Merge branch 'master' into davjlee/refactor/ready-tracker-flag

.github/workflows/benchmark.yaml

@@ -17,7 +17,7 @@ jobs:
  pull-requests: write
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+ uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
  with:
  egress-policy: audit
 

.github/workflows/check-manifest.yaml

@@ -32,7 +32,7 @@ jobs:
  timeout-minutes: 10
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+ uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
  with:
  egress-policy: audit
 

.github/workflows/codeql.yaml

@@ -17,20 +17,20 @@ jobs:
 
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+ uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
  with:
  egress-policy: audit
 
  - name: Checkout repository
  uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
 
  - name: Initialize CodeQL
- uses: github/codeql-action/init@4fa2a7953630fd2f3fb380f21be14ede0169dd4f
+ uses: github/codeql-action/init@2d790406f505036ef40ecba973cc774a50395aac
  with:
  languages: go
 
  - name: Autobuild
- uses: github/codeql-action/autobuild@4fa2a7953630fd2f3fb380f21be14ede0169dd4f
+ uses: github/codeql-action/autobuild@2d790406f505036ef40ecba973cc774a50395aac
 
  - name: Perform CodeQL Analysis
- uses: github/codeql-action/analyze@4fa2a7953630fd2f3fb380f21be14ede0169dd4f
+ uses: github/codeql-action/analyze@2d790406f505036ef40ecba973cc774a50395aac

.github/workflows/dapr-pubsub.yaml

@@ -20,7 +20,7 @@ jobs:
  DAPR_VERSION: ["1.12"]
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+ uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
  with:
  egress-policy: audit
 

.github/workflows/dependency-review.yml

@@ -17,7 +17,7 @@ jobs:
  runs-on: ubuntu-22.04
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+ uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
  with:
  egress-policy: audit
 

.github/workflows/license-lint.yaml

@@ -25,7 +25,7 @@ jobs:
  contents: read
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+ uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
  with:
  egress-policy: audit
 

.github/workflows/lint.yaml

@@ -33,7 +33,7 @@ jobs:
  runs-on: ubuntu-22.04
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+ uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
  with:
  egress-policy: audit
 

.github/workflows/patch-docs.yaml

@@ -13,7 +13,7 @@ jobs:
  runs-on: ubuntu-22.04
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+ uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
  with:
  egress-policy: audit
 

.github/workflows/pre-release.yaml

@@ -19,7 +19,7 @@ jobs:
  timeout-minutes: 30
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+ uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
  with:
  egress-policy: audit
 

.github/workflows/release-pr.yaml

@@ -18,7 +18,7 @@ jobs:
  runs-on: ubuntu-22.04
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+ uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
  with:
  egress-policy: audit
 

.github/workflows/release.yaml

@@ -27,7 +27,7 @@ jobs:
  docker system prune -a -f --filter "label!=org.opencontainers.image.source=https://github.com/stefanprodan/alpine-base"
 
  - name: Harden Runner
- uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+ uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
  with:
  egress-policy: audit
 

.github/workflows/scan-vulns.yaml

@@ -32,7 +32,7 @@ jobs:
  timeout-minutes: 15
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+ uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
  with:
  egress-policy: audit
 
@@ -48,7 +48,7 @@ jobs:
  timeout-minutes: 15
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+ uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
  with:
  egress-policy: audit
 

.github/workflows/scorecards.yml

@@ -31,7 +31,7 @@ jobs:
 
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+ uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
  with:
  egress-policy: audit
 
@@ -71,6 +71,6 @@ jobs:
 
  # Upload the results to GitHub's code scanning dashboard.
  - name: "Upload to code-scanning"
- uses: github/codeql-action/upload-sarif@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v3.25.12
+ uses: github/codeql-action/upload-sarif@2d790406f505036ef40ecba973cc774a50395aac # v3.25.13
  with:
  sarif_file: results.sarif

.github/workflows/test-gator.yaml

@@ -36,7 +36,7 @@ jobs:
  KUBERNETES_VERSION: ["1.26.3", "1.27.1", "1.28.0", "1.29.0"]
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+ uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
  with:
  egress-policy: audit
 

.github/workflows/unit-test.yaml

@@ -32,7 +32,7 @@ jobs:
  timeout-minutes: 20
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+ uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
  with:
  egress-policy: audit
 

.github/workflows/upgrade.yaml

@@ -26,7 +26,7 @@ jobs:
  HELM_VERSION: ["3.14.1"]
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+ uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
  with:
  egress-policy: audit
 

.github/workflows/website.yaml

@@ -25,7 +25,7 @@ jobs:
  working-directory: website
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+ uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
  with:
  egress-policy: audit
 

.github/workflows/workflow.yaml

@@ -36,7 +36,7 @@ jobs:
  KUBERNETES_VERSION: ["1.26.3", "1.27.1", "1.28.0", "1.29.0"]
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+ uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
  with:
  egress-policy: audit
 
@@ -98,7 +98,7 @@ jobs:
  GATEKEEPER_NAMESPACE: ["gatekeeper-system", "custom-namespace"]
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+ uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
  with:
  egress-policy: audit
 
