, OperationPhases, ResourceResult, ResultCodes, SyncStatuses} from '../../shared/models'; -import {ComparisonStatusIcon, getAppOperationState, getExternalUrls, getOperationType, HealthStatusIcon, OperationState, ResourceResultIcon} from './utils'; +import {ComparisonStatusIcon, getAppOperationState, getOperationType, HealthStatusIcon, OperationState, ResourceResultIcon} from './utils'; const zero = new Date(0).toISOString(); @@ -28,38 +28,6 @@ test('getAppOperationState.Status', () => { expect(state.phase).toBe(OperationPhases.Error); }); -test('getExternalUrls One URL from annotation, Empty External URL array', () => { - const links = getExternalUrls( - { - 'link.argocd.argoproj.io/external-link' : 'https://github.com/argoproj/argo-cd' - }, [] - ); - expect(links.length).toBe(1); - expect(links[0]).toBe('https://github.com/argoproj/argo-cd'); -}); - -test('getExternalUrls One URL from annotation, null URL array', () => { - const links = getExternalUrls( - { - 'link.argocd.argoproj.io/external-link' : 'https://github.com/argoproj/argo-cd' - }, null - ); - expect(links.length).toBe(1); - expect(links[0]).toBe('https://github.com/argoproj/argo-cd'); -}); - -test('getExternalUrls One URL from annotation, One External URL array', () => { - const links = getExternalUrls( - { - 'link.argocd.argoproj.io/external-link' : 'https://github.com/argoproj/argo-cd' - }, ['http://ingress-url:1234'] - ); - - expect(links.length).toBe(2); - expect(links[0]).toBe('http://ingress-url:1234'); - expect(links[1]).toBe('https://github.com/argoproj/argo-cd'); -}); - test('getOperationType.Delete', () => { const state = getOperationType({metadata: {deletionTimestamp: zero.toString()}} as Application); diff --git a/ui/src/app/applications/components/utils.tsx b/ui/src/app/applications/components/utils.tsx index 49469eace6003..459b7cf72b654 100644 --- a/ui/src/app/applications/components/utils.tsx +++ b/ui/src/app/applications/components/utils.tsx @@ -24,8 +24,6 @@ export interface NodeId { createdAt?: appModels.Time; } -export const ExternalLinkAnnotation = 'link.argocd.argoproj.io/external-link'; - type ActionMenuItem = MenuItem & {disabled?: boolean; tooltip?: string}; export function nodeKey(node: NodeId) { @@ -824,20 +822,6 @@ export const getAppOperationState = (app: appModels.Application): appModels.Oper } }; -export function getExternalUrls(annotations: {[name: string]: string}, urls: string[]): string[] { - if (!annotations) { - return urls; - } - const extLinks = urls || []; - const extLink: string = annotations[ExternalLinkAnnotation]; - if (extLink) { - if (!extLinks.includes(extLink)) { - extLinks.push(extLink); - } - } - return extLinks; -} - export function getOperationType(application: appModels.Application) { const operation = application.operation || (application.status && application.status.operationState && application.status.operationState.operation); if (application.metadata.deletionTimestamp && !application.operation) { From 4a0b66dfe836b6993509f5a4fdbf693f084cf8a1 Mon Sep 17 00:00:00 2001 From: jiwonaid Date: Thu, 5 Jan 2023 04:42:39 +0900 Subject: [PATCH 236/304] fix: ui cluster server url overlaps (#11873) Signed-off-by: Jiwon Kim Co-authored-by: Remington Breeze Signed-off-by: emirot --- .../settings/components/cluster-details/cluster-details.tsx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ui/src/app/settings/components/cluster-details/cluster-details.tsx b/ui/src/app/settings/components/cluster-details/cluster-details.tsx index 9e1a7a7923e9f..472ccf26ee283 100644 --- a/ui/src/app/settings/components/cluster-details/cluster-details.tsx +++ b/ui/src/app/settings/components/cluster-details/cluster-details.tsx @@ -28,9 +28,9 @@ export const ClusterDetails = (props: RouteComponentProps<{server: string}>) => timer(0, 1000).pipe(mergeMap(() => from(services.clusters.get(url, ''))))}> {(cluster: Cluster) => ( Date: Thu, 5 Jan 2023 20:13:08 +0530 Subject: [PATCH 237/304] feat: set cluster command (#9996) Signed-off-by: maheshbaliga Signed-off-by: maheshbaliga Signed-off-by: emirot --- cmd/argocd/commands/cluster.go | 83 ++++++++++++++++++- cmd/argocd/commands/completion.go | 1 + docs/user-guide/commands/argocd_cluster.md | 4 + .../user-guide/commands/argocd_cluster_set.md | 51 ++++++++++++ test/e2e/cluster_test.go | 19 +++++ test/e2e/fixture/cluster/actions.go | 13 +++ test/e2e/fixture/cluster/context.go | 16 ++-- 7 files changed, 181 insertions(+), 6 deletions(-) create mode 100644 docs/user-guide/commands/argocd_cluster_set.md diff --git a/cmd/argocd/commands/cluster.go b/cmd/argocd/commands/cluster.go index ef37ec25aa211..fa8a50d05c25f 100644 --- a/cmd/argocd/commands/cluster.go +++ b/cmd/argocd/commands/cluster.go @@ -27,6 +27,17 @@ import ( "github.com/argoproj/argo-cd/v2/util/text/label" ) +const ( + // type of the cluster ID is 'name' + clusterIdTypeName = "name" + // cluster field is 'name' + clusterFieldName = "name" + // cluster field is 'namespaces' + clusterFieldNamespaces = "namespaces" + // indicates managing all namespaces + allNamespaces = "*" +) + // NewClusterCommand returns a new instance of an `argocd cluster` command func NewClusterCommand(clientOpts *argocdclient.ClientOptions, pathOpts *clientcmd.PathOptions) *cobra.Command { var command = &cobra.Command{ @@ -47,7 +58,10 @@ func NewClusterCommand(clientOpts *argocdclient.ClientOptions, pathOpts *clientc # Remove a target cluster context from ArgoCD argocd cluster rm example-cluster -`, + + # Set a target cluster context from ArgoCD + argocd cluster set CLUSTER_NAME --name new-cluster-name --namespace '*' + argocd cluster set CLUSTER_NAME --name new-cluster-name --namespace namespace-one --namespace namespace-two`, } command.AddCommand(NewClusterAddCommand(clientOpts, pathOpts)) @@ -55,6 +69,7 @@ func NewClusterCommand(clientOpts *argocdclient.ClientOptions, pathOpts *clientc command.AddCommand(NewClusterListCommand(clientOpts)) command.AddCommand(NewClusterRemoveCommand(clientOpts, pathOpts)) command.AddCommand(NewClusterRotateAuthCommand(clientOpts)) + command.AddCommand(NewClusterSetCommand(clientOpts)) return command } @@ -185,6 +200,72 @@ func getRestConfig(pathOpts *clientcmd.PathOptions, ctxName string) (*rest.Confi return conf, nil } +// NewClusterSetCommand returns a new instance of an `argocd cluster set` command +func NewClusterSetCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { + var ( + clusterOptions cmdutil.ClusterOptions + clusterName string + ) + var command = &cobra.Command{ + Use: "set NAME", + Short: "Set cluster information", + Example: ` # Set cluster information + argocd cluster set CLUSTER_NAME --name new-cluster-name --namespace '*' + argocd cluster set CLUSTER_NAME --name new-cluster-name --namespace namespace-one --namespace namespace-two`, + Run: func(c *cobra.Command, args []string) { + ctx := c.Context() + if len(args) != 1 { + c.HelpFunc()(c, args) + os.Exit(1) + } + // name of the cluster whose fields have to be updated. + clusterName = args[0] + conn, clusterIf := headless.NewClientOrDie(clientOpts, c).NewClusterClientOrDie() + defer io.Close(conn) + // checks the fields that needs to be updated + updatedFields := checkFieldsToUpdate(clusterOptions) + namespaces := clusterOptions.Namespaces + // check if all namespaces have to be considered + if len(namespaces) == 1 && strings.EqualFold(namespaces[0], allNamespaces) { + namespaces[0] = "" + } + if updatedFields != nil { + clusterUpdateRequest := clusterpkg.ClusterUpdateRequest{ + Cluster: &argoappv1.Cluster{ + Name: clusterOptions.Name, + Namespaces: namespaces, + }, + UpdatedFields: updatedFields, + Id: &clusterpkg.ClusterID{ + Type: clusterIdTypeName, + Value: clusterName, + }, + } + _, err := clusterIf.Update(ctx, &clusterUpdateRequest) + errors.CheckError(err) + fmt.Printf("Cluster '%s' updated.\n", clusterName) + } else { + fmt.Print("Specify the cluster field to be updated.\n") + } + }, + } + command.Flags().StringVar(&clusterOptions.Name, "name", "", "Overwrite the cluster name") + command.Flags().StringArrayVar(&clusterOptions.Namespaces, "namespace", nil, "List of namespaces which are allowed to manage. Specify '*' to manage all namespaces") + return command +} + +// checkFieldsToUpdate returns the fields that needs to be updated +func checkFieldsToUpdate(clusterOptions cmdutil.ClusterOptions) []string { + var updatedFields []string + if clusterOptions.Name != "" { + updatedFields = append(updatedFields, clusterFieldName) + } + if clusterOptions.Namespaces != nil { + updatedFields = append(updatedFields, clusterFieldNamespaces) + } + return updatedFields +} + // NewClusterGetCommand returns a new instance of an `argocd cluster get` command func NewClusterGetCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { var ( diff --git a/cmd/argocd/commands/completion.go b/cmd/argocd/commands/completion.go index 3a698146f4e1c..5e587283375ac 100644 --- a/cmd/argocd/commands/completion.go +++ b/cmd/argocd/commands/completion.go @@ -146,6 +146,7 @@ __argocd_custom_func() { ;; argocd_cluster_get | \ argocd_cluster_rm | \ + argocd_cluster_set | \ argocd_login | \ argocd_cluster_add) __argocd_list_servers diff --git a/docs/user-guide/commands/argocd_cluster.md b/docs/user-guide/commands/argocd_cluster.md index 3b40399c62da8..f9c1681a82475 100644 --- a/docs/user-guide/commands/argocd_cluster.md +++ b/docs/user-guide/commands/argocd_cluster.md @@ -21,6 +21,9 @@ argocd cluster [flags] # Remove a target cluster context from ArgoCD argocd cluster rm example-cluster + # Set a target cluster context from ArgoCD + argocd cluster set CLUSTER_NAME --name new-cluster-name --namespace '*' + argocd cluster set CLUSTER_NAME --name new-cluster-name --namespace namespace-one --namespace namespace-two ``` ### Options @@ -78,4 +81,5 @@ argocd cluster [flags] * [argocd cluster list](argocd_cluster_list.md) - List configured clusters * [argocd cluster rm](argocd_cluster_rm.md) - Remove cluster credentials * [argocd cluster rotate-auth](argocd_cluster_rotate-auth.md) - argocd cluster rotate-auth SERVER/NAME +* [argocd cluster set](argocd_cluster_set.md) - Set cluster information diff --git a/docs/user-guide/commands/argocd_cluster_set.md b/docs/user-guide/commands/argocd_cluster_set.md new file mode 100644 index 0000000000000..f1099fd6e3cc3 --- /dev/null +++ b/docs/user-guide/commands/argocd_cluster_set.md @@ -0,0 +1,51 @@ +## argocd cluster set + +Set cluster information + +``` +argocd cluster set NAME [flags] +``` + +### Examples + +``` + # Set cluster information + argocd cluster set CLUSTER_NAME --name new-cluster-name --namespace '*' + argocd cluster set CLUSTER_NAME --name new-cluster-name --namespace namespace-one --namespace namespace-two +``` + +### Options + +``` + -h, --help help for set + --name string Overwrite the cluster name + --namespace stringArray List of namespaces which are allowed to manage. Specify '*' to manage all namespaces +``` + +### Options inherited from parent commands + +``` + --auth-token string Authentication token + --client-crt string Client certificate file + --client-crt-key string Client certificate key file + --config string Path to Argo CD config (default "/home/user/.config/argocd/config") + --core If set to true then CLI talks directly to Kubernetes instead of talking to Argo CD API server + --grpc-web Enables gRPC-web protocol. Useful if Argo CD server is behind proxy which does not support HTTP2. + --grpc-web-root-path string Enables gRPC-web protocol. Useful if Argo CD server is behind proxy which does not support HTTP2. Set web root. + -H, --header strings Sets additional header to all requests made by Argo CD CLI. (Can be repeated multiple times to add multiple headers, also supports comma separated headers) + --http-retry-max int Maximum number of retries to establish http connection to Argo CD server + --insecure Skip server certificate and domain verification + --kube-context string Directs the command to the given kube-context + --logformat string Set the logging format. One of: text|json (default "text") + --loglevel string Set the logging level. One of: debug|info|warn|error (default "info") + --plaintext Disable TLS + --port-forward Connect to a random argocd-server port using port forwarding + --port-forward-namespace string Namespace name which should be used for port forwarding + --server string Argo CD server address + --server-crt string Server certificate file +``` + +### SEE ALSO + +* [argocd cluster](argocd_cluster.md) - Manage cluster credentials + diff --git a/test/e2e/cluster_test.go b/test/e2e/cluster_test.go index 96e3369e194f8..671acb735e193 100644 --- a/test/e2e/cluster_test.go +++ b/test/e2e/cluster_test.go @@ -133,6 +133,25 @@ func TestClusterListDenied(t *testing.T) { }) } +func TestClusterSet(t *testing.T) { + EnsureCleanState(t) + defer RecordTestRun(t) + clusterFixture. + GivenWithSameState(t). + Project(ProjectName). + Name("in-cluster"). + Namespaces([]string{"namespace-edit-1", "namespace-edit-2"}). + Server(KubernetesInternalAPIServerAddr). + When(). + SetNamespaces(). + GetByName("in-cluster"). + Then(). + AndCLIOutput(func(output string, err error) { + assert.True(t, strings.Contains(output, "namespace-edit-1")) + assert.True(t, strings.Contains(output, "namespace-edit-2")) + }) +} + func TestClusterGet(t *testing.T) { SkipIfAlreadyRun(t) EnsureCleanState(t) diff --git a/test/e2e/fixture/cluster/actions.go b/test/e2e/fixture/cluster/actions.go index 56576534c5106..3f047e8f9b03e 100644 --- a/test/e2e/fixture/cluster/actions.go +++ b/test/e2e/fixture/cluster/actions.go @@ -5,6 +5,7 @@ import ( "errors" "fmt" "log" + "strings" "github.com/argoproj/argo-cd/v2/common" "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" @@ -103,6 +104,18 @@ func (a *Actions) Get() *Actions { return a } +func (a *Actions) GetByName(name string) *Actions { + a.context.t.Helper() + a.runCli("cluster", "get", name) + return a +} + +func (a *Actions) SetNamespaces() *Actions { + a.context.t.Helper() + a.runCli("cluster", "set", a.context.name, "--namespace", strings.Join(a.context.namespaces, ",")) + return a +} + func (a *Actions) DeleteByName() *Actions { a.context.t.Helper() diff --git a/test/e2e/fixture/cluster/context.go b/test/e2e/fixture/cluster/context.go index 8bc2cf4b1357b..236be6a3a3913 100644 --- a/test/e2e/fixture/cluster/context.go +++ b/test/e2e/fixture/cluster/context.go @@ -12,11 +12,12 @@ import ( type Context struct { t *testing.T // seconds - timeout int - name string - project string - server string - upsert bool + timeout int + name string + project string + server string + upsert bool + namespaces []string } func Given(t *testing.T) *Context { @@ -45,6 +46,11 @@ func (c *Context) Server(server string) *Context { return c } +func (c *Context) Namespaces(namespaces []string) *Context { + c.namespaces = namespaces + return c +} + func (c *Context) And(block func()) *Context { block() return c From 7069a75c43a0428c4293b8a41d1106215cf95cc6 Mon Sep 17 00:00:00 2001 From: Mahesh Baliga Date: Fri, 6 Jan 2023 02:22:36 +0530 Subject: [PATCH 238/304] feat: inversion selection support for the resource filter on sync and wait app commands (#10548) Signed-off-by: maheshbaliga Signed-off-by: maheshbaliga Signed-off-by: emirot --- cmd/argocd/commands/app.go | 63 +++++- cmd/argocd/commands/app_test.go | 234 +++++++++++++++++++- docs/user-guide/commands/argocd_app_sync.md | 5 +- docs/user-guide/commands/argocd_app_wait.md | 12 +- pkg/apis/application/v1alpha1/types.go | 13 ++ test/e2e/fixture/app/actions.go | 3 + test/e2e/project_management_test.go | 8 + util/argo/argo.go | 15 ++ util/argo/argo_test.go | 123 ++++++++++ 9 files changed, 462 insertions(+), 14 deletions(-) diff --git a/cmd/argocd/commands/app.go b/cmd/argocd/commands/app.go index 28e070e5da0c6..b2a4c6f13933b 100644 --- a/cmd/argocd/commands/app.go +++ b/cmd/argocd/commands/app.go @@ -1376,6 +1376,7 @@ const ( resourceFieldCount = 3 resourceFieldNamespaceDelimiter = "/" resourceFieldNameWithNamespaceCount = 2 + resourceExcludeIndicator = "!" ) // resource is GROUP:KIND:NAMESPACE/NAME or GROUP:KIND:NAME @@ -1400,6 +1401,12 @@ func parseSelectedResources(resources []string) ([]*argoappv1.SyncOperationResou } for _, resource := range resources { + isExcluded := false + // check if the resource flag starts with a '!' + if strings.HasPrefix(resource, resourceExcludeIndicator) { + resource = strings.TrimPrefix(resource, resourceExcludeIndicator) + isExcluded = true + } fields := strings.Split(resource, resourceFieldDelimiter) if len(fields) != resourceFieldCount { return nil, fmt.Errorf("Resource should have GROUP%sKIND%sNAME, but instead got: %s", resourceFieldDelimiter, resourceFieldDelimiter, resource) @@ -1413,6 +1420,7 @@ func parseSelectedResources(resources []string) ([]*argoappv1.SyncOperationResou Kind: fields[1], Name: name, Namespace: namespace, + Exclude: isExcluded, }) } return selectedResources, nil @@ -1447,6 +1455,16 @@ func NewApplicationWaitCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co # Wait for multiple apps argocd app wait my-app other-app + # Wait for apps by resource + # Resource should be formatted as GROUP:KIND:NAME. If no GROUP is specified then :KIND:NAME. + argocd app wait my-app --resource :Service:my-service + argocd app wait my-app --resource argoproj.io:Rollout:my-rollout + argocd app wait my-app --resource '!apps:Deployment:my-service' + argocd app wait my-app --resource apps:Deployment:my-service --resource :Service:my-service + argocd app wait my-app --resource '!*:Service:*' + # Specify namespace if the application has resources with the same name in different namespaces + argocd app wait my-app --resource argoproj.io:Rollout:my-namespace/my-rollout + # Wait for apps by label, in this example we waiting for apps that are children of another app (aka app-of-apps) argocd app wait -l app.kubernetes.io/instance=my-app argocd app wait -l app.kubernetes.io/instance!=my-app @@ -1485,7 +1503,7 @@ func NewApplicationWaitCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co command.Flags().BoolVar(&watch.suspended, "suspended", false, "Wait for suspended") command.Flags().BoolVar(&watch.degraded, "degraded", false, "Wait for degraded") command.Flags().StringVarP(&selector, "selector", "l", "", "Wait for apps by label. Supports '=', '==', '!=', in, notin, exists & not exists. Matching apps must satisfy all of the specified label constraints.") - command.Flags().StringArrayVar(&resources, "resource", []string{}, fmt.Sprintf("Sync only specific resources as GROUP%sKIND%sNAME. Fields may be blank. This option may be specified repeatedly", resourceFieldDelimiter, resourceFieldDelimiter)) + command.Flags().StringArrayVar(&resources, "resource", []string{}, fmt.Sprintf("Sync only specific resources as GROUP%[1]sKIND%[1]sNAME or %[2]sGROUP%[1]sKIND%[1]sNAME. Fields may be blank and '*' can be used. This option may be specified repeatedly", resourceFieldDelimiter, resourceExcludeIndicator)) command.Flags().BoolVar(&watch.operation, "operation", false, "Wait for pending operations") command.Flags().UintVar(&timeout, "timeout", defaultCheckTimeoutSeconds, "Time out after this many seconds") return command @@ -1545,6 +1563,9 @@ func NewApplicationSyncCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co # Resource should be formatted as GROUP:KIND:NAME. If no GROUP is specified then :KIND:NAME argocd app sync my-app --resource :Service:my-service argocd app sync my-app --resource argoproj.io:Rollout:my-rollout + argocd app sync my-app --resource '!apps:Deployment:my-service' + argocd app sync my-app --resource apps:Deployment:my-service --resource :Service:my-service + argocd app sync my-app --resource '!*:Service:*' # Specify namespace if the application has resources with the same name in different namespaces argocd app sync my-app --resource argoproj.io:Rollout:my-namespace/my-rollout`, Run: func(c *cobra.Command, args []string) { @@ -1640,6 +1661,14 @@ func NewApplicationSyncCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co return } + // filters out only those resources that needs to be synced + filteredResources := filterAppResources(app, selectedResources) + + // if resources are provided and no app resources match, then return error + if len(resources) > 0 && len(filteredResources) == 0 { + log.Fatalf("No matching app resources found for resource filter: %v", strings.Join(resources, ", ")) + } + if local != "" { if app.Spec.GetSource().Plugin != nil && app.Spec.GetSource().Plugin.Name != "" { log.Warnf(argocommon.ConfigMapPluginCLIDeprecationWarning) @@ -1690,7 +1719,7 @@ func NewApplicationSyncCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co AppNamespace: &appNs, DryRun: &dryRun, Revision: &revision, - Resources: selectedResources, + Resources: filteredResources, Prune: &prune, Manifests: localObjsStrings, Infos: getInfos(infos), @@ -1770,7 +1799,7 @@ func NewApplicationSyncCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co command.Flags().BoolVar(&dryRun, "dry-run", false, "Preview apply without affecting cluster") command.Flags().BoolVar(&prune, "prune", false, "Allow deleting unexpected resources") command.Flags().StringVar(&revision, "revision", "", "Sync to a specific revision. Preserves parameter overrides") - command.Flags().StringArrayVar(&resources, "resource", []string{}, fmt.Sprintf("Sync only specific resources as GROUP%sKIND%sNAME. Fields may be blank. This option may be specified repeatedly", resourceFieldDelimiter, resourceFieldDelimiter)) + command.Flags().StringArrayVar(&resources, "resource", []string{}, fmt.Sprintf("Sync only specific resources as GROUP%[1]sKIND%[1]sNAME or %[2]sGROUP%[1]sKIND%[1]sNAME. Fields may be blank and '*' can be used. This option may be specified repeatedly", resourceFieldDelimiter, resourceExcludeIndicator)) command.Flags().StringVarP(&selector, "selector", "l", "", "Sync apps that match this label. Supports '=', '==', '!=', in, notin, exists & not exists. Matching apps must satisfy all of the specified label constraints.") command.Flags().StringArrayVar(&labels, "label", []string{}, "Sync only specific resources with a label. This option may be specified repeatedly.") command.Flags().UintVar(&timeout, "timeout", defaultCheckTimeoutSeconds, "Time out after this many seconds") @@ -1895,15 +1924,9 @@ func getResourceStates(app *argoappv1.Application, selectedResources []*argoappv } // filter out not selected resources if len(selectedResources) > 0 { - r := []argoappv1.SyncOperationResource{} - for _, res := range selectedResources { - if res != nil { - r = append(r, *res) - } - } for i := len(states) - 1; i >= 0; i-- { res := states[i] - if !argo.ContainsSyncResource(res.Name, res.Namespace, schema.GroupVersionKind{Group: res.Group, Kind: res.Kind}, r) { + if !argo.IncludeResource(res.Name, res.Namespace, schema.GroupVersionKind{Group: res.Group, Kind: res.Kind}, selectedResources) { states = append(states[:i], states[i+1:]...) } } @@ -1911,6 +1934,26 @@ func getResourceStates(app *argoappv1.Application, selectedResources []*argoappv return states } +// filterAppResources selects the app resources that match atleast one of the resource filters. +func filterAppResources(app *argoappv1.Application, selectedResources []*argoappv1.SyncOperationResource) []*argoappv1.SyncOperationResource { + var filteredResources []*argoappv1.SyncOperationResource + if app != nil && len(selectedResources) > 0 { + for i := range app.Status.Resources { + appResource := app.Status.Resources[i] + if (argo.IncludeResource(appResource.Name, appResource.Namespace, + schema.GroupVersionKind{Group: appResource.Group, Kind: appResource.Kind}, selectedResources)) { + filteredResources = append(filteredResources, &argoappv1.SyncOperationResource{ + Group: appResource.Group, + Kind: appResource.Kind, + Name: appResource.Name, + Namespace: appResource.Namespace, + }) + } + } + } + return filteredResources +} + func groupResourceStates(app *argoappv1.Application, selectedResources []*argoappv1.SyncOperationResource) map[string]*resourceState { resStates := make(map[string]*resourceState) for _, result := range getResourceStates(app, selectedResources) { diff --git a/cmd/argocd/commands/app_test.go b/cmd/argocd/commands/app_test.go index d5ae6fcb5e500..104495cb541d0 100644 --- a/cmd/argocd/commands/app_test.go +++ b/cmd/argocd/commands/app_test.go @@ -904,11 +904,220 @@ func Test_unset_nothingToUnset(t *testing.T) { } } +func TestFilterAppResources(t *testing.T) { + // App resources + var ( + appReplicaSet1 = v1alpha1.ResourceStatus{ + Group: "apps", + Kind: "ReplicaSet", + Namespace: "default", + Name: "replicaSet-name1", + } + appReplicaSet2 = v1alpha1.ResourceStatus{ + Group: "apps", + Kind: "ReplicaSet", + Namespace: "default", + Name: "replicaSet-name2", + } + appJob = v1alpha1.ResourceStatus{ + Group: "batch", + Kind: "Job", + Namespace: "default", + Name: "job-name", + } + appService1 = v1alpha1.ResourceStatus{ + Group: "", + Kind: "Service", + Namespace: "default", + Name: "service-name1", + } + appService2 = v1alpha1.ResourceStatus{ + Group: "", + Kind: "Service", + Namespace: "default", + Name: "service-name2", + } + appDeployment = v1alpha1.ResourceStatus{ + Group: "apps", + Kind: "Deployment", + Namespace: "default", + Name: "deployment-name", + } + ) + app := v1alpha1.Application{ + Status: v1alpha1.ApplicationStatus{ + Resources: []v1alpha1.ResourceStatus{ + appReplicaSet1, appReplicaSet2, appJob, appService1, appService2, appDeployment}, + }, + } + // Resource filters + var ( + blankValues = argoappv1.SyncOperationResource{ + Group: "", + Kind: "", + Name: "", + Namespace: "", + Exclude: false} + // *:*:* + includeAllResources = argoappv1.SyncOperationResource{ + Group: "*", + Kind: "*", + Name: "*", + Namespace: "", + Exclude: false} + // !*:*:* + excludeAllResources = argoappv1.SyncOperationResource{ + Group: "*", + Kind: "*", + Name: "*", + Namespace: "", + Exclude: true} + // *:Service:* + includeAllServiceResources = argoappv1.SyncOperationResource{ + Group: "*", + Kind: "Service", + Name: "*", + Namespace: "", + Exclude: false} + // !*:Service:* + excludeAllServiceResources = argoappv1.SyncOperationResource{ + Group: "*", + Kind: "Service", + Name: "*", + Namespace: "", + Exclude: true} + // apps:ReplicaSet:replicaSet-name1 + includeReplicaSet1Resource = argoappv1.SyncOperationResource{ + Group: "apps", + Kind: "ReplicaSet", + Name: "replicaSet-name1", + Namespace: "", + Exclude: false} + // !apps:ReplicaSet:replicaSet-name2 + excludeReplicaSet2Resource = argoappv1.SyncOperationResource{ + Group: "apps", + Kind: "ReplicaSet", + Name: "replicaSet-name2", + Namespace: "", + Exclude: true} + ) + + // Filtered resources + var ( + replicaSet1 = v1alpha1.SyncOperationResource{ + Group: "apps", + Kind: "ReplicaSet", + Namespace: "default", + Name: "replicaSet-name1", + } + replicaSet2 = v1alpha1.SyncOperationResource{ + Group: "apps", + Kind: "ReplicaSet", + Namespace: "default", + Name: "replicaSet-name2", + } + job = v1alpha1.SyncOperationResource{ + Group: "batch", + Kind: "Job", + Namespace: "default", + Name: "job-name", + } + service1 = v1alpha1.SyncOperationResource{ + Group: "", + Kind: "Service", + Namespace: "default", + Name: "service-name1", + } + service2 = v1alpha1.SyncOperationResource{ + Group: "", + Kind: "Service", + Namespace: "default", + Name: "service-name2", + } + deployment = v1alpha1.SyncOperationResource{ + Group: "apps", + Kind: "Deployment", + Namespace: "default", + Name: "deployment-name", + } + ) + tests := []struct { + testName string + selectedResources []*argoappv1.SyncOperationResource + expectedResult []*argoappv1.SyncOperationResource + }{ + //--resource apps:ReplicaSet:replicaSet-name1 --resource *:Service:* + {testName: "Include ReplicaSet replicaSet-name1 resouce and all service resources", + selectedResources: []*argoappv1.SyncOperationResource{&includeAllServiceResources, &includeReplicaSet1Resource}, + expectedResult: []*argoappv1.SyncOperationResource{&replicaSet1, &service1, &service2}, + }, + //--resource apps:ReplicaSet:replicaSet-name1 --resource !*:Service:* + {testName: "Include ReplicaSet replicaSet-name1 resouce and exclude all service resources", + selectedResources: []*argoappv1.SyncOperationResource{&excludeAllServiceResources, &includeReplicaSet1Resource}, + expectedResult: []*argoappv1.SyncOperationResource{&replicaSet1, &replicaSet2, &job, &deployment}, + }, + // --resource !apps:ReplicaSet:replicaSet-name2 --resource !*:Service:* + {testName: "Exclude ReplicaSet replicaSet-name2 resouce and all service resources", + selectedResources: []*argoappv1.SyncOperationResource{&excludeReplicaSet2Resource, &excludeAllServiceResources}, + expectedResult: []*argoappv1.SyncOperationResource{&replicaSet1, &replicaSet2, &job, &service1, &service2, &deployment}, + }, + // --resource !apps:ReplicaSet:replicaSet-name2 + {testName: "Exclude ReplicaSet replicaSet-name2 resouce", + selectedResources: []*argoappv1.SyncOperationResource{&excludeReplicaSet2Resource}, + expectedResult: []*argoappv1.SyncOperationResource{&replicaSet1, &job, &service1, &service2, &deployment}, + }, + // --resource apps:ReplicaSet:replicaSet-name1 + {testName: "Include ReplicaSet replicaSet-name1 resouce", + selectedResources: []*argoappv1.SyncOperationResource{&includeReplicaSet1Resource}, + expectedResult: []*argoappv1.SyncOperationResource{&replicaSet1}, + }, + // --resource !*:Service:* + {testName: "Exclude Service resouces", + selectedResources: []*argoappv1.SyncOperationResource{&excludeAllServiceResources}, + expectedResult: []*argoappv1.SyncOperationResource{&replicaSet1, &replicaSet2, &job, &deployment}, + }, + // --resource *:Service:* + {testName: "Include Service resouces", + selectedResources: []*argoappv1.SyncOperationResource{&includeAllServiceResources}, + expectedResult: []*argoappv1.SyncOperationResource{&service1, &service2}, + }, + // --resource !*:*:* + {testName: "Exclude all resouces", + selectedResources: []*argoappv1.SyncOperationResource{&excludeAllResources}, + expectedResult: nil, + }, + // --resource *:*:* + {testName: "Include all resouces", + selectedResources: []*argoappv1.SyncOperationResource{&includeAllResources}, + expectedResult: []*argoappv1.SyncOperationResource{&replicaSet1, &replicaSet2, &job, &service1, &service2, &deployment}, + }, + {testName: "No Filters", + selectedResources: []*argoappv1.SyncOperationResource{&blankValues}, + expectedResult: nil, + }, + {testName: "Empty Filter", + selectedResources: []*argoappv1.SyncOperationResource{}, + expectedResult: nil, + }, + } + + for _, test := range tests { + t.Run(test.testName, func(t *testing.T) { + filteredResources := filterAppResources(&app, test.selectedResources) + assert.Equal(t, test.expectedResult, filteredResources) + }) + } +} + func TestParseSelectedResources(t *testing.T) { - resources := []string{"v1alpha:Application:test", "v1alpha:Application:namespace/test"} + resources := []string{"v1alpha:Application:test", + "v1alpha:Application:namespace/test", + "!v1alpha:Application:test", + "apps:Deployment:default/test", + "!*:*:*"} operationResources, err := parseSelectedResources(resources) assert.NoError(t, err) - assert.Len(t, operationResources, 2) + assert.Len(t, operationResources, 5) assert.Equal(t, *operationResources[0], v1alpha1.SyncOperationResource{ Namespace: "", Name: "test", @@ -921,6 +1130,27 @@ func TestParseSelectedResources(t *testing.T) { Kind: "Application", Group: "v1alpha", }) + assert.Equal(t, *operationResources[2], v1alpha1.SyncOperationResource{ + Namespace: "", + Name: "test", + Kind: "Application", + Group: "v1alpha", + Exclude: true, + }) + assert.Equal(t, *operationResources[3], v1alpha1.SyncOperationResource{ + Namespace: "default", + Name: "test", + Kind: "Deployment", + Group: "apps", + Exclude: false, + }) + assert.Equal(t, *operationResources[4], v1alpha1.SyncOperationResource{ + Namespace: "", + Name: "*", + Kind: "*", + Group: "*", + Exclude: true, + }) } func TestParseSelectedResourcesIncorrect(t *testing.T) { diff --git a/docs/user-guide/commands/argocd_app_sync.md b/docs/user-guide/commands/argocd_app_sync.md index a96229cff9151..798fcecdd8a03 100644 --- a/docs/user-guide/commands/argocd_app_sync.md +++ b/docs/user-guide/commands/argocd_app_sync.md @@ -26,6 +26,9 @@ argocd app sync [APPNAME... | -l selector | --project project-name] [flags] # Resource should be formatted as GROUP:KIND:NAME. If no GROUP is specified then :KIND:NAME argocd app sync my-app --resource :Service:my-service argocd app sync my-app --resource argoproj.io:Rollout:my-rollout + argocd app sync my-app --resource '!apps:Deployment:my-service' + argocd app sync my-app --resource apps:Deployment:my-service --resource :Service:my-service + argocd app sync my-app --resource '!*:Service:*' # Specify namespace if the application has resources with the same name in different namespaces argocd app sync my-app --resource argoproj.io:Rollout:my-namespace/my-rollout ``` @@ -46,7 +49,7 @@ argocd app sync [APPNAME... | -l selector | --project project-name] [flags] --project stringArray Sync apps that belong to the specified projects. This option may be specified repeatedly. --prune Allow deleting unexpected resources --replace Use a kubectl create/replace instead apply - --resource stringArray Sync only specific resources as GROUP:KIND:NAME. Fields may be blank. This option may be specified repeatedly + --resource stringArray Sync only specific resources as GROUP:KIND:NAME or !GROUP:KIND:NAME. Fields may be blank and '*' can be used. This option may be specified repeatedly --retry-backoff-duration duration Retry backoff base duration. Input needs to be a duration (e.g. 2m, 1h) (default 5s) --retry-backoff-factor int Factor multiplies the base duration after each failed retry (default 2) --retry-backoff-max-duration duration Max retry backoff duration. Input needs to be a duration (e.g. 2m, 1h) (default 3m0s) diff --git a/docs/user-guide/commands/argocd_app_wait.md b/docs/user-guide/commands/argocd_app_wait.md index c8e48720d86af..7bf911acde349 100644 --- a/docs/user-guide/commands/argocd_app_wait.md +++ b/docs/user-guide/commands/argocd_app_wait.md @@ -15,6 +15,16 @@ argocd app wait [APPNAME.. | -l selector] [flags] # Wait for multiple apps argocd app wait my-app other-app + # Wait for apps by resource + # Resource should be formatted as GROUP:KIND:NAME. If no GROUP is specified then :KIND:NAME. + argocd app wait my-app --resource :Service:my-service + argocd app wait my-app --resource argoproj.io:Rollout:my-rollout + argocd app wait my-app --resource '!apps:Deployment:my-service' + argocd app wait my-app --resource apps:Deployment:my-service --resource :Service:my-service + argocd app wait my-app --resource '!*:Service:*' + # Specify namespace if the application has resources with the same name in different namespaces + argocd app wait my-app --resource argoproj.io:Rollout:my-namespace/my-rollout + # Wait for apps by label, in this example we waiting for apps that are children of another app (aka app-of-apps) argocd app wait -l app.kubernetes.io/instance=my-app argocd app wait -l app.kubernetes.io/instance!=my-app @@ -30,7 +40,7 @@ argocd app wait [APPNAME.. | -l selector] [flags] --health Wait for health -h, --help help for wait --operation Wait for pending operations - --resource stringArray Sync only specific resources as GROUP:KIND:NAME. Fields may be blank. This option may be specified repeatedly + --resource stringArray Sync only specific resources as GROUP:KIND:NAME or !GROUP:KIND:NAME. Fields may be blank and '*' can be used. This option may be specified repeatedly -l, --selector string Wait for apps by label. Supports '=', '==', '!=', in, notin, exists & not exists. Matching apps must satisfy all of the specified label constraints. --suspended Wait for suspended --sync Wait for sync diff --git a/pkg/apis/application/v1alpha1/types.go b/pkg/apis/application/v1alpha1/types.go index 73a1a32da8295..409489b14bb67 100644 --- a/pkg/apis/application/v1alpha1/types.go +++ b/pkg/apis/application/v1alpha1/types.go @@ -694,6 +694,8 @@ type SyncOperationResource struct { Kind string `json:"kind" protobuf:"bytes,2,opt,name=kind"` Name string `json:"name" protobuf:"bytes,3,opt,name=name"` Namespace string `json:"namespace,omitempty" protobuf:"bytes,4,opt,name=namespace"` + // nolint:govet + Exclude bool `json:"-"` } // RevisionHistories is a array of history, oldest first and newest last @@ -721,6 +723,17 @@ func (r SyncOperationResource) HasIdentity(name string, namespace string, gvk sc return false } +// Compare determines whether an app resource matches the resource filter during sync or wait. +func (r SyncOperationResource) Compare(name string, namespace string, gvk schema.GroupVersionKind) bool { + if (r.Group == "*" || gvk.Group == r.Group) && + (r.Kind == "*" || gvk.Kind == r.Kind) && + (r.Name == "*" || name == r.Name) && + (r.Namespace == "*" || r.Namespace == "" || namespace == r.Namespace) { + return true + } + return false +} + // SyncOperation contains details about a sync operation. type SyncOperation struct { // Revision is the revision (Git) or chart version (Helm) which to sync the application to diff --git a/test/e2e/fixture/app/actions.go b/test/e2e/fixture/app/actions.go index db606fb29c391..c8df055f1b8ac 100644 --- a/test/e2e/fixture/app/actions.go +++ b/test/e2e/fixture/app/actions.go @@ -310,6 +310,9 @@ func (a *Actions) Sync(args ...string) *Actions { } if a.context.resource != "" { + // Waiting for the app to be successfully created. + // Else the sync would fail to retrieve the app resources. + a.context.Sleep(5) args = append(args, "--resource", a.context.resource) } diff --git a/test/e2e/project_management_test.go b/test/e2e/project_management_test.go index b58906ac85bbc..4cfe088ef5de4 100644 --- a/test/e2e/project_management_test.go +++ b/test/e2e/project_management_test.go @@ -564,6 +564,10 @@ func TestGetVirtualProjectNoMatch(t *testing.T) { "--path", guestbookPath, "--project", proj.Name, "--dest-server", v1alpha1.KubernetesInternalAPIServerAddr, "--dest-namespace", fixture.DeploymentNamespace()) assert.NoError(t, err) + // Waiting for the app to be successfully created. + // Else the sync would fail to retrieve the app resources. + time.Sleep(time.Second * 2) + //App trying to sync a resource which is not blacked listed anywhere _, err = fixture.RunCli("app", "sync", fixture.Name(), "--resource", "apps:Deployment:guestbook-ui", "--timeout", fmt.Sprintf("%v", 10)) assert.NoError(t, err) @@ -601,6 +605,10 @@ func TestGetVirtualProjectMatch(t *testing.T) { "--path", guestbookPath, "--project", proj.Name, "--dest-server", v1alpha1.KubernetesInternalAPIServerAddr, "--dest-namespace", fixture.DeploymentNamespace()) assert.NoError(t, err) + // Waiting for the app to be successfully created. + // Else the sync would fail to retrieve the app resources. + time.Sleep(time.Second * 2) + //App trying to sync a resource which is not blacked listed anywhere _, err = fixture.RunCli("app", "sync", fixture.Name(), "--resource", "apps:Deployment:guestbook-ui", "--timeout", fmt.Sprintf("%v", 10)) assert.Error(t, err) diff --git a/util/argo/argo.go b/util/argo/argo.go index 1dda11f167019..8d0cba1582fd6 100644 --- a/util/argo/argo.go +++ b/util/argo/argo.go @@ -732,6 +732,21 @@ func ContainsSyncResource(name string, namespace string, gvk schema.GroupVersion return false } +// IncludeResource checks if an app resource matches atleast one of the filters, then it returns true. +func IncludeResource(resourceName string, resourceNamespace string, gvk schema.GroupVersionKind, + syncOperationResources []*argoappv1.SyncOperationResource) bool { + for _, syncOperationResource := range syncOperationResources { + includeResource := syncOperationResource.Compare(resourceName, resourceNamespace, gvk) + if syncOperationResource.Exclude { + includeResource = !includeResource + } + if includeResource { + return true + } + } + return false +} + // NormalizeApplicationSpec will normalize an application spec to a preferred state. This is used // for migrating application objects which are using deprecated legacy fields into the new fields, // and defaulting fields in the spec (e.g. spec.project) diff --git a/util/argo/argo_test.go b/util/argo/argo_test.go index 1e883f5e0b8c4..b356751426768 100644 --- a/util/argo/argo_test.go +++ b/util/argo/argo_test.go @@ -83,6 +83,129 @@ func TestGetAppProjectWithNoProjDefined(t *testing.T) { assert.Equal(t, proj.Name, projName) } +func TestIncludeResource(t *testing.T) { + //Resource filters format - GROUP:KIND:NAMESPACE/NAME or GROUP:KIND:NAME + var ( + blankValues = argoappv1.SyncOperationResource{Group: "", Kind: "", Name: "", Namespace: "", Exclude: false} + // *:*:* + includeAllResources = argoappv1.SyncOperationResource{Group: "*", Kind: "*", Name: "*", Namespace: "", Exclude: false} + // !*:*:* + excludeAllResources = argoappv1.SyncOperationResource{Group: "*", Kind: "*", Name: "*", Namespace: "", Exclude: true} + // *:Service:* + includeAllServiceResources = argoappv1.SyncOperationResource{Group: "*", Kind: "Service", Name: "*", Namespace: "", Exclude: false} + // !*:Service:* + excludeAllServiceResources = argoappv1.SyncOperationResource{Group: "*", Kind: "Service", Name: "*", Namespace: "", Exclude: true} + // apps:ReplicaSet:backend + includeReplicaSetResource = argoappv1.SyncOperationResource{Group: "apps", Kind: "ReplicaSet", Name: "backend", Namespace: "", Exclude: false} + // !apps:ReplicaSet:backend + excludeReplicaSetResource = argoappv1.SyncOperationResource{Group: "apps", Kind: "ReplicaSet", Name: "backend", Namespace: "", Exclude: true} + ) + tests := []struct { + testName string + name string + namespace string + gvk schema.GroupVersionKind + syncOperationResource []*argoappv1.SyncOperationResource + expectedResult bool + }{ + //--resource apps:ReplicaSet:backend --resource *:Service:* + {testName: "Include ReplicaSet backend resouce and all service resources", + name: "backend", + namespace: "default", + gvk: schema.GroupVersionKind{Group: "apps", Kind: "ReplicaSet"}, + syncOperationResource: []*argoappv1.SyncOperationResource{&includeAllServiceResources, &includeReplicaSetResource}, + expectedResult: true, + }, + //--resource apps:ReplicaSet:backend --resource *:Service:* + {testName: "Include ReplicaSet backend resouce and all service resources", + name: "main-page-down", + namespace: "default", + gvk: schema.GroupVersionKind{Group: "batch", Kind: "Job"}, + syncOperationResource: []*argoappv1.SyncOperationResource{&includeAllServiceResources, &includeReplicaSetResource}, + expectedResult: false, + }, + //--resource apps:ReplicaSet:backend --resource !*:Service:* + {testName: "Include ReplicaSet backend resouce and exclude all service resources", + name: "main-page-down", + namespace: "default", + gvk: schema.GroupVersionKind{Group: "batch", Kind: "Job"}, + syncOperationResource: []*argoappv1.SyncOperationResource{&excludeAllServiceResources, &includeReplicaSetResource}, + expectedResult: true, + }, + // --resource !apps:ReplicaSet:backend --resource !