diff --git a/.github/workflows/ci-build.yaml b/.github/workflows/ci-build.yaml index 8fc850e0dd14a..84534d518f26b 100644 --- a/.github/workflows/ci-build.yaml +++ b/.github/workflows/ci-build.yaml @@ -13,7 +13,7 @@ on: env: # Golang version to use across CI steps - GOLANG_VERSION: '1.22' + GOLANG_VERSION: '1.21' concurrency: group: ${{ github.workflow }}-${{ github.ref }} @@ -43,8 +43,6 @@ jobs: frontend: - 'ui/**' - Dockerfile - docs: - - 'docs/**' check-go: name: Ensure Go modules synchronicity if: ${{ needs.changes.outputs.backend == 'true' }} @@ -171,12 +169,12 @@ jobs: - name: Run all unit tests run: make test-local - name: Generate code coverage artifacts - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 with: name: code-coverage path: coverage.out - name: Generate test results artifacts - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 with: name: test-results path: test-results/ @@ -240,14 +238,14 @@ jobs: - name: Run all unit tests run: make test-race-local - name: Generate test results artifacts - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 with: name: race-results path: test-results/ codegen: name: Check changes to generated code - if: ${{ needs.changes.outputs.backend == 'true' || needs.changes.outputs.docs == 'true'}} + if: ${{ needs.changes.outputs.backend == 'true' }} runs-on: ubuntu-22.04 needs: - changes @@ -359,11 +357,11 @@ jobs: run: | mkdir -p test-results - name: Get code coverage artifact - uses: actions/download-artifact@8caf195ad4b1dee92908e23f56eeb0696f1dd42d # v4.1.5 + uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 with: name: code-coverage - name: Get test result artifact - uses: actions/download-artifact@8caf195ad4b1dee92908e23f56eeb0696f1dd42d # v4.1.5 + uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 with: name: test-results path: test-results @@ -474,7 +472,7 @@ jobs: run: | docker pull ghcr.io/dexidp/dex:v2.38.0 docker pull argoproj/argo-cd-ci-builder:v1.0.0 - docker pull redis:7.0.15-alpine + docker pull redis:7.0.14-alpine - name: Create target directory for binaries in the build-process run: | mkdir -p dist @@ -502,7 +500,7 @@ jobs: set -x make test-e2e-local - name: Upload e2e-server logs - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 with: name: e2e-server-k8s${{ matrix.k3s-version }}.log path: /tmp/e2e-server.log diff --git a/.github/workflows/image-reuse.yaml b/.github/workflows/image-reuse.yaml index 2ba056b0cadfa..5b5a12b346fa1 100644 --- a/.github/workflows/image-reuse.yaml +++ b/.github/workflows/image-reuse.yaml @@ -134,7 +134,7 @@ jobs: echo "GIT_TREE_STATE=$(if [ -z "`git status --porcelain`" ]; then echo "clean" ; else echo "dirty"; fi)" >> $GITHUB_ENV - name: Free Disk Space (Ubuntu) - uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be + uses: jlumbroso/free-disk-space@4d9e71b726748f254fe64fa44d273194bd18ec91 with: large-packages: false docker-images: false diff --git a/.github/workflows/image.yaml b/.github/workflows/image.yaml index 3102e8361aa06..a7174e10de9db 100644 --- a/.github/workflows/image.yaml +++ b/.github/workflows/image.yaml @@ -52,7 +52,7 @@ jobs: uses: ./.github/workflows/image-reuse.yaml with: # Note: cannot use env variables to set go-version (https://docs.github.com/en/actions/using-workflows/reusing-workflows#limitations) - go-version: 1.22 + go-version: 1.21 platforms: ${{ needs.set-vars.outputs.platforms }} push: false @@ -68,7 +68,7 @@ jobs: quay_image_name: quay.io/argoproj/argocd:latest ghcr_image_name: ghcr.io/argoproj/argo-cd/argocd:${{ needs.set-vars.outputs.image-tag }} # Note: cannot use env variables to set go-version (https://docs.github.com/en/actions/using-workflows/reusing-workflows#limitations) - go-version: 1.22 + go-version: 1.21 platforms: ${{ needs.set-vars.outputs.platforms }} push: true secrets: @@ -86,7 +86,7 @@ jobs: packages: write # for uploading attestations. (https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#known-issues) if: ${{ github.repository == 'argoproj/argo-cd' && github.event_name == 'push' }} # Must be refernced by a tag. https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#referencing-the-slsa-generator - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v2.0.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.10.0 with: image: ghcr.io/argoproj/argo-cd/argocd digest: ${{ needs.build-and-publish.outputs.image-digest }} diff --git a/.github/workflows/init-release.yaml b/.github/workflows/init-release.yaml index 9c5ef7b2ab695..0a0430f27f96b 100644 --- a/.github/workflows/init-release.yaml +++ b/.github/workflows/init-release.yaml @@ -64,7 +64,7 @@ jobs: git stash pop - name: Create pull request - uses: peter-evans/create-pull-request@9153d834b60caba6d51c9b9510b087acf9f33f83 # v6.0.4 + uses: peter-evans/create-pull-request@153407881ec5c347639a548ade7d8ad1d6740e38 # v5.0.2 with: commit-message: "Bump version to ${{ inputs.TARGET_VERSION }}" title: "Bump version to ${{ inputs.TARGET_VERSION }} on ${{ inputs.TARGET_BRANCH }} branch" diff --git a/.github/workflows/pr-title-check.yml b/.github/workflows/pr-title-check.yml index 61c38548cf6ba..020535d7b8afa 100644 --- a/.github/workflows/pr-title-check.yml +++ b/.github/workflows/pr-title-check.yml @@ -23,7 +23,7 @@ jobs: name: Validate PR Title runs-on: ubuntu-latest steps: - - uses: thehanimo/pr-title-checker@1d8cd483a2b73118406a187f54dca8a9415f1375 # v1.4.2 + - uses: thehanimo/pr-title-checker@0cf5902181e78341bb97bb06646396e5bd354b3f # v1.4.0 with: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} configuration_path: ".github/pr-title-checker-config.json" diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index a3ecf2e5478c0..d332c075d0bd0 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -10,7 +10,7 @@ on: permissions: {} env: - GOLANG_VERSION: '1.22' # Note: go-version must also be set in job argocd-image.with.go-version + GOLANG_VERSION: '1.21' # Note: go-version must also be set in job argocd-image.with.go-version jobs: argocd-image: @@ -23,7 +23,7 @@ jobs: with: quay_image_name: quay.io/argoproj/argocd:${{ github.ref_name }} # Note: cannot use env variables to set go-version (https://docs.github.com/en/actions/using-workflows/reusing-workflows#limitations) - go-version: 1.22 + go-version: 1.21 platforms: linux/amd64,linux/arm64,linux/s390x,linux/ppc64le push: true secrets: @@ -38,7 +38,7 @@ jobs: packages: write # for uploading attestations. (https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#known-issues) # Must be refernced by a tag. https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#referencing-the-slsa-generator if: github.repository == 'argoproj/argo-cd' - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v2.0.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.10.0 with: image: quay.io/argoproj/argocd digest: ${{ needs.argocd-image.outputs.image-digest }} @@ -88,7 +88,7 @@ jobs: echo "GIT_TREE_STATE=$(if [ -z "`git status --porcelain`" ]; then echo "clean" ; else echo "dirty"; fi)" >> $GITHUB_ENV - name: Free Disk Space (Ubuntu) - uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be + uses: jlumbroso/free-disk-space@4d9e71b726748f254fe64fa44d273194bd18ec91 with: large-packages: false docker-images: false @@ -128,7 +128,7 @@ jobs: contents: write # Needed for release uploads if: github.repository == 'argoproj/argo-cd' # Must be refernced by a tag. https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#referencing-the-slsa-generator - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.10.0 with: base64-subjects: "${{ needs.goreleaser.outputs.hashes }}" provenance-name: "argocd-cli.intoto.jsonl" @@ -212,7 +212,7 @@ jobs: contents: write # Needed for release uploads if: github.repository == 'argoproj/argo-cd' # Must be refernced by a tag. https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#referencing-the-slsa-generator - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.10.0 with: base64-subjects: "${{ needs.generate-sbom.outputs.hashes }}" provenance-name: "argocd-sbom.intoto.jsonl" @@ -295,7 +295,7 @@ jobs: if: ${{ env.UPDATE_VERSION == 'true' }} - name: Create PR to update VERSION on master branch - uses: peter-evans/create-pull-request@9153d834b60caba6d51c9b9510b087acf9f33f83 # v6.0.4 + uses: peter-evans/create-pull-request@153407881ec5c347639a548ade7d8ad1d6740e38 # v5.0.2 with: commit-message: Bump version in master title: "chore: Bump version in master" diff --git a/.github/workflows/scorecard.yaml b/.github/workflows/scorecard.yaml index 4394d7739df22..ec3151949541d 100644 --- a/.github/workflows/scorecard.yaml +++ b/.github/workflows/scorecard.yaml @@ -54,7 +54,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 with: name: SARIF file path: results.sarif diff --git a/.gitignore b/.gitignore index cc5a439491dbb..ab17deb0db139 100644 --- a/.gitignore +++ b/.gitignore @@ -19,7 +19,6 @@ node_modules/ ./test/cmp/*.sock .envrc.remote .*.swp -rerunreport.txt # ignore built binaries cmd/argocd/argocd diff --git a/.goreleaser.yaml b/.goreleaser.yaml index 26341aa1d80c1..c156d37b19081 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -114,7 +114,7 @@ changelog: exclude: - '^test:' - '^.*?Bump(\([[:word:]]+\))?.+$' - - '^.*?[Bot](\([[:word:]]+\))?.+$' + - '^.*?\[Bot\](\([[:word:]]+\))?.+$' # yaml-language-server: $schema=https://goreleaser.com/static/schema.json diff --git a/.readthedocs.yaml b/.readthedocs.yml similarity index 100% rename from .readthedocs.yaml rename to .readthedocs.yml diff --git a/Dockerfile b/Dockerfile index 6ba69702b43e2..5f6a35d99616f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,10 +1,10 @@ -ARG BASE_IMAGE=docker.io/library/ubuntu:24.04@sha256:3f85b7caad41a95462cf5b787d8a04604c8262cdcdf9a472b8c52ef83375fe15 +ARG BASE_IMAGE=docker.io/library/ubuntu:22.04@sha256:0bced47fffa3361afa981854fcabcd4577cd43cebbb808cea2b1f33a3dd7f508 #################################################################################################### # Builder image # Initial stage which pulls prepares build dependencies and CLI tooling we need for our final image # Also used as the image in CI jobs so needs all dependencies #################################################################################################### -FROM docker.io/library/golang:1.22.1@sha256:0b55ab82ac2a54a6f8f85ec8b943b9e470c39e32c109b766bbc1b801f3fa8d3b AS builder +FROM docker.io/library/golang:1.21.9@sha256:7d0dcbe5807b1ad7272a598fbf9d7af15b5e2bed4fd6c4c2b5b3684df0b317dd AS builder RUN echo 'deb http://archive.debian.org/debian buster-backports main' >> /etc/apt/sources.list @@ -101,7 +101,7 @@ RUN HOST_ARCH=$TARGETARCH NODE_ENV='production' NODE_ONLINE_ENV='online' NODE_OP #################################################################################################### # Argo CD Build stage which performs the actual build of Argo CD binaries #################################################################################################### -FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.22.1@sha256:0b55ab82ac2a54a6f8f85ec8b943b9e470c39e32c109b766bbc1b801f3fa8d3b AS argocd-build +FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.21.9@sha256:7d0dcbe5807b1ad7272a598fbf9d7af15b5e2bed4fd6c4c2b5b3684df0b317dd AS argocd-build WORKDIR /go/src/github.com/argoproj/argo-cd diff --git a/USERS.md b/USERS.md index 202d91243368e..9d409af2e8114 100644 --- a/USERS.md +++ b/USERS.md @@ -18,7 +18,6 @@ Currently, the following organizations are **officially** using Argo CD: 1. [Albert Heijn](https://ah.nl/) 1. [Alibaba Group](https://www.alibabagroup.com/) 1. [Allianz Direct](https://www.allianzdirect.de/) -1. [AlphaSense](https://www.alpha-sense.com/) 1. [Amadeus IT Group](https://amadeus.com/) 1. [Ambassador Labs](https://www.getambassador.io/) 1. [Ancestry](https://www.ancestry.com/) @@ -36,7 +35,6 @@ Currently, the following organizations are **officially** using Argo CD: 1. [BCDevExchange DevOps Platform](https://bcdevexchange.org/DevOpsPlatform) 1. [Beat](https://thebeat.co/en/) 1. [Beez Innovation Labs](https://www.beezlabs.com/) -1. [Bedag Informatik AG](https://www.bedag.ch/) 1. [Beleza Na Web](https://www.belezanaweb.com.br/) 1. [BigPanda](https://bigpanda.io) 1. [BioBox Analytics](https://biobox.io) @@ -60,7 +58,6 @@ Currently, the following organizations are **officially** using Argo CD: 1. [Cisco ET&I](https://eti.cisco.com/) 1. [Cloud Posse](https://www.cloudposse.com/) 1. [Cloud Scale](https://cloudscaleinc.com/) -1. [CloudGeometry](https://www.cloudgeometry.io/) 1. [Cloudmate](https://cloudmt.co.kr/) 1. [Cloudogu](https://cloudogu.com/) 1. [Cobalt](https://www.cobalt.io/) @@ -135,7 +132,6 @@ Currently, the following organizations are **officially** using Argo CD: 1. [IABAI](https://www.iab.ai) 1. [IBM](https://www.ibm.com/) 1. [Ibotta](https://home.ibotta.com) -1. [IFS](https://www.ifs.com) 1. [IITS-Consulting](https://iits-consulting.de) 1. [IllumiDesk](https://www.illumidesk.com) 1. [imaware](https://imaware.health) @@ -183,7 +179,6 @@ Currently, the following organizations are **officially** using Argo CD: 1. [Meilleurs Agents](https://www.meilleursagents.com/) 1. [Mercedes-Benz Tech Innovation](https://www.mercedes-benz-techinnovation.com/) 1. [Mercedes-Benz.io](https://www.mercedes-benz.io/) -1. [Metacore Games](https://metacoregames.com/) 1. [Metanet](http://www.metanet.co.kr/en/) 1. [MindSpore](https://mindspore.cn) 1. [Mirantis](https://mirantis.com/) @@ -204,7 +199,6 @@ Currently, the following organizations are **officially** using Argo CD: 1. [Objective](https://www.objective.com.br/) 1. [OCCMundial](https://occ.com.mx) 1. [Octadesk](https://octadesk.com) -1. [Octopus Deploy](https://octopus.com) 1. [Olfeo](https://www.olfeo.com/) 1. [omegaUp](https://omegaUp.com) 1. [Omni](https://omni.se/) @@ -231,7 +225,6 @@ Currently, the following organizations are **officially** using Argo CD: 1. [Percona](https://percona.com/) 1. [PGS](https://www.pgs.com) 1. [Pigment](https://www.gopigment.com/) -1. [Pipedrive](https://www.pipedrive.com/) 1. [Pipefy](https://www.pipefy.com/) 1. [Pismo](https://pismo.io/) 1. [PITS Globale Datenrettungsdienste](https://www.pitsdatenrettung.de/) @@ -251,6 +244,7 @@ Currently, the following organizations are **officially** using Argo CD: 1. [Quipper](https://www.quipper.com/) 1. [RapidAPI](https://www.rapidapi.com/) 1. [rebuy](https://www.rebuy.de/) +1. [Recreation.gov](https://www.recreation.gov/) 1. [Red Hat](https://www.redhat.com/) 1. [Redpill Linpro](https://www.redpill-linpro.com/) 1. [Reenigne Cloud](https://reenigne.ca) @@ -261,7 +255,6 @@ Currently, the following organizations are **officially** using Argo CD: 1. [Riskified](https://www.riskified.com/) 1. [Robotinfra](https://www.robotinfra.com) 1. [Rocket.Chat](https://rocket.chat) -1. [Rogo](https://rogodata.com) 1. [Rubin Observatory](https://www.lsst.org) 1. [Saildrone](https://www.saildrone.com/) 1. [Salad Technologies](https://salad.com/) diff --git a/VERSION b/VERSION index 46b81d815a23b..9e5bb77a3ba1a 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.11.0 +2.11.2 diff --git a/applicationset/controllers/applicationset_controller.go b/applicationset/controllers/applicationset_controller.go index 10e2ea35573af..dd65d51055162 100644 --- a/applicationset/controllers/applicationset_controller.go +++ b/applicationset/controllers/applicationset_controller.go @@ -111,19 +111,15 @@ func (r *ApplicationSetReconciler) Reconcile(ctx context.Context, req ctrl.Reque // Do not attempt to further reconcile the ApplicationSet if it is being deleted. if applicationSetInfo.ObjectMeta.DeletionTimestamp != nil { - appsetName := applicationSetInfo.ObjectMeta.Name - logCtx.Debugf("DeletionTimestamp is set on %s", appsetName) deleteAllowed := utils.DefaultPolicy(applicationSetInfo.Spec.SyncPolicy, r.Policy, r.EnablePolicyOverride).AllowDelete() if !deleteAllowed { - logCtx.Debugf("ApplicationSet policy does not allow to delete") if err := r.removeOwnerReferencesOnDeleteAppSet(ctx, applicationSetInfo); err != nil { return ctrl.Result{}, err } - logCtx.Debugf("ownerReferences referring %s is deleted from generated applications", appsetName) - } - controllerutil.RemoveFinalizer(&applicationSetInfo, argov1alpha1.ResourcesFinalizerName) - if err := r.Update(ctx, &applicationSetInfo); err != nil { - return ctrl.Result{}, err + controllerutil.RemoveFinalizer(&applicationSetInfo, argov1alpha1.ResourcesFinalizerName) + if err := r.Update(ctx, &applicationSetInfo); err != nil { + return ctrl.Result{}, err + } } return ctrl.Result{}, nil } @@ -172,16 +168,6 @@ func (r *ApplicationSetReconciler) Reconcile(ctx context.Context, req ctrl.Reque return ctrl.Result{RequeueAfter: ReconcileRequeueOnValidationError}, nil } - currentApplications, err := r.getCurrentApplications(ctx, applicationSetInfo) - if err != nil { - return ctrl.Result{}, fmt.Errorf("failed to get current applications for application set: %w", err) - } - - err = r.updateResourcesStatus(ctx, logCtx, &applicationSetInfo, currentApplications) - if err != nil { - return ctrl.Result{}, fmt.Errorf("failed to get update resources status for application set: %w", err) - } - // appMap is a name->app collection of Applications in this ApplicationSet. appMap := map[string]argov1alpha1.Application{} // appSyncMap tracks which apps will be synced during this reconciliation. @@ -198,11 +184,16 @@ func (r *ApplicationSetReconciler) Reconcile(ctx context.Context, req ctrl.Reque } } else if applicationSetInfo.Spec.Strategy != nil { // appset uses progressive sync - for _, app := range currentApplications { + applications, err := r.getCurrentApplications(ctx, applicationSetInfo) + if err != nil { + return ctrl.Result{}, fmt.Errorf("failed to get current applications for application set: %w", err) + } + + for _, app := range applications { appMap[app.Name] = app } - appSyncMap, err = r.performProgressiveSyncs(ctx, logCtx, applicationSetInfo, currentApplications, desiredApplications, appMap) + appSyncMap, err = r.performProgressiveSyncs(ctx, logCtx, applicationSetInfo, applications, desiredApplications, appMap) if err != nil { return ctrl.Result{}, fmt.Errorf("failed to perform progressive sync reconciliation for application set: %w", err) } @@ -1374,86 +1365,6 @@ func findApplicationStatusIndex(appStatuses []argov1alpha1.ApplicationSetApplica return -1 } -func (r *ApplicationSetReconciler) updateResourcesStatus(ctx context.Context, logCtx *log.Entry, appset *argov1alpha1.ApplicationSet, apps []argov1alpha1.Application) error { - statusMap := getResourceStatusMap(appset) - statusMap = buildResourceStatus(statusMap, apps) - - statuses := []argov1alpha1.ResourceStatus{} - for _, status := range statusMap { - statuses = append(statuses, status) - } - appset.Status.Resources = statuses - - namespacedName := types.NamespacedName{Namespace: appset.Namespace, Name: appset.Name} - err := r.Client.Status().Update(ctx, appset) - if err != nil { - - logCtx.Errorf("unable to set application set status: %v", err) - return fmt.Errorf("unable to set application set status: %v", err) - } - - if err := r.Get(ctx, namespacedName, appset); err != nil { - if client.IgnoreNotFound(err) != nil { - return nil - } - return fmt.Errorf("error fetching updated application set: %v", err) - } - - return nil -} - -func buildResourceStatus(statusMap map[string]argov1alpha1.ResourceStatus, apps []argov1alpha1.Application) map[string]argov1alpha1.ResourceStatus { - appMap := map[string]argov1alpha1.Application{} - for _, app := range apps { - appCopy := app - appMap[app.Name] = app - - gvk := app.GroupVersionKind() - // Create status if it does not exist - status, ok := statusMap[app.Name] - if !ok { - status = argov1alpha1.ResourceStatus{ - Group: gvk.Group, - Version: gvk.Version, - Kind: gvk.Kind, - Name: app.Name, - Namespace: app.Namespace, - Status: app.Status.Sync.Status, - Health: &appCopy.Status.Health, - } - } - - status.Group = gvk.Group - status.Version = gvk.Version - status.Kind = gvk.Kind - status.Name = app.Name - status.Namespace = app.Namespace - status.Status = app.Status.Sync.Status - status.Health = &appCopy.Status.Health - - statusMap[app.Name] = status - } - cleanupDeletedApplicationStatuses(statusMap, appMap) - - return statusMap -} - -func getResourceStatusMap(appset *argov1alpha1.ApplicationSet) map[string]argov1alpha1.ResourceStatus { - statusMap := map[string]argov1alpha1.ResourceStatus{} - for _, status := range appset.Status.Resources { - statusMap[status.Name] = status - } - return statusMap -} - -func cleanupDeletedApplicationStatuses(statusMap map[string]argov1alpha1.ResourceStatus, apps map[string]argov1alpha1.Application) { - for name := range statusMap { - if _, ok := apps[name]; !ok { - delete(statusMap, name) - } - } -} - // setApplicationSetApplicationStatus updates the ApplicatonSet's status field // with any new/changed Application statuses. func (r *ApplicationSetReconciler) setAppSetApplicationStatus(ctx context.Context, logCtx *log.Entry, applicationSet *argov1alpha1.ApplicationSet, applicationStatuses []argov1alpha1.ApplicationSetApplicationStatus) error { diff --git a/applicationset/controllers/applicationset_controller_test.go b/applicationset/controllers/applicationset_controller_test.go index 790682d98eead..ac1a17447ccea 100644 --- a/applicationset/controllers/applicationset_controller_test.go +++ b/applicationset/controllers/applicationset_controller_test.go @@ -6132,219 +6132,6 @@ func TestUpdateApplicationSetApplicationStatusProgress(t *testing.T) { } } -func TestUpdateResourceStatus(t *testing.T) { - - scheme := runtime.NewScheme() - err := v1alpha1.AddToScheme(scheme) - assert.Nil(t, err) - - err = v1alpha1.AddToScheme(scheme) - assert.Nil(t, err) - - for _, cc := range []struct { - name string - appSet v1alpha1.ApplicationSet - apps []v1alpha1.Application - expectedResources []v1alpha1.ResourceStatus - }{ - { - name: "handles an empty application list", - appSet: v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "name", - Namespace: "argocd", - }, - Status: v1alpha1.ApplicationSetStatus{ - Resources: []v1alpha1.ResourceStatus{}, - }, - }, - apps: []v1alpha1.Application{}, - expectedResources: nil, - }, - { - name: "adds