@@ -164,7 +164,7 @@ jobs:
 
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+ uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
  with:
  egress-policy: audit
 

crd.Dockerfile

@@ -1,4 +1,4 @@
-FROM --platform=$TARGETPLATFORM registry.k8s.io/kubectl:v1.30.2 as builder
+FROM --platform=$TARGETPLATFORM registry.k8s.io/kubectl:v1.30.3 as builder
 
 ARG TARGETPLATFORM
 ARG TARGETOS

go.mod

@@ -3,7 +3,7 @@ module github.com/open-policy-agent/gatekeeper/v3
 go 1.21
 
 require (
- cloud.google.com/go/trace v1.10.7
+ cloud.google.com/go/trace v1.10.11
  github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.44.0
  github.com/dapr/go-sdk v1.8.0
  github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc
@@ -30,18 +30,18 @@ require (
  go.opentelemetry.io/otel/sdk/metric v1.19.0
  go.uber.org/automaxprocs v1.5.3
  go.uber.org/zap v1.26.0
- golang.org/x/net v0.26.0
- golang.org/x/oauth2 v0.19.0
+ golang.org/x/net v0.27.0
+ golang.org/x/oauth2 v0.21.0
  golang.org/x/sync v0.7.0
  golang.org/x/time v0.5.0
- google.golang.org/grpc v1.63.3
+ google.golang.org/grpc v1.64.1
  google.golang.org/protobuf v1.34.2
  gopkg.in/yaml.v2 v2.4.0
  gopkg.in/yaml.v3 v3.0.1
- k8s.io/api v0.29.6
- k8s.io/apiextensions-apiserver v0.29.6
- k8s.io/apimachinery v0.29.6
- k8s.io/client-go v0.29.6
+ k8s.io/api v0.29.7
+ k8s.io/apiextensions-apiserver v0.29.7
+ k8s.io/apimachinery v0.29.7
+ k8s.io/client-go v0.29.7
  k8s.io/klog/v2 v2.110.1
  k8s.io/utils v0.0.0-20230726121419-3b25d923346b
  oras.land/oras-go v1.2.5
@@ -51,10 +51,10 @@ require (
 )
 
 require (
- cloud.google.com/go/auth v0.3.0 // indirect
- cloud.google.com/go/auth/oauth2adapt v0.2.2 // indirect
- cloud.google.com/go/compute/metadata v0.3.0 // indirect
- cloud.google.com/go/monitoring v1.18.1 // indirect
+ cloud.google.com/go/auth v0.7.2 // indirect
+ cloud.google.com/go/auth/oauth2adapt v0.2.3 // indirect
+ cloud.google.com/go/compute/metadata v0.5.0 // indirect
+ cloud.google.com/go/monitoring v1.20.1 // indirect
  github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect
  github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.20.0 // indirect
  github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.44.0 // indirect
@@ -98,7 +98,7 @@ require (
  github.com/google/gofuzz v1.2.0 // indirect
  github.com/google/s2a-go v0.1.7 // indirect
  github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
- github.com/googleapis/gax-go/v2 v2.12.3 // indirect
+ github.com/googleapis/gax-go/v2 v2.13.0 // indirect
  github.com/gorilla/mux v1.8.1 // indirect
  github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 // indirect
  github.com/imdario/mergo v0.3.13 // indirect
@@ -137,19 +137,19 @@ require (
  go.opentelemetry.io/proto/otlp v1.0.0 // indirect
  go.uber.org/atomic v1.11.0 // indirect
  go.uber.org/multierr v1.11.0 // indirect
- golang.org/x/crypto v0.24.0 // indirect
+ golang.org/x/crypto v0.25.0 // indirect
  golang.org/x/exp v0.0.0-20230905200255-921286631fa9 // indirect
- golang.org/x/sys v0.21.0 // indirect
- golang.org/x/term v0.21.0 // indirect
+ golang.org/x/sys v0.22.0 // indirect
+ golang.org/x/term v0.22.0 // indirect
  golang.org/x/text v0.16.0 // indirect
  gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
- google.golang.org/api v0.177.0 // indirect
- google.golang.org/genproto v0.0.0-20240401170217-c3f982113cda // indirect
- google.golang.org/genproto/googleapis/api v0.0.0-20240429193739-8cf5692501f6 // indirect
- google.golang.org/genproto/googleapis/rpc v0.0.0-20240429193739-8cf5692501f6 // indirect
+ google.golang.org/api v0.189.0 // indirect
+ google.golang.org/genproto v0.0.0-20240722135656-d784300faade // indirect
+ google.golang.org/genproto/googleapis/api v0.0.0-20240722135656-d784300faade // indirect
+ google.golang.org/genproto/googleapis/rpc v0.0.0-20240722135656-d784300faade // indirect
  gopkg.in/inf.v0 v0.9.1 // indirect
- k8s.io/apiserver v0.29.6 // indirect
- k8s.io/component-base v0.29.6 // indirect
+ k8s.io/apiserver v0.29.7 // indirect
+ k8s.io/component-base v0.29.7 // indirect
  k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 // indirect
  sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.28.0 // indirect
  sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect