upgrade to latest dependencies (#80)

bumping knative.dev/serving 6e597fa...e82287d: > e82287d updates features cm to include new allowed securitycontext field (# 13407) > d108ba9 Allow setting seccompProfile to enable using restricted security profile (# 13401) > 388128b Run queue proxy with restricted profile (# 13376) Signed-off-by: Knative Automation <automation@knative.team> Signed-off-by: Knative Automation <automation@knative.team>
knative-extensions · Oct 20, 2022 · c88fed5 · c88fed5
1 parent 5a6160c
commit c88fed5
Show file tree

Hide file tree

Showing 4 changed files with 9 additions and 4 deletions.
diff --git a/go.mod b/go.mod
@@ -12,7 +12,7 @@ require (
 	k8s.io/client-go v0.25.2
 	knative.dev/hack v0.0.0-20221010154335-3fdc50b9c24a
 	knative.dev/pkg v0.0.0-20221011175852-714b7630a836
-	knative.dev/serving v0.34.1-0.20221017223110-6e597fa7fd73
+	knative.dev/serving v0.35.0
 )
 
 require (

diff --git a/go.sum b/go.sum
@@ -923,8 +923,8 @@ knative.dev/networking v0.0.0-20221012062251-58f3e6239b4f h1:e/08+ofUjGjSYV2Usvb
 knative.dev/networking v0.0.0-20221012062251-58f3e6239b4f/go.mod h1:GciicKYf4aWE138pT2ZKkZ/E10rd0Kt4ziX52A/HnVY=
 knative.dev/pkg v0.0.0-20221011175852-714b7630a836 h1:0N7Zo/O+xeUUebJPm9keBaGclrUoEbljr3J1MsqtaIM=
 knative.dev/pkg v0.0.0-20221011175852-714b7630a836/go.mod h1:DMTRDJ5WRxf/DrlOPzohzfhSuJggscLZ8EavOq9O/x8=
-knative.dev/serving v0.34.1-0.20221017223110-6e597fa7fd73 h1:8Z/YcMlmtXaIoB1Z7eG2Ek/WzN+742byNCHY7ygrVMI=
-knative.dev/serving v0.34.1-0.20221017223110-6e597fa7fd73/go.mod h1:eKvzlUmOFunHbVqkP5kmrNKSsjpo9TrYjWk/TK/4eGA=
+knative.dev/serving v0.35.0 h1:t2hsXoa9+YLb7NkOeL6sPVYCPvpiVuy8YK7hbMVW1NU=
+knative.dev/serving v0.35.0/go.mod h1:eKvzlUmOFunHbVqkP5kmrNKSsjpo9TrYjWk/TK/4eGA=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=

diff --git a/vendor/knative.dev/serving/pkg/apis/serving/fieldmask.go b/vendor/knative.dev/serving/pkg/apis/serving/fieldmask.go
@@ -600,12 +600,14 @@ func PodSecurityContextMask(ctx context.Context, in *corev1.PodSecurityContext)
 	out.RunAsNonRoot = in.RunAsNonRoot
 	out.FSGroup = in.FSGroup
 	out.SupplementalGroups = in.SupplementalGroups
+	out.SeccompProfile = in.SeccompProfile
 
 	// Disallowed
 	// This list is unnecessary, but added here for clarity
 	out.SELinuxOptions = nil
 	out.WindowsOptions = nil
 	out.Sysctls = nil
+	out.FSGroupChangePolicy = nil
 
 	return out
 }
@@ -631,6 +633,9 @@ func SecurityContextMask(ctx context.Context, in *corev1.SecurityContext) *corev
 	// AllowPrivilegeEscalation when unset can behave the same way as true
 	// We do want the ability for folks to set this value to false
 	out.AllowPrivilegeEscalation = in.AllowPrivilegeEscalation
+	// SeccompProfile defaults to "unconstrained", but the safe values are
+	// "RuntimeDefault" or "Localhost" (with localhost path set)
+	out.SeccompProfile = in.SeccompProfile
 
 	// Disallowed
 	// This list is unnecessary, but added here for clarity

diff --git a/vendor/modules.txt b/vendor/modules.txt
@@ -802,7 +802,7 @@ knative.dev/pkg/tracing/propagation
 knative.dev/pkg/tracing/propagation/tracecontextb3
 knative.dev/pkg/tracker
 knative.dev/pkg/websocket
-# knative.dev/serving v0.34.1-0.20221017223110-6e597fa7fd73
+# knative.dev/serving v0.35.0
 ## explicit; go 1.18
 knative.dev/serving/pkg/activator
 knative.dev/serving/pkg/apis/autoscaling