status if no existing statuses", - appSet: v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "name", - Namespace: "argocd", - }, - Status: v1alpha1.ApplicationSetStatus{ - ApplicationStatus: []v1alpha1.ApplicationSetApplicationStatus{}, - }, - }, - apps: []v1alpha1.Application{ - { - ObjectMeta: metav1.ObjectMeta{ - Name: "app1", - }, - Status: v1alpha1.ApplicationStatus{ - Sync: v1alpha1.SyncStatus{ - Status: v1alpha1.SyncStatusCodeSynced, - }, - Health: v1alpha1.HealthStatus{ - Status: health.HealthStatusHealthy, - Message: "OK", - }, - }, - }, - }, - expectedResources: []v1alpha1.ResourceStatus{ - { - Name: "app1", - Status: v1alpha1.SyncStatusCodeSynced, - Health: &v1alpha1.HealthStatus{ - Status: health.HealthStatusHealthy, - Message: "OK", - }, - }, - }, - }, - { - name: "handles an applicationset with existing and up-to-date status", - appSet: v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "name", - Namespace: "argocd", - }, - Status: v1alpha1.ApplicationSetStatus{ - Resources: []v1alpha1.ResourceStatus{ - { - Name: "app1", - Status: v1alpha1.SyncStatusCodeSynced, - Health: &v1alpha1.HealthStatus{ - Status: health.HealthStatusHealthy, - Message: "OK", - }, - }, - }, - }, - }, - apps: []v1alpha1.Application{ - { - ObjectMeta: metav1.ObjectMeta{ - Name: "app1", - }, - Status: v1alpha1.ApplicationStatus{ - Sync: v1alpha1.SyncStatus{ - Status: v1alpha1.SyncStatusCodeSynced, - }, - Health: v1alpha1.HealthStatus{ - Status: health.HealthStatusHealthy, - Message: "OK", - }, - }, - }, - }, - expectedResources: []v1alpha1.ResourceStatus{ - { - Name: "app1", - Status: v1alpha1.SyncStatusCodeSynced, - Health: &v1alpha1.HealthStatus{ - Status: health.HealthStatusHealthy, - Message: "OK", - }, - }, - }, - }, - { - name: "updates an applicationset with existing and out of date status", - appSet: v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "name", - Namespace: "argocd", - }, - Status: v1alpha1.ApplicationSetStatus{ - Resources: []v1alpha1.ResourceStatus{ - { - Name: "app1", - Status: v1alpha1.SyncStatusCodeOutOfSync, - Health: &v1alpha1.HealthStatus{ - Status: health.HealthStatusProgressing, - Message: "Progressing", - }, - }, - }, - }, - }, - apps: []v1alpha1.Application{ - { - ObjectMeta: metav1.ObjectMeta{ - Name: "app1", - }, - Status: v1alpha1.ApplicationStatus{ - Sync: v1alpha1.SyncStatus{ - Status: v1alpha1.SyncStatusCodeSynced, - }, - Health: v1alpha1.HealthStatus{ - Status: health.HealthStatusHealthy, - Message: "OK", - }, - }, - }, - }, - expectedResources: []v1alpha1.ResourceStatus{ - { - Name: "app1", - Status: v1alpha1.SyncStatusCodeSynced, - Health: &v1alpha1.HealthStatus{ - Status: health.HealthStatusHealthy, - Message: "OK", - }, - }, - }, - }, - { - name: "deletes an applicationset status if the application no longer exists", - appSet: v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "name", - Namespace: "argocd", - }, - Status: v1alpha1.ApplicationSetStatus{ - Resources: []v1alpha1.ResourceStatus{ - { - Name: "app1", - Status: v1alpha1.SyncStatusCodeSynced, - Health: &v1alpha1.HealthStatus{ - Status: health.HealthStatusHealthy, - Message: "OK", - }, - }, - }, - }, - }, - apps: []v1alpha1.Application{}, - expectedResources: nil, - }, - } { - - t.Run(cc.name, func(t *testing.T) { - - kubeclientset := kubefake.NewSimpleClientset([]runtime.Object{}...) - argoDBMock := dbmocks.ArgoDB{} - argoObjs := []runtime.Object{} - - client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&cc.appSet).Build() - - r := ApplicationSetReconciler{ - Client: client, - Scheme: scheme, - Recorder: record.NewFakeRecorder(1), - Cache: &fakeCache{}, - Generators: map[string]generators.Generator{}, - ArgoDB: &argoDBMock, - ArgoAppClientset: appclientset.NewSimpleClientset(argoObjs...), - KubeClientset: kubeclientset, - } - - err := r.updateResourcesStatus(context.TODO(), log.NewEntry(log.StandardLogger()), &cc.appSet, cc.apps) - - assert.Equal(t, err, nil, "expected no errors, but errors occured") - assert.Equal(t, cc.expectedResources, cc.appSet.Status.Resources, "expected resources did not match actual") - }) - } -} - func TestOwnsHandler(t *testing.T) { // progressive syncs do not affect create, delete, or generic ownsHandler := getOwnsHandlerPredicates(true) diff --git a/assets/swagger.json b/assets/swagger.json index edb8da0350657..8a412bc58492f 100644 --- a/assets/swagger.json +++ b/assets/swagger.json @@ -2030,43 +2030,6 @@ } } }, - "/api/v1/applicationsets/{name}/resource-tree": { - "get": { - "tags": [ - "ApplicationSetService" - ], - "summary": "ResourceTree returns resource tree", - "operationId": "ApplicationSetService_ResourceTree", - "parameters": [ - { - "type": "string", - "name": "name", - "in": "path", - "required": true - }, - { - "type": "string", - "description": "The application set namespace. Default empty is argocd control plane namespace.", - "name": "appsetNamespace", - "in": "query" - } - ], - "responses": { - "200": { - "description": "A successful response.", - "schema": { - "$ref": "#/definitions/v1alpha1ApplicationSetTree" - } - }, - "default": { - "description": "An unexpected error response.", - "schema": { - "$ref": "#/definitions/runtimeError" - } - } - } - } - }, "/api/v1/certificates": { "get": { "tags": [ @@ -6238,13 +6201,6 @@ "items": { "$ref": "#/definitions/v1alpha1ApplicationSetCondition" } - }, - "resources": { - "description": "Resources is a list of Applications resources managed by this application set.", - "type": "array", - "items": { - "$ref": "#/definitions/v1alpha1ResourceStatus" - } } } }, @@ -6316,19 +6272,6 @@ } } }, - "v1alpha1ApplicationSetTree": { - "type": "object", - "title": "ApplicationSetTree holds nodes which belongs to the application\nUsed to build a tree of an ApplicationSet and its children", - "properties": { - "nodes": { - "type": "array", - "title": "Nodes contains list of nodes which are directly managed by the applicationset", - "items": { - "$ref": "#/definitions/v1alpha1ResourceNode" - } - } - } - }, "v1alpha1ApplicationSource": { "type": "object", "title": "ApplicationSource contains all required information about the source of an application", diff --git a/cmd/argocd/commands/admin/admin.go b/cmd/argocd/commands/admin/admin.go index 01a07e3021fc9..9c56b066d552c 100644 --- a/cmd/argocd/commands/admin/admin.go +++ b/cmd/argocd/commands/admin/admin.go @@ -66,6 +66,7 @@ $ argocd admin initial-password reset command.AddCommand(NewDashboardCommand(clientOpts)) command.AddCommand(NewNotificationsCommand()) command.AddCommand(NewInitialPasswordCommand()) + command.AddCommand(NewRedisInitialPasswordCommand()) command.Flags().StringVar(&cmdutil.LogFormat, "logformat", "text", "Set the logging format. One of: text|json") command.Flags().StringVar(&cmdutil.LogLevel, "loglevel", "info", "Set the logging level. One of: debug|info|warn|error") diff --git a/cmd/argocd/commands/admin/redis_initial_password.go b/cmd/argocd/commands/admin/redis_initial_password.go new file mode 100644 index 0000000000000..8fa1e70ad890e --- /dev/null +++ b/cmd/argocd/commands/admin/redis_initial_password.go @@ -0,0 +1,98 @@ +package admin + +import ( + "context" + "crypto/rand" + "fmt" + "math/big" + + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" + "github.com/argoproj/argo-cd/v2/util/cli" + apierr "k8s.io/apimachinery/pkg/api/errors" + + "github.com/argoproj/argo-cd/v2/util/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/kubernetes" + "k8s.io/client-go/tools/clientcmd" + + "github.com/spf13/cobra" + corev1 "k8s.io/api/core/v1" +) + +const defaulRedisInitialPasswordSecretName = "argocd-redis" +const defaultResisInitialPasswordKey = "auth" + +func generateRandomPassword() (string, error) { + const initialPasswordLength = 16 + const letters = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz-" + randBytes := make([]byte, initialPasswordLength) + for i := 0; i < initialPasswordLength; i++ { + num, err := rand.Int(rand.Reader, big.NewInt(int64(len(letters)))) + if err != nil { + return "", err + } + randBytes[i] = letters[num.Int64()] + } + initialPassword := string(randBytes) + return initialPassword, nil +} + +// NewRedisInitialPasswordCommand defines a new command to ensure Argo CD Redis password secret exists. +func NewRedisInitialPasswordCommand() *cobra.Command { + var ( + clientConfig clientcmd.ClientConfig + ) + var command = cobra.Command{ + Use: "redis-initial-password", + Short: "Ensure the Redis password exists, creating a new one if necessary.", + Run: func(c *cobra.Command, args []string) { + namespace, _, err := clientConfig.Namespace() + errors.CheckError(err) + + redisInitialPasswordSecretName := defaulRedisInitialPasswordSecretName + redisInitialPasswordKey := defaultResisInitialPasswordKey + fmt.Printf("Checking for initial Redis password in secret %s/%s at key %s. \n", namespace, redisInitialPasswordSecretName, redisInitialPasswordKey) + + config, err := clientConfig.ClientConfig() + errors.CheckError(err) + errors.CheckError(v1alpha1.SetK8SConfigDefaults(config)) + + kubeClientset := kubernetes.NewForConfigOrDie(config) + + randomPassword, err := generateRandomPassword() + errors.CheckError(err) + + data := map[string][]byte{ + redisInitialPasswordKey: []byte(randomPassword), + } + secret := &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: redisInitialPasswordSecretName, + Namespace: namespace, + }, + Data: data, + Type: corev1.SecretTypeOpaque, + } + _, err = kubeClientset.CoreV1().Secrets(namespace).Create(context.Background(), secret, metav1.CreateOptions{}) + if err != nil && !apierr.IsAlreadyExists(err) { + errors.CheckError(err) + } + + fmt.Println("Argo CD Redis secret state confirmed: secret name argocd-redis.") + secret, err = kubeClientset.CoreV1().Secrets(namespace).Get(context.Background(), redisInitialPasswordSecretName, v1.GetOptions{}) + errors.CheckError(err) + + if _, ok := secret.Data[redisInitialPasswordKey]; ok { + fmt.Println("Password secret is configured properly.") + } else { + err := fmt.Errorf("key %s doesn't exist in secret %s. \n", redisInitialPasswordKey, redisInitialPasswordSecretName) + errors.CheckError(err) + } + }, + } + + clientConfig = cli.AddKubectlFlagsToCmd(&command) + + return &command +} diff --git a/cmd/argocd/commands/app.go b/cmd/argocd/commands/app.go index 1d7ed56668423..9fe2ccc9c8ba5 100644 --- a/cmd/argocd/commands/app.go +++ b/cmd/argocd/commands/app.go @@ -51,7 +51,6 @@ import ( "github.com/argoproj/argo-cd/v2/util/git" "github.com/argoproj/argo-cd/v2/util/grpc" argoio "github.com/argoproj/argo-cd/v2/util/io" - logutils "github.com/argoproj/argo-cd/v2/util/log" "github.com/argoproj/argo-cd/v2/util/manifeststream" "github.com/argoproj/argo-cd/v2/util/templates" "github.com/argoproj/argo-cd/v2/util/text/label" @@ -1313,7 +1312,6 @@ func findandPrintDiff(ctx context.Context, app *argoappv1.Application, proj *arg WithDiffSettings(app.Spec.IgnoreDifferences, overrides, ignoreAggregatedRoles, ignoreNormalizerOpts). WithTracking(argoSettings.AppLabelKey, argoSettings.TrackingMethod). WithNoCache(). - WithLogger(logutils.NewLogrusLogger(logutils.NewWithCurrentConfig())). Build() errors.CheckError(err) diffRes, err := argodiff.StateDiff(item.live, item.target, diffConfig) diff --git a/cmd/argocd/commands/root.go b/cmd/argocd/commands/root.go index 1ad9f4e798ddc..5c3b984e5bff5 100644 --- a/cmd/argocd/commands/root.go +++ b/cmd/argocd/commands/root.go @@ -75,11 +75,11 @@ func NewCommand() *cobra.Command { command.PersistentFlags().StringVar(&clientOpts.GRPCWebRootPath, "grpc-web-root-path", config.GetFlag("grpc-web-root-path", ""), "Enables gRPC-web protocol. Useful if Argo CD server is behind proxy which does not support HTTP2. Set web root.") command.PersistentFlags().StringVar(&cmdutil.LogFormat, "logformat", config.GetFlag("logformat", "text"), "Set the logging format. One of: text|json") command.PersistentFlags().StringVar(&cmdutil.LogLevel, "loglevel", config.GetFlag("loglevel", "info"), "Set the logging level. One of: debug|info|warn|error") - command.PersistentFlags().StringSliceVarP(&clientOpts.Headers, "header", "H", config.GetStringSliceFlag("header", []string{}), "Sets additional header to all requests made by Argo CD CLI. (Can be repeated multiple times to add multiple headers, also supports comma separated headers)") + command.PersistentFlags().StringSliceVarP(&clientOpts.Headers, "header", "H", []string{}, "Sets additional header to all requests made by Argo CD CLI. (Can be repeated multiple times to add multiple headers, also supports comma separated headers)") command.PersistentFlags().BoolVar(&clientOpts.PortForward, "port-forward", config.GetBoolFlag("port-forward"), "Connect to a random argocd-server port using port forwarding") command.PersistentFlags().StringVar(&clientOpts.PortForwardNamespace, "port-forward-namespace", config.GetFlag("port-forward-namespace", ""), "Namespace name which should be used for port forwarding") - command.PersistentFlags().IntVar(&clientOpts.HttpRetryMax, "http-retry-max", config.GetIntFlag("http-retry-max", 0), "Maximum number of retries to establish http connection to Argo CD server") - command.PersistentFlags().BoolVar(&clientOpts.Core, "core", config.GetBoolFlag("core"), "If set to true then CLI talks directly to Kubernetes instead of talking to Argo CD API server") + command.PersistentFlags().IntVar(&clientOpts.HttpRetryMax, "http-retry-max", 0, "Maximum number of retries to establish http connection to Argo CD server") + command.PersistentFlags().BoolVar(&clientOpts.Core, "core", false, "If set to true then CLI talks directly to Kubernetes instead of talking to Argo CD API server") command.PersistentFlags().StringVar(&clientOpts.ServerName, "server-name", env.StringFromEnv(common.EnvServerName, common.DefaultServerName), fmt.Sprintf("Name of the Argo CD API server; set this or the %s environment variable when the server's name label differs from the default, for example when installing via the Helm chart", common.EnvServerName)) command.PersistentFlags().StringVar(&clientOpts.AppControllerName, "controller-name", env.StringFromEnv(common.EnvAppControllerName, common.DefaultApplicationControllerName), fmt.Sprintf("Name of the Argo CD Application controller; set this or the %s environment variable when the controller's name label differs from the default, for example when installing via the Helm chart", common.EnvAppControllerName)) command.PersistentFlags().StringVar(&clientOpts.RedisHaProxyName, "redis-haproxy-name", env.StringFromEnv(common.EnvRedisHaProxyName, common.DefaultRedisHaProxyName), fmt.Sprintf("Name of the Redis HA Proxy; set this or the %s environment variable when the HA Proxy's name label differs from the default, for example when installing via the Helm chart", common.EnvRedisHaProxyName)) diff --git a/cmpserver/apiclient/clientset.go b/cmpserver/apiclient/clientset.go index e624474f2d34b..025625ff8092e 100644 --- a/cmpserver/apiclient/clientset.go +++ b/cmpserver/apiclient/clientset.go @@ -2,9 +2,6 @@ package apiclient import ( "context" - "github.com/argoproj/argo-cd/v2/common" - "github.com/argoproj/argo-cd/v2/util/env" - "math" "time" grpc_middleware "github.com/grpc-ecosystem/go-grpc-middleware" @@ -17,9 +14,9 @@ import ( "github.com/argoproj/argo-cd/v2/util/io" ) -var ( +const ( // MaxGRPCMessageSize contains max grpc message size - MaxGRPCMessageSize = env.ParseNumFromEnv(common.EnvGRPCMaxSizeMB, 100, 0, math.MaxInt32) * 1024 * 1024 + MaxGRPCMessageSize = 100 * 1024 * 1024 ) // Clientset represents config management plugin server api clients diff --git a/cmpserver/plugin/plugin_test.go b/cmpserver/plugin/plugin_test.go index 20480f247d0e4..b253dc414cbdc 100644 --- a/cmpserver/plugin/plugin_test.go +++ b/cmpserver/plugin/plugin_test.go @@ -369,7 +369,7 @@ func TestRunCommandEmptyCommand(t *testing.T) { assert.ErrorContains(t, err, "Command is empty") } -// TestRunCommandContextTimeoutWithCleanup makes sure that the process is given enough time to cleanup before sending SIGKILL. +// TestRunCommandContextTimeoutWithGracefulTermination makes sure that the process is given enough time to cleanup before sending SIGKILL. func TestRunCommandContextTimeoutWithCleanup(t *testing.T) { ctx, cancel := context.WithTimeout(context.Background(), 900*time.Millisecond) defer cancel() diff --git a/cmpserver/server.go b/cmpserver/server.go index 1d07e531394d3..13abb1c02aed0 100644 --- a/cmpserver/server.go +++ b/cmpserver/server.go @@ -46,13 +46,13 @@ func NewServer(initConstants plugin.CMPServerInitConstants) (*ArgoCDCMPServer, e serverLog := log.NewEntry(log.StandardLogger()) streamInterceptors := []grpc.StreamServerInterceptor{ - otelgrpc.StreamServerInterceptor(), + otelgrpc.StreamServerInterceptor(), //nolint:staticcheck // TODO: ignore SA1019 for depreciation: see https://github.com/argoproj/argo-cd/issues/18258 grpc_logrus.StreamServerInterceptor(serverLog), grpc_prometheus.StreamServerInterceptor, grpc_util.PanicLoggerStreamServerInterceptor(serverLog), } unaryInterceptors := []grpc.UnaryServerInterceptor{ - otelgrpc.UnaryServerInterceptor(), + otelgrpc.UnaryServerInterceptor(), //nolint:staticcheck // TODO: ignore SA1019 for depreciation: see https://github.com/argoproj/argo-cd/issues/18258 grpc_logrus.UnaryServerInterceptor(serverLog), grpc_prometheus.UnaryServerInterceptor, grpc_util.PanicLoggerUnaryServerInterceptor(serverLog), diff --git a/common/common.go b/common/common.go index b825ccddef91f..f4b176946bcbd 100644 --- a/common/common.go +++ b/common/common.go @@ -273,8 +273,6 @@ const ( // EnvServerSideDiff defines the env var used to enable ServerSide Diff feature. // If defined, value must be "true" or "false". EnvServerSideDiff = "ARGOCD_APPLICATION_CONTROLLER_SERVER_SIDE_DIFF" - // EnvGRPCMaxSizeMB is the environment variable to look for a max GRPC message size - EnvGRPCMaxSizeMB = "ARGOCD_GRPC_MAX_SIZE_MB" ) // Config Management Plugin related constants diff --git a/controller/appcontroller.go b/controller/appcontroller.go index 13a05c003e660..b2c884f8be614 100644 --- a/controller/appcontroller.go +++ b/controller/appcontroller.go @@ -1923,7 +1923,15 @@ func (ctrl *ApplicationController) autoSync(app *appv1.Application, syncStatus * } else { ctrl.writeBackToInformer(updatedApp) } - message := fmt.Sprintf("Initiated automated sync to '%s'", desiredCommitSHA) + + var target string + if updatedApp.Spec.HasMultipleSources() { + target = strings.Join(desiredCommitSHAsMS, ", ") + } else { + target = desiredCommitSHA + } + message := fmt.Sprintf("Initiated automated sync to '%s'", target) + ctrl.auditLogger.LogAppEvent(app, argo.EventInfo{Reason: argo.EventReasonOperationStarted, Type: v1.EventTypeNormal}, message, "") logCtx.Info(message) return nil, setOpTime diff --git a/controller/cache/cache.go b/controller/cache/cache.go index 20879ae4f920a..ddfe2b17fdc31 100644 --- a/controller/cache/cache.go +++ b/controller/cache/cache.go @@ -290,7 +290,8 @@ func isRootAppNode(r *clustercache.Resource) bool { } func getApp(r *clustercache.Resource, ns map[kube.ResourceKey]*clustercache.Resource) string { - return getAppRecursive(r, ns, map[kube.ResourceKey]bool{}) + name, _ := getAppRecursive(r, ns, map[kube.ResourceKey]bool{}) + return name } func ownerRefGV(ownerRef metav1.OwnerReference) schema.GroupVersion { @@ -301,27 +302,31 @@ func ownerRefGV(ownerRef metav1.OwnerReference) schema.GroupVersion { return gv } -func getAppRecursive(r *clustercache.Resource, ns map[kube.ResourceKey]*clustercache.Resource, visited map[kube.ResourceKey]bool) string { +func getAppRecursive(r *clustercache.Resource, ns map[kube.ResourceKey]*clustercache.Resource, visited map[kube.ResourceKey]bool) (string, bool) { if !visited[r.ResourceKey()] { visited[r.ResourceKey()] = true } else { log.Warnf("Circular dependency detected: %v.", visited) - return resInfo(r).AppName + return resInfo(r).AppName, false } if resInfo(r).AppName != "" { - return resInfo(r).AppName + return resInfo(r).AppName, true } for _, ownerRef := range r.OwnerRefs { gv := ownerRefGV(ownerRef) if parent, ok := ns[kube.NewResourceKey(gv.Group, ownerRef.Kind, r.Ref.Namespace, ownerRef.Name)]; ok { - app := getAppRecursive(parent, ns, visited) - if app != "" { - return app + visited_branch := make(map[kube.ResourceKey]bool, len(visited)) + for k, v := range visited { + visited_branch[k] = v + } + app, ok := getAppRecursive(parent, ns, visited_branch) + if app != "" || !ok { + return app, ok } } } - return "" + return "", true } var ( diff --git a/controller/cache/cache_test.go b/controller/cache/cache_test.go index 53a03ca81995e..584f311f2ee30 100644 --- a/controller/cache/cache_test.go +++ b/controller/cache/cache_test.go @@ -18,6 +18,7 @@ import ( "github.com/argoproj/gitops-engine/pkg/cache" "github.com/argoproj/gitops-engine/pkg/cache/mocks" "github.com/argoproj/gitops-engine/pkg/health" + "github.com/argoproj/gitops-engine/pkg/utils/kube" "github.com/stretchr/testify/mock" "k8s.io/client-go/kubernetes/fake" @@ -319,6 +320,216 @@ func Test_asResourceNode_owner_refs(t *testing.T) { assert.Equal(t, expected, resNode) } +func Test_getAppRecursive(t *testing.T) { + for _, tt := range []struct { + name string + r *cache.Resource + ns map[kube.ResourceKey]*cache.Resource + wantName string + wantOK assert.BoolAssertionFunc + }{ + { + name: "ok: cm1->app1", + r: &cache.Resource{ + Ref: v1.ObjectReference{ + Name: "cm1", + }, + OwnerRefs: []metav1.OwnerReference{ + {Name: "app1"}, + }, + }, + ns: map[kube.ResourceKey]*cache.Resource{ + kube.NewResourceKey("", "", "", "app1"): { + Info: &ResourceInfo{ + AppName: "app1", + }, + }, + }, + wantName: "app1", + wantOK: assert.True, + }, + { + name: "ok: cm1->cm2->app1", + r: &cache.Resource{ + Ref: v1.ObjectReference{ + Name: "cm1", + }, + OwnerRefs: []metav1.OwnerReference{ + {Name: "cm2"}, + }, + }, + ns: map[kube.ResourceKey]*cache.Resource{ + kube.NewResourceKey("", "", "", "cm2"): { + Ref: v1.ObjectReference{ + Name: "cm2", + }, + OwnerRefs: []metav1.OwnerReference{ + {Name: "app1"}, + }, + }, + kube.NewResourceKey("", "", "", "app1"): { + Info: &ResourceInfo{ + AppName: "app1", + }, + }, + }, + wantName: "app1", + wantOK: assert.True, + }, + { + name: "cm1->cm2->app1 & cm1->cm3->app1", + r: &cache.Resource{ + Ref: v1.ObjectReference{ + Name: "cm1", + }, + OwnerRefs: []metav1.OwnerReference{ + {Name: "cm2"}, + {Name: "cm3"}, + }, + }, + ns: map[kube.ResourceKey]*cache.Resource{ + kube.NewResourceKey("", "", "", "cm2"): { + Ref: v1.ObjectReference{ + Name: "cm2", + }, + OwnerRefs: []metav1.OwnerReference{ + {Name: "app1"}, + }, + }, + kube.NewResourceKey("", "", "", "cm3"): { + Ref: v1.ObjectReference{ + Name: "cm3", + }, + OwnerRefs: []metav1.OwnerReference{ + {Name: "app1"}, + }, + }, + kube.NewResourceKey("", "", "", "app1"): { + Info: &ResourceInfo{ + AppName: "app1", + }, + }, + }, + wantName: "app1", + wantOK: assert.True, + }, + { + // Nothing cycle. + // Issue #11699, fixed #12667. + name: "ok: cm1->cm2 & cm1->cm3->cm2 & cm1->cm3->app1", + r: &cache.Resource{ + Ref: v1.ObjectReference{ + Name: "cm1", + }, + OwnerRefs: []metav1.OwnerReference{ + {Name: "cm2"}, + {Name: "cm3"}, + }, + }, + ns: map[kube.ResourceKey]*cache.Resource{ + kube.NewResourceKey("", "", "", "cm2"): { + Ref: v1.ObjectReference{ + Name: "cm2", + }, + }, + kube.NewResourceKey("", "", "", "cm3"): { + Ref: v1.ObjectReference{ + Name: "cm3", + }, + OwnerRefs: []metav1.OwnerReference{ + {Name: "cm2"}, + {Name: "app1"}, + }, + }, + kube.NewResourceKey("", "", "", "app1"): { + Info: &ResourceInfo{ + AppName: "app1", + }, + }, + }, + wantName: "app1", + wantOK: assert.True, + }, + { + name: "cycle: cm1<->cm2", + r: &cache.Resource{ + Ref: v1.ObjectReference{ + Name: "cm1", + }, + OwnerRefs: []metav1.OwnerReference{ + {Name: "cm2"}, + }, + }, + ns: map[kube.ResourceKey]*cache.Resource{ + kube.NewResourceKey("", "", "", "cm1"): { + Ref: v1.ObjectReference{ + Name: "cm1", + }, + OwnerRefs: []metav1.OwnerReference{ + {Name: "cm2"}, + }, + }, + kube.NewResourceKey("", "", "", "cm2"): { + Ref: v1.ObjectReference{ + Name: "cm2", + }, + OwnerRefs: []metav1.OwnerReference{ + {Name: "cm1"}, + }, + }, + }, + wantName: "", + wantOK: assert.False, + }, + { + name: "cycle: cm1->cm2->cm3->cm1", + r: &cache.Resource{ + Ref: v1.ObjectReference{ + Name: "cm1", + }, + OwnerRefs: []metav1.OwnerReference{ + {Name: "cm2"}, + }, + }, + ns: map[kube.ResourceKey]*cache.Resource{ + kube.NewResourceKey("", "", "", "cm1"): { + Ref: v1.ObjectReference{ + Name: "cm1", + }, + OwnerRefs: []metav1.OwnerReference{ + {Name: "cm2"}, + }, + }, + kube.NewResourceKey("", "", "", "cm2"): { + Ref: v1.ObjectReference{ + Name: "cm2", + }, + OwnerRefs: []metav1.OwnerReference{ + {Name: "cm3"}, + }, + }, + kube.NewResourceKey("", "", "", "cm3"): { + Ref: v1.ObjectReference{ + Name: "cm3", + }, + OwnerRefs: []metav1.OwnerReference{ + {Name: "cm1"}, + }, + }, + }, + wantName: "", + wantOK: assert.False, + }, + } { + t.Run(tt.name, func(t *testing.T) { + visited := map[kube.ResourceKey]bool{} + got, ok := getAppRecursive(tt.r, tt.ns, visited) + assert.Equal(t, tt.wantName, got) + tt.wantOK(t, ok) + }) + } +} + func TestSkipResourceUpdate(t *testing.T) { var ( hash1_x string = "x" diff --git a/controller/metrics/metrics.go b/controller/metrics/metrics.go index b195c3bff8870..94405b51eac75 100644 --- a/controller/metrics/metrics.go +++ b/controller/metrics/metrics.go @@ -113,7 +113,7 @@ var ( reconcileHistogram = prometheus.NewHistogramVec( prometheus.HistogramOpts{ Name: "argocd_app_reconcile", - Help: "Application reconciliation performance in seconds.", + Help: "Application reconciliation performance.", // Buckets chosen after observing a ~2100ms mean reconcile time Buckets: []float64{0.25, .5, 1, 2, 4, 8, 16}, }, diff --git a/controller/metrics/metrics_test.go b/controller/metrics/metrics_test.go index 81e724e9274f3..23628c38347a5 100644 --- a/controller/metrics/metrics_test.go +++ b/controller/metrics/metrics_test.go @@ -374,7 +374,7 @@ func assertMetricsPrinted(t *testing.T, expectedLines, body string) { } } -// assertMetricsNotPrinted +// assertMetricNotPrinted func assertMetricsNotPrinted(t *testing.T, expectedLines, body string) { for _, line := range strings.Split(expectedLines, "\n") { if line == "" { @@ -391,7 +391,7 @@ func TestReconcileMetrics(t *testing.T) { assert.NoError(t, err) appReconcileMetrics := ` -# HELP argocd_app_reconcile Application reconciliation performance in seconds. +# HELP argocd_app_reconcile Application reconciliation performance. # TYPE argocd_app_reconcile histogram argocd_app_reconcile_bucket{dest_server="https://localhost:6443",namespace="argocd",le="0.25"} 0 argocd_app_reconcile_bucket{dest_server="https://localhost:6443",namespace="argocd",le="0.5"} 0 diff --git a/docs/assets/argocd_architecture.png b/docs/assets/argocd_architecture.png index 84fe437a9ace9..3de4dd9f93d4e 100644 Binary files a/docs/assets/argocd_architecture.png and b/docs/assets/argocd_architecture.png differ diff --git a/docs/faq.md b/docs/faq.md index 83bdf8d7d38b5..5ce6ca134ff1b 100644 --- a/docs/faq.md +++ b/docs/faq.md @@ -268,3 +268,45 @@ The most common instance of this error is with `env:` fields for `containers`. !!! note "Dynamic applications" It's possible that your application is being generated by a tool in which case the duplication might not be evident within the scope of a single file. If you have trouble debugging this problem, consider filing a ticket to the owner of the generator tool asking them to improve its validation and error reporting. + +## How to rotate Redis secret? +* Delete `argocd-redis` secret in the namespace where Argo CD is installed. +```bash +kubectl delete secret argocd-redis -n +``` +* If you are running Redis in HA mode, restart Redis in HA. +```bash +kubectl rollout restart deployment argocd-redis-ha-haproxy +kubectl rollout restart statefulset argocd-redis-ha-server +``` +* If you are running Redis in non-HA mode, restart Redis. +```bash +kubectl rollout restart deployment argocd-redis +``` +* Restart other components. +```bash +kubectl rollout restart deployment argocd-server argocd-repo-server +kubectl rollout restart statefulset argocd-application-controller +``` + +## How to turn off Redis auth if users really want to? + +Argo CD default installation is now configured automatically enable Redis authentication. +If for some reason authenticated Redis does not work for you and you want to use non-authenticated Redis, here are the steps: + +* You need to have your own Redis installation. +* Configure Argo CD to use your own Redis instance. See this [doc](https://argo-cd.readthedocs.io/en/stable/operator-manual/argocd-cmd-params-cm-yaml/) for the Argo CD configuration. +* If you already installed Redis shipped with Argo CD, you also need to clean up the existing components: + * When HA Redis is used: + * kubectl delete deployment argocd-redis-ha-haproxy + * kubectl delete statefulset argocd-redis-ha-server + * When non-HA Redis is used: + * kubectl delete deployment argocd-redis +* Remove environment variable `REDIS_PASSWORD` from the following manifests + * Deployment: argocd-repo-server: + * Deployment: argocd-server + * StatefulSet: argocd-application-controller + +## How do I provide my own Redis credentials? +The Redis password is stored in Kubernetes secret `argocd-redis` with key `auth` in the namespace where Argo CD is installed. +You can config your secret provider to generate Kubernetes secret accordingly. \ No newline at end of file diff --git a/docs/getting_started.md b/docs/getting_started.md index 2058464265d14..4afe4add47267 100644 --- a/docs/getting_started.md +++ b/docs/getting_started.md @@ -40,6 +40,9 @@ Do one of: Use `argocd login --core` to [configure](./user-guide/commands/argocd_login.md) CLI access and skip steps 3-5. +!!! note + This default installation for Redis is using password authentication. The Redis password is stored in Kubernetes secret `argocd-redis` with key `auth` in the namespace where Argo CD is installed. + ## 2. Download Argo CD CLI Download the latest Argo CD version from [https://github.com/argoproj/argo-cd/releases/latest](https://github.com/argoproj/argo-cd/releases/latest). More detailed installation instructions can be found via the [CLI installation documentation](cli_installation.md). @@ -214,12 +217,6 @@ events, and assessed health status. ### Syncing via UI -On the Applications page, click on *Sync* button of the guestbook application: - ![guestbook app](assets/guestbook-app.png) - -A panel will be opened and then, click on *Synchronize* button. - -You can see more details by clicking at the guestbook application: - ![view app](assets/guestbook-tree.png) + diff --git a/docs/operator-manual/applicationset/Controlling-Resource-Modification.md b/docs/operator-manual/applicationset/Controlling-Resource-Modification.md index ae65fa3462e5b..d72cee60ad401 100644 --- a/docs/operator-manual/applicationset/Controlling-Resource-Modification.md +++ b/docs/operator-manual/applicationset/Controlling-Resource-Modification.md @@ -32,19 +32,16 @@ spec: ``` -- Policy `create-only`: Prevents ApplicationSet controller from modifying or deleting Applications. **WARNING**: It doesn't prevent Application controller from deleting Applications according to [ownerReferences](https://kubernetes.io/docs/concepts/overview/working-with-objects/owners-dependents/) when deleting ApplicationSet. -- Policy `create-update`: Prevents ApplicationSet controller from deleting Applications. Update is allowed. **WARNING**: It doesn't prevent Application controller from deleting Applications according to [ownerReferences](https://kubernetes.io/docs/concepts/overview/working-with-objects/owners-dependents/) when deleting ApplicationSet. +- Policy `create-only`: Prevents ApplicationSet controller from modifying or deleting Applications. Prevents Application controller from deleting Applications according to [ownerReferences](https://kubernetes.io/docs/concepts/overview/working-with-objects/owners-dependents/). +- Policy `create-update`: Prevents ApplicationSet controller from deleting Applications. Update is allowed. Prevents Application controller from deleting Applications according to [ownerReferences](https://kubernetes.io/docs/concepts/overview/working-with-objects/owners-dependents/). - Policy `create-delete`: Prevents ApplicationSet controller from modifying Applications. Delete is allowed. - Policy `sync`: Update and Delete are allowed. If the controller parameter `--policy` is set, it takes precedence on the field `applicationsSync`. It is possible to allow per ApplicationSet sync policy by setting variable `ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_POLICY_OVERRIDE` to argocd-cmd-params-cm `applicationsetcontroller.enable.policy.override` or directly with controller parameter `--enable-policy-override` (default to `false`). -### Policy - `create-only`: Prevent ApplicationSet controller from modifying and deleting Applications - -To allow the ApplicationSet controller to *create* `Application` resources, but prevent any further modification, such as *deletion*, or modification of Application fields, add this parameter in the ApplicationSet controller: - -**WARNING**: "*deletion*" indicates the case as the result of comparing generated Application between before and after, there are Applications which no longer exist. It doesn't indicate the case Applications are deleted according to ownerReferences to ApplicationSet. See [How to prevent Application controller from deleting Applications when deleting ApplicationSet](#how-to-prevent-application-controller-from-deleting-applications-when-deleting-applicationset) +### Controller parameter +To allow the ApplicationSet controller to *create* `Application` resources, but prevent any further modification, such as deletion, or modification of Application fields, add this parameter in the ApplicationSet controller: ``` --policy create-only ``` @@ -60,12 +57,9 @@ spec: applicationsSync: create-only ``` -### Policy - `create-update`: Prevent ApplicationSet controller from deleting Applications +## Policy - `create-update`: Prevent ApplicationSet controller from deleting Applications To allow the ApplicationSet controller to create or modify `Application` resources, but prevent Applications from being deleted, add the following parameter to the ApplicationSet controller `Deployment`: - -**WARNING**: "*deletion*" indicates the case as the result of comparing generated Application between before and after, there are Applications which no longer exist. It doesn't indicate the case Applications are deleted according to ownerReferences to ApplicationSet. See [How to prevent Application controller from deleting Applications when deleting ApplicationSet](#how-to-prevent-application-controller-from-deleting-applications-when-deleting-applicationset) - ``` --policy create-update ``` @@ -83,22 +77,6 @@ spec: applicationsSync: create-update ``` -### How to prevent Application controller from deleting Applications when deleting ApplicationSet - -By default, `create-only` and `create-update` policy isn't effective against preventing deletion of Applications when deleting ApplicationSet. -You must set the finalizer to ApplicationSet to prevent deletion in such case, and use background cascading deletion. -If you use foreground cascading deletion, there's no guarantee to preserve applications. - -```yaml -apiVersion: argoproj.io/v1alpha1 -kind: ApplicationSet -metadata: - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - # (...) -``` - ## Ignore certain changes to Applications The ApplicationSet spec includes an `ignoreApplicationDifferences` field, which allows you to specify which fields of diff --git a/docs/operator-manual/applicationset/Generators-Cluster.md b/docs/operator-manual/applicationset/Generators-Cluster.md index 3cdc5a3dade62..aa18983fe3d54 100644 --- a/docs/operator-manual/applicationset/Generators-Cluster.md +++ b/docs/operator-manual/applicationset/Generators-Cluster.md @@ -75,7 +75,7 @@ spec: - clusters: selector: matchLabels: - staging: "true" + staging: true # The cluster generator also supports matchExpressions. #matchExpressions: # - key: staging diff --git a/docs/operator-manual/applicationset/Generators-List.md b/docs/operator-manual/applicationset/Generators-List.md index cd9b4301bf50e..e5696f37b9745 100644 --- a/docs/operator-manual/applicationset/Generators-List.md +++ b/docs/operator-manual/applicationset/Generators-List.md @@ -61,7 +61,7 @@ The List generator can also dynamically generate its elements based on a yaml/js apiVersion: argoproj.io/v1alpha1 kind: ApplicationSet metadata: - name: elements-yaml + name: elementsYaml namespace: argocd spec: goTemplate: true diff --git a/docs/operator-manual/applicationset/Generators-Plugin.md b/docs/operator-manual/applicationset/Generators-Plugin.md index 13e7bcdb01f36..d0888b9949b8e 100644 --- a/docs/operator-manual/applicationset/Generators-Plugin.md +++ b/docs/operator-manual/applicationset/Generators-Plugin.md @@ -77,12 +77,10 @@ metadata: data: token: "$plugin.myplugin.token" # Alternatively $:plugin.myplugin.token baseUrl: "http://myplugin.plugin-ns.svc.cluster.local." - requestTimeout: "60" ``` - `token`: Pre-shared token used to authenticate HTTP request (points to the right key you created in the `argocd-secret` Secret) - `baseUrl`: BaseUrl of the k8s service exposing your plugin in the cluster. -- `requestTimeout`: Timeout of the request to the plugin in seconds (default: 30) ### Store credentials diff --git a/docs/operator-manual/deep_links.md b/docs/operator-manual/deep_links.md index 6a5ab8ba56772..c166a1d25d75d 100644 --- a/docs/operator-manual/deep_links.md +++ b/docs/operator-manual/deep_links.md @@ -75,9 +75,4 @@ An example `argocd-cm.yaml` file with deep links and their variations : - url: https://mycompany.splunk.com?search={{.resource.metadata.name}}&env={{.project.metadata.labels.env}} title: Splunk if: resource.kind == "Pod" || resource.kind == "Deployment" - - # sample checking a tag exists that contains - or / and how to alternatively access it - - url: https://mycompany.splunk.com?tag={{ index .resource.metadata.labels "some.specific.kubernetes.like/tag" }} - title: Tag Service - if: resource.metadata.labels["some.specific.kubernetes.like/tag"] != nil && resource.metadata.labels["some.specific.kubernetes.like/tag"] != "" ``` diff --git a/docs/operator-manual/health.md b/docs/operator-manual/health.md index e958d1a7634ac..8566d6460e6db 100644 --- a/docs/operator-manual/health.md +++ b/docs/operator-manual/health.md @@ -174,31 +174,6 @@ The [PR#1139](https://github.com/argoproj/argo-cd/pull/1139) is an example of Ce Please note that bundled health checks with wildcards are not supported. -## Overriding Go-Based Health Checks - -Health checks for some resources were [hardcoded as Go code](https://github.com/argoproj/gitops-engine/tree/master/pkg/health) -because Lua support was introduced later. Also, the logic of health checks for some resources were too complex, so it -was easier to implement it in Go. - -It is possible to override health checks for built-in resource. Argo will prefer the configured health check over the -Go-based built-in check. - -The following resources have Go-based health checks: - -* PersistentVolumeClaim -* Pod -* Service -* apiregistration.k8s.io/APIService -* apps/DaemonSet -* apps/Deployment -* apps/ReplicaSet -* apps/StatefulSet -* argoproj.io/Workflow -* autoscaling/HorizontalPodAutoscaler -* batch/Job -* extensions/Ingress -* networking.k8s.io/Ingress - ## Health Checks An Argo CD App's health is inferred from the health of its immediate child resources (the resources represented in diff --git a/docs/operator-manual/high_availability.md b/docs/operator-manual/high_availability.md index 75160aba197b4..fd00a5dfe2f3d 100644 --- a/docs/operator-manual/high_availability.md +++ b/docs/operator-manual/high_availability.md @@ -126,7 +126,7 @@ stringData: **metrics** -* `argocd_app_reconcile` - reports application reconciliation duration in seconds. Can be used to build reconciliation duration heat map to get a high-level reconciliation performance picture. +* `argocd_app_reconcile` - reports application reconciliation duration. Can be used to build reconciliation duration heat map to get a high-level reconciliation performance picture. * `argocd_app_k8s_request_total` - number of k8s requests per application. The number of fallback Kubernetes API queries - useful to identify which application has a resource with non-preferred version and causes performance issues. @@ -187,8 +187,6 @@ The `argocd.argoproj.io/manifest-generate-paths` annotation contains a semicolon Installations that use a different repository for each application are **not** subject to this behavior and will likely get no benefit from using these annotations. -Similarly, applications referencing an external Helm values file will not get the benefits of this feature when an unrelated change happens in the external source. - For webhooks, the comparison is done using the files specified in the webhook event payload instead. !!! note @@ -248,25 +246,6 @@ spec: # ... ``` -* **Glob paths** The annotation might contain a glob pattern path, which can be any pattern supported by the [Go filepath Match function](https://pkg.go.dev/path/filepath#Match): - -```yaml -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: guestbook - namespace: argocd - annotations: - # resolves to any file matching the pattern of *-secret.yaml in the top level shared folder - argocd.argoproj.io/manifest-generate-paths: "/shared/*-secret.yaml" -spec: - source: - repoURL: https://github.com/argoproj/argocd-example-apps.git - targetRevision: HEAD - path: guestbook -# ... -``` - ### Application Sync Timeout & Jitter Argo CD has a timeout for application syncs. It will trigger a refresh for each application periodically when the timeout expires. diff --git a/docs/operator-manual/ingress.md b/docs/operator-manual/ingress.md index 584779c5271d0..aad2208c21873 100644 --- a/docs/operator-manual/ingress.md +++ b/docs/operator-manual/ingress.md @@ -350,7 +350,7 @@ the API server -- one for gRPC and the other for HTTP/HTTPS. However it allows T happen at the ingress controller. -## [Traefik (v3.0)](https://docs.traefik.io/) +## [Traefik (v2.2)](https://docs.traefik.io/) Traefik can be used as an edge router and provide [TLS](https://docs.traefik.io/user-guides/grpc/) termination within the same deployment. @@ -360,7 +360,7 @@ The API server should be run with TLS disabled. Edit the `argocd-server` deploym ### IngressRoute CRD ```yaml -apiVersion: traefik.io/v1alpha1 +apiVersion: traefik.containo.us/v1alpha1 kind: IngressRoute metadata: name: argocd-server @@ -376,7 +376,7 @@ spec: - name: argocd-server port: 80 - kind: Rule - match: Host(`argocd.example.com`) && Header(`Content-Type`, `application/grpc`) + match: Host(`argocd.example.com`) && Headers(`Content-Type`, `application/grpc`) priority: 11 services: - name: argocd-server diff --git a/docs/operator-manual/metrics.md b/docs/operator-manual/metrics.md index 5aebb9245c0ae..a3ddbfe9904d3 100644 --- a/docs/operator-manual/metrics.md +++ b/docs/operator-manual/metrics.md @@ -10,7 +10,7 @@ Metrics about applications. Scraped at the `argocd-metrics:8082/metrics` endpoin | `argocd_app_info` | gauge | Information about Applications. It contains labels such as `sync_status` and `health_status` that reflect the application state in Argo CD. | | `argocd_app_k8s_request_total` | counter | Number of Kubernetes requests executed during application reconciliation | | `argocd_app_labels` | gauge | Argo Application labels converted to Prometheus labels. Disabled by default. See section below about how to enable it. | -| `argocd_app_reconcile` | histogram | Application reconciliation performance in seconds. | +| `argocd_app_reconcile` | histogram | Application reconciliation performance. | | `argocd_app_sync_total` | counter | Counter for application sync history | | `argocd_cluster_api_resource_objects` | gauge | Number of k8s resource objects in the cache. | | `argocd_cluster_api_resources` | gauge | Number of monitored Kubernetes API resources. | diff --git a/docs/operator-manual/notifications/grafana-dashboard.json b/docs/operator-manual/notifications/grafana-dashboard.json