*:Service:* + {testName: "Exclude ReplicaSet backend resouce and all service resources", + name: "main-page-down", + namespace: "default", + gvk: schema.GroupVersionKind{Group: "batch", Kind: "Job"}, + syncOperationResource: []*argoappv1.SyncOperationResource{&excludeReplicaSetResource, &excludeAllServiceResources}, + expectedResult: true, + }, + // --resource !apps:ReplicaSet:backend + {testName: "Exclude ReplicaSet backend resouce", + name: "backend", + namespace: "default", + gvk: schema.GroupVersionKind{Group: "apps", Kind: "ReplicaSet"}, + syncOperationResource: []*argoappv1.SyncOperationResource{&excludeReplicaSetResource}, + expectedResult: false, + }, + // --resource apps:ReplicaSet:backend + {testName: "Include ReplicaSet backend resouce", + name: "backend", + namespace: "default", + gvk: schema.GroupVersionKind{Group: "apps", Kind: "ReplicaSet"}, + syncOperationResource: []*argoappv1.SyncOperationResource{&includeReplicaSetResource}, + expectedResult: true, + }, + // --resource !*:Service:* + {testName: "Exclude Service resouces", + name: "backend", + namespace: "default", + gvk: schema.GroupVersionKind{Group: "", Kind: "Service"}, + syncOperationResource: []*argoappv1.SyncOperationResource{&excludeAllServiceResources}, + expectedResult: false, + }, + // --resource *:Service:* + {testName: "Include Service resouces", + name: "backend", + namespace: "default", + gvk: schema.GroupVersionKind{Group: "", Kind: "Service"}, + syncOperationResource: []*argoappv1.SyncOperationResource{&includeAllServiceResources}, + expectedResult: true, + }, + // --resource !*:*:* + {testName: "Exclude all resouces", + name: "backend", + namespace: "default", + gvk: schema.GroupVersionKind{Group: "", Kind: "Service"}, + syncOperationResource: []*argoappv1.SyncOperationResource{&excludeAllResources}, + expectedResult: false, + }, + // --resource *:*:* + {testName: "Include all resouces", + name: "backend", + namespace: "default", + gvk: schema.GroupVersionKind{Group: "", Kind: "Service"}, + syncOperationResource: []*argoappv1.SyncOperationResource{&includeAllResources}, + expectedResult: true, + }, + {testName: "No Filters", + name: "backend", + namespace: "default", + gvk: schema.GroupVersionKind{Group: "", Kind: "Service"}, + syncOperationResource: []*argoappv1.SyncOperationResource{&blankValues}, + expectedResult: false, + }, + {testName: "Default values"}, + } + + for _, test := range tests { + t.Run(test.testName, func(t *testing.T) { + isResourceIncluded := IncludeResource(test.name, test.namespace, test.gvk, test.syncOperationResource) + assert.Equal(t, test.expectedResult, isResourceIncluded) + }) + } +} + func TestContainsSyncResource(t *testing.T) { var ( blankUnstructured unstructured.Unstructured From aca1dfe4fe5a6891416399b2ec6ced344b9bf29b Mon Sep 17 00:00:00 2001 From: Alex Eftimie Date: Fri, 6 Jan 2023 23:39:10 +0100 Subject: [PATCH 239/304] fix: remove other occurrences of externalURLS #11887 (#11889) Signed-off-by: Alex Eftimie Signed-off-by: emirot --- .../applications-list/applications-tiles.tsx | 16 +++------------- 1 file changed, 3 insertions(+), 13 deletions(-) diff --git a/ui/src/app/applications/components/applications-list/applications-tiles.tsx b/ui/src/app/applications/components/applications-list/applications-tiles.tsx index cf54bf38fc862..c07f3b156b133 100644 --- a/ui/src/app/applications/components/applications-list/applications-tiles.tsx +++ b/ui/src/app/applications/components/applications-list/applications-tiles.tsx @@ -128,12 +128,7 @@ export const ApplicationTiles = ({applications, syncApplication, refreshApplicat }>
    -
    0 - ? 'columns small-10' - : 'columns small-11' - }> +
    0 ? 'columns small-10' : 'columns small-11'}> @@ -141,14 +136,9 @@ export const ApplicationTiles = ({applications, syncApplication, refreshApplicat
    -
    0 - ? 'columns small-2' - : 'columns small-1' - }> +
    0 ? 'columns small-2' : 'columns small-1'}>
    - + )}
    @@ -65,6 +66,7 @@ export const ApplicationStatusPanel = ({application, showOperation, showConditio const warnings = cntByCategory.get('warning'); const errors = cntByCategory.get('error'); const source = getAppDefaultSource(application); + const hasMultipleSources = application.spec.sources && application.spec.sources.length > 0; return (
    @@ -83,6 +85,7 @@ export const ApplicationStatusPanel = ({application, showOperation, showConditio title: 'CURRENT SYNC STATUS', helpContent: 'Whether or not the version of your app is up to date with your repo. You may wish to sync your app if it is out-of-sync.' }, + hasMultipleSources, source.chart ? null : () => showMetadataInfo(application.status.sync ? application.status.sync.revision : '') )}
    @@ -115,6 +118,7 @@ export const ApplicationStatusPanel = ({application, showOperation, showConditio daysSinceLastSynchronized + ' days since last sync. Click for the status of that sync.' }, + hasMultipleSources, source.chart ? null : () => showMetadataInfo(appOperationState.syncResult ? appOperationState.syncResult.revision : '') )}
    From e4abffdd19ced952af8d5db2b55188cb212df8b1 Mon Sep 17 00:00:00 2001 From: emirot Date: Fri, 27 Jan 2023 13:01:49 -0800 Subject: [PATCH 304/304] test: add list repo Signed-off-by: emirot --- server/repository/repository_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/server/repository/repository_test.go b/server/repository/repository_test.go index dea5d1a30c885..bba3eb2a35dde 100644 --- a/server/repository/repository_test.go +++ b/server/repository/repository_test.go @@ -300,8 +300,8 @@ func TestRepositoryServer(t *testing.T) { db.On("GetRepository", context.TODO(), url).Return(nil, nil) db.On("ListHelmRepositories", context.TODO(), mock.Anything).Return(nil, nil) db.On("ListRepositories", context.TODO()).Return([]*appsv1.Repository{&fakeRepo, &fakeRepo}, nil) - appLister, projLister := newAppAndProjLister(defaultProj) - s := NewServer(&repoServerClientset, db, enforcer, newFixtures().Cache, appLister, projLister, settingsMgr) + + s := NewServer(&repoServerClientset, db, enforcer, newFixtures().Cache, appLister, projInformer, testNamespace, settingsMgr) resp, err := s.ListRepositories(context.TODO(), &repository.RepoQuery{}) assert.NoError(t, err) assert.Equal(t, 2, len(resp.Items))