index 19af42cf39d06..5d04f9116aa16 100644 --- a/docs/operator-manual/notifications/grafana-dashboard.json +++ b/docs/operator-manual/notifications/grafana-dashboard.json @@ -60,7 +60,7 @@ "steppedLine": false, "targets": [ { - "expr": "sum(increase(argocd_notifications_trigger_eval_total[$interval])) by (name)", + "expr": "sum(increase(argocd_notifications_trigger_eval_total[$interval])) by (notifier)", "refId": "A" } ], @@ -146,7 +146,7 @@ "steppedLine": false, "targets": [ { - "expr": "sum(increase(argocd_notifications_deliveries_total[$interval])) by (service)", + "expr": "sum(increase(argocd_notifications_deliveries_total[$interval])) by (notifier)", "refId": "A" } ], diff --git a/docs/operator-manual/notifications/monitoring.md b/docs/operator-manual/notifications/monitoring.md index 3d8b4c41ea34d..a0aabbaae1f09 100644 --- a/docs/operator-manual/notifications/monitoring.md +++ b/docs/operator-manual/notifications/monitoring.md @@ -13,8 +13,8 @@ The following metrics are available: Number of delivered notifications. Labels: -* `trigger` - trigger name -* `service` - notification service name +* `template` - notification template name +* `notifier` - notification service name * `succeeded` - flag that indicates if notification was successfully sent or failed ### `argocd_notifications_trigger_eval_total` diff --git a/docs/operator-manual/rbac.md b/docs/operator-manual/rbac.md index 6341482a69cf4..b1d386fb5eb8e 100644 --- a/docs/operator-manual/rbac.md +++ b/docs/operator-manual/rbac.md @@ -211,40 +211,6 @@ data: For more information on `scopes` please review the [User Management Documentation](user-management/index.md). -## Local Users/Accounts - -[Local users](user-management/index.md#local-usersaccounts) are assigned access by either grouping them with a role or by assigning policies directly -to them. - -The example below shows how to assign a policy directly to a local user. - -```yaml -p, my-local-user, applications, sync, my-project/*, allow -``` - -This example shows how to assign a role to a local user. - -```yaml -g, my-local-user, role:admin -``` - -!!!warning "Ambiguous Group Assignments" - If you have [enabled SSO](user-management/index.md#sso), any SSO user with a scope that matches a local user will be - added to the same roles as the local user. For example, if local user `sally` is assigned to `role:admin`, and if an - SSO user has a scope which happens to be named `sally`, that SSO user will also be assigned to `role:admin`. - - An example of where this may be a problem is if your SSO provider is an SCM, and org members are automatically - granted scopes named after the orgs. If a user can create or add themselves to an org in the SCM, they can gain the - permissions of the local user with the same name. - - To avoid ambiguity, if you are using local users and SSO, it is recommended to assign permissions directly to local - users, and not to assign roles to local users. In other words, instead of using `g, my-local-user, role:admin`, you - should explicitly assign permissions to `my-local-user`: - - ```yaml - p, my-local-user, *, *, *, allow - ``` - ## Policy CSV Composition It is possible to provide additional entries in the `argocd-rbac-cm` diff --git a/docs/operator-manual/secret-management.md b/docs/operator-manual/secret-management.md index cb3199bd98c1d..aa224e20ff742 100644 --- a/docs/operator-manual/secret-management.md +++ b/docs/operator-manual/secret-management.md @@ -19,7 +19,6 @@ Here are some ways people are doing GitOps secrets: * [argocd-vault-replacer](https://github.com/crumbhole/argocd-vault-replacer) * [Kubernetes Secrets Store CSI Driver](https://github.com/kubernetes-sigs/secrets-store-csi-driver) * [Vals-Operator](https://github.com/digitalis-io/vals-operator) -* [argocd-secret-replacer](https://github.com/mmalyska/argocd-secret-replacer) For discussion, see [#1364](https://github.com/argoproj/argo-cd/issues/1364) diff --git a/docs/operator-manual/server-commands/argocd-repo-server.md b/docs/operator-manual/server-commands/argocd-repo-server.md index 189adbbc3370b..0f824f494f2af 100644 --- a/docs/operator-manual/server-commands/argocd-repo-server.md +++ b/docs/operator-manual/server-commands/argocd-repo-server.md @@ -50,7 +50,7 @@ argocd-repo-server [flags] --sentinelmaster string Redis sentinel master group name. (default "master") --streamed-manifest-max-extracted-size string Maximum size of streamed manifest archives when extracted (default "1G") --streamed-manifest-max-tar-size string Maximum size of streamed manifest archives (default "100M") - --tlsciphers string The list of acceptable ciphers to be used when establishing TLS connections. Use 'list' to list available ciphers. (default "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384") + --tlsciphers string The list of acceptable ciphers to be used when establishing TLS connections. Use 'list' to list available ciphers. (default "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_RSA_WITH_AES_256_GCM_SHA384") --tlsmaxversion string The maximum SSL/TLS version that is acceptable (one of: 1.0|1.1|1.2|1.3) (default "1.3") --tlsminversion string The minimum SSL/TLS version that is acceptable (one of: 1.0|1.1|1.2|1.3) (default "1.2") ``` diff --git a/docs/operator-manual/server-commands/argocd-server.md b/docs/operator-manual/server-commands/argocd-server.md index 5b3fd72ebff00..659a19de3d3e1 100644 --- a/docs/operator-manual/server-commands/argocd-server.md +++ b/docs/operator-manual/server-commands/argocd-server.md @@ -100,7 +100,7 @@ argocd-server [flags] --server string The address and port of the Kubernetes API server --staticassets string Directory path that contains additional static assets (default "/shared/app") --tls-server-name string If provided, this name will be used to validate server certificate. If this is not provided, hostname used to contact the server is used. - --tlsciphers string The list of acceptable ciphers to be used when establishing TLS connections. Use 'list' to list available ciphers. (default "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384") + --tlsciphers string The list of acceptable ciphers to be used when establishing TLS connections. Use 'list' to list available ciphers. (default "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_RSA_WITH_AES_256_GCM_SHA384") --tlsmaxversion string The maximum SSL/TLS version that is acceptable (one of: 1.0|1.1|1.2|1.3) (default "1.3") --tlsminversion string The minimum SSL/TLS version that is acceptable (one of: 1.0|1.1|1.2|1.3) (default "1.2") --token string Bearer token for authentication to the API server diff --git a/docs/operator-manual/tested-kubernetes-versions.md b/docs/operator-manual/tested-kubernetes-versions.md index 897620296a515..a395be421e5fe 100644 --- a/docs/operator-manual/tested-kubernetes-versions.md +++ b/docs/operator-manual/tested-kubernetes-versions.md @@ -1,6 +1,5 @@ | Argo CD version | Kubernetes versions | |-----------------|---------------------| -| 2.7 | v1.26, v1.25, v1.24, v1.23 | -| 2.6 | v1.24, v1.23, v1.22 | -| 2.5 | v1.24, v1.23, v1.22 | - +| 2.11 | v1.29, v1.28, v1.27, v1.26, v1.25 | +| 2.10 | v1.28, v1.27, v1.26, v1.25 | +| 2.9 | v1.28, v1.27, v1.26, v1.25 | diff --git a/docs/operator-manual/upgrading/2.10-2.11.md b/docs/operator-manual/upgrading/2.10-2.11.md index 4cf5c8ed02b0b..ea06a89e6d7d7 100644 --- a/docs/operator-manual/upgrading/2.10-2.11.md +++ b/docs/operator-manual/upgrading/2.10-2.11.md @@ -2,4 +2,57 @@ ## initiatedBy added in Application CRD -In order to address [argoproj/argo-cd#16612](https://github.com/argoproj/argo-cd/issues/16612), initiatedBy has been added in the Application CRD. \ No newline at end of file +In order to address [argoproj/argo-cd#16612](https://github.com/argoproj/argo-cd/issues/16612), initiatedBy has been added in the Application CRD. + +## Egress NetworkPolicy for `argocd-redis` and `argocd-redis-ha-haproxy` + +Starting with Argo CD 2.11.2, the NetworkPolicy for the `argocd-redis` and `argocd-redis-ha-haproxy` dropped Egress restrictions. This change was made +to allow access to the Kubernetes API to create a secret to secure Redis access. + +To retain similar networking restrictions as before 2.11.2, you can add an Egress rule to allow access only to the +Kubernetes API and access needed by Redis itself. The Egress rule for Kubernetes access will depend entirely on your +Kubernetes setup. The access for Redis itself can be allowed by adding the following to the +`argocd-redis-network-policy` NetworkPolicy: + +```diff +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: argocd-redis-network-policy +spec: + policyTypes: + - Ingress ++ - Egress ++ egress: ++ - ports: ++ - port: 53 ++ protocol: UDP ++ - port: 53 ++ protocol: TCP +``` + +```diff +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: argocd-redis-ha-haproxy +spec: + policyTypes: + - Ingress ++ - Egress ++ egress: ++ - ports: ++ - port: 6379 ++ protocol: TCP ++ - port: 26379 ++ protocol: TCP ++ to: ++ - podSelector: ++ matchLabels: ++ app.kubernetes.io/name: argocd-redis-ha ++ - ports: ++ - port: 53 ++ protocol: UDP ++ - port: 53 ++ protocol: TCP +``` \ No newline at end of file diff --git a/docs/operator-manual/upgrading/2.11-2.12.md b/docs/operator-manual/upgrading/2.11-2.12.md deleted file mode 100644 index b85d17cade71e..0000000000000 --- a/docs/operator-manual/upgrading/2.11-2.12.md +++ /dev/null @@ -1,30 +0,0 @@ -# v2.11 to 2.12 - -## Server-Side Apply Management of ApplicationSet Fields - -### Summary - -If you are using server-side apply with multiple field managers to manage a single `selector` or `labelSelector` field -in an ApplicationSet, that field management must be changed to be atomic starting with 2.12. - -### Details - -Argo CD 2.12 upgraded its controller-gen version from 0.4.1 to 0.14.0. As part of that change, several ApplicationSet -CRD fields now have `x-kubernetes-map-type: atomic`. - -Each of the affected fields is a label selector with two child keys: `matchLabels` and `matchExpressions`. - -Prior to this change, two field managers could manage the `matchLabels` and `matchExpressions` fields independently. -Starting with the 2.12 CRD, a single field manager must manage both of those fields. This behavior is in line with the -upstream behavior of the label selector struct. - -See the [Kubernetes server-side apply merge strategy docs](https://kubernetes.io/docs/reference/using-api/server-side-apply/#merge-strategy) -for more information about the fields' behavior. - -The affected ApplicationSet fields are the following (jq selector syntax): - -* `.spec.generators[].selector` -* `.spec.generators[].cluster.selector` -* `.spec.generators[].clusterDecisionResource.labelSelector` -* `.spec.generators[].matrix.generators[].selector` -* `.spec.generators[].merge.generators[].selector` diff --git a/docs/operator-manual/upgrading/2.8-2.9.md b/docs/operator-manual/upgrading/2.8-2.9.md index ef99e09587814..43b5f80e1e6c9 100644 --- a/docs/operator-manual/upgrading/2.8-2.9.md +++ b/docs/operator-manual/upgrading/2.8-2.9.md @@ -3,3 +3,56 @@ ## Upgraded Kustomize Version Note that bundled Kustomize version has been upgraded from 5.1.0 to 5.2.1. + +## Egress NetworkPolicy for `argocd-redis` and `argocd-redis-ha-haproxy` + +Starting with Argo CD 2.9.16, the NetworkPolicy for the `argocd-redis` and `argocd-redis-ha-haproxy` dropped Egress restrictions. This change was made +to allow access to the Kubernetes API to create a secret to secure Redis access. + +To retain similar networking restrictions as before 2.9.16, you can add an Egress rule to allow access only to the +Kubernetes API and access needed by Redis itself. The Egress rule for Kubernetes access will depend entirely on your +Kubernetes setup. The access for Redis itself can be allowed by adding the following to the +`argocd-redis-network-policy` NetworkPolicy: + +```diff +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: argocd-redis-network-policy +spec: + policyTypes: + - Ingress ++ - Egress ++ egress: ++ - ports: ++ - port: 53 ++ protocol: UDP ++ - port: 53 ++ protocol: TCP +``` + +```diff +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: argocd-redis-ha-haproxy +spec: + policyTypes: + - Ingress ++ - Egress ++ egress: ++ - ports: ++ - port: 6379 ++ protocol: TCP ++ - port: 26379 ++ protocol: TCP ++ to: ++ - podSelector: ++ matchLabels: ++ app.kubernetes.io/name: argocd-redis-ha ++ - ports: ++ - port: 53 ++ protocol: UDP ++ - port: 53 ++ protocol: TCP +``` \ No newline at end of file diff --git a/docs/operator-manual/upgrading/2.9-2.10.md b/docs/operator-manual/upgrading/2.9-2.10.md index 7fddc75ab7e86..7803ce84df237 100644 --- a/docs/operator-manual/upgrading/2.9-2.10.md +++ b/docs/operator-manual/upgrading/2.9-2.10.md @@ -14,3 +14,56 @@ before enabling `managedNamespaceMetadata` on an existing namespace. ## Upgraded Helm Version Note that bundled Helm version has been upgraded from 3.13.2 to 3.14.3. + +## Egress NetworkPolicy for `argocd-redis` and `argocd-redis-ha-haproxy` + +Starting with Argo CD 2.10.11, the NetworkPolicy for the `argocd-redis` and `argocd-redis-ha-haproxy` dropped Egress restrictions. This change was made +to allow access to the Kubernetes API to create a secret to secure Redis access. + +To retain similar networking restrictions as before 2.10.11, you can add an Egress rule to allow access only to the +Kubernetes API and access needed by Redis itself. The Egress rule for Kubernetes access will depend entirely on your +Kubernetes setup. The access for Redis itself can be allowed by adding the following to the +`argocd-redis-network-policy` NetworkPolicy: + +```diff +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: argocd-redis-network-policy +spec: + policyTypes: + - Ingress ++ - Egress ++ egress: ++ - ports: ++ - port: 53 ++ protocol: UDP ++ - port: 53 ++ protocol: TCP +``` + +```diff +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: argocd-redis-ha-haproxy +spec: + policyTypes: + - Ingress ++ - Egress ++ egress: ++ - ports: ++ - port: 6379 ++ protocol: TCP ++ - port: 26379 ++ protocol: TCP ++ to: ++ - podSelector: ++ matchLabels: ++ app.kubernetes.io/name: argocd-redis-ha ++ - ports: ++ - port: 53 ++ protocol: UDP ++ - port: 53 ++ protocol: TCP +``` \ No newline at end of file diff --git a/docs/operator-manual/upgrading/overview.md b/docs/operator-manual/upgrading/overview.md index b4f1c397b62fb..6990fb05e2463 100644 --- a/docs/operator-manual/upgrading/overview.md +++ b/docs/operator-manual/upgrading/overview.md @@ -5,7 +5,7 @@ This section contains information on upgrading Argo CD. Before upgrading please make sure to read details about the breaking changes between Argo CD versions. -Argo CD uses semver-like versioning that ensures the following rules: +Argo CD uses the semver versioning and ensures that following rules: * The patch release does not introduce any breaking changes. So if you are upgrading from v1.5.1 to v1.5.3 there should be no special instructions to follow. @@ -37,7 +37,6 @@ kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/ -* [v2.11 to v2.12](./2.11-2.12.md) * [v2.10 to v2.11](./2.10-2.11.md) * [v2.9 to v2.10](./2.9-2.10.md) * [v2.8 to v2.9](./2.8-2.9.md) diff --git a/docs/proposals/images/current-summary-tab.png b/docs/proposals/images/current-summary-tab.png deleted file mode 100644 index b9934ea592f36..0000000000000 Binary files a/docs/proposals/images/current-summary-tab.png and /dev/null differ diff --git a/docs/proposals/images/helm-parameter-list.png b/docs/proposals/images/helm-parameter-list.png deleted file mode 100644 index 043527efbc156..0000000000000 Binary files a/docs/proposals/images/helm-parameter-list.png and /dev/null differ diff --git a/docs/proposals/images/history-and-rollback-button.png b/docs/proposals/images/history-and-rollback-button.png deleted file mode 100644 index bea82323a1e4d..0000000000000 Binary files a/docs/proposals/images/history-and-rollback-button.png and /dev/null differ diff --git a/docs/proposals/images/history-rollback-contents.png b/docs/proposals/images/history-rollback-contents.png deleted file mode 100644 index 3070a8e19d627..0000000000000 Binary files a/docs/proposals/images/history-rollback-contents.png and /dev/null differ diff --git a/docs/proposals/images/new-sources-tab.png b/docs/proposals/images/new-sources-tab.png deleted file mode 100644 index 9bfb78c56b513..0000000000000 Binary files a/docs/proposals/images/new-sources-tab.png and /dev/null differ diff --git a/docs/proposals/multiple-sources-for-applications-ui.md b/docs/proposals/multiple-sources-for-applications-ui.md deleted file mode 100644 index 09b868db0d5ef..0000000000000 --- a/docs/proposals/multiple-sources-for-applications-ui.md +++ /dev/null @@ -1,226 +0,0 @@ ---- -title: Proposal for support multi-source apps in the UI -authors: - - "@keithchong" -sponsors: - - TBD -reviewers: - - "@alexmt" - - "@crenshaw-dev" - - "@ishitasequeira" - - "@jannfis" - - "@rbreeze" -approvers: - - "@jannfis" - - "@alexmt" - - "@crenshaw-dev" - -creation-date: 2024-02-06 -last-updated: 2024-02-06 ---- - -# UI Support for Multiple Sources in Applications - -This is the proposal for the UI changes to support multiple sources for an Application. - -Related Issues: -* [Proposal: Support multiple sources for an application](https://github.com/argoproj/argo-cd/blob/master/docs/proposals/multiple-sources-for-applications.md) -* [Issue for the Proposal: Support multiple sources for an application](https://github.com/argoproj/argo-cd/issues/677) - -## Summary - -This is a follow-on proposal to supporting Multiple Sources for Applications, but for the UI. - -The above [original](https://github.com/argoproj/argo-cd/blob/master/docs/proposals/multiple-sources-for-applications.md#changes-to-ui) ‘core’ proposal deferred -any design changes for the UI to a separate feature or secondary proposal. The proposal implementation that was made in [PR 10432](https://github.com/argoproj/argo-cd/pull/10432) -enabled the UI to tolerate multi-source applications with the new Sources field, while still supporting the original Source field. - -Here are the current restrictions and limitations of the UI when applications with multiple sources are used: - -1. The application’s details page (for [example](https://cd.apps.argoproj.io/applications/argocd/guestbook?view=tree&node=argoproj.io%2FApplication%2Fargocd%2Fguestbook%2F0&resource=)) -currently shows one ApplicationSource, regardless of whether the application has one source or multiple sources. With the PR 10432 implementation, if the application has multiple sources, -the UI displays only the first of the sources. Also, in particular, in the Summary tab, the source parameters are non-editable. - -2. History and Rollback is disabled for multi-source applications. The button is disabled. Jorge has submitted a PR for -rollback which includes [controller and UI changes](https://github.com/argoproj/argo-cd/pull/14124). - - - -3. The New Application dialog currently only allows users to provide one source. - -Thus, multiple source applications are not considered first class citizens in the UI. - -Note, see the [Open Questions](https://github.com/argoproj/argo-cd/docs/proposals/multiple-sources-for-applications-ui.md#open-questions) -section for concerns regarding the priority or value of some of the above changes. - -## Motivation - -The motivation behind this change is to add a more complete story for the multiple source feature. The UI should support -the creation of multiple source applications, and also support the viewing and editing of parameters from all sources. The three -points in the summary above are the base or core changes that need to be addressed. - -### Goals - -The goals of the proposal are: - -- Provide first-class support of multiple sources for applications in the UI (e.g. address the aforementioned restrictions) -- Outline stages of implementation that will help ease PR review, and reduce the risk of introducing regressions/issues. - - -### Non-goals -* The design changes for the Argo CD CLI is beyond the scope of this proposal (The server APIs can probably be reused) - -## Proposal - -As mentioned in the previous summary section, the application source parameters are surfaced in the UI in three locations. -The Resource details pages, specifically, the Summary and Parameters tabs, the deployment history, and the Application -Create panel page. These pages should be updated. - -### Resource Details - -The following describes the current behavior and proposed changes for the Summary tab and the Parameters Tab. - -#### i) Summary Tab - -_Current Behavior:_ - -The current Summary tab includes source-related information, including the repository. For example, in Figure 1 below, -the REPO URL and PATH. - - - -Figure 1: The current Summary tab - -_Proposed Change:_ - -To support multiple sources, the source-related information, from a single-source-based design, will be ‘pulled out’ -and put into a new tab called **Sources**, and it will be combined with the **Parameters** tab (more details following). -The new **Sources** tab will allow users to view all the information related to each source, including the repo URL -and path, chart and revision for Helm, etc. - -The view should show one source at a time (similar to what the UI is doing now, which only shows one source), but with -widgets to allow users to cycle (via pagination or combo selector?) through each source. There are API calls to retrieve -the data for each source. - - - -Figure 2. The new SOURCES tab will allow access to view all sources and application parameters. - -#### ii) Parameters Tab -_Current Behavior:_ - -The Parameters tab shows the application parameters for the application’s repository details type or source. These can -be Helm, Kustomize, Directory or Plugin (CMP). - -_Proposed Change:_ - -The Parameter tab will be removed but the contents of the current parameters tab will be ‘reused’ and will be shown in -the new **SOURCES** tab as described above. The parameters and parameter values will be shown for whatever source is -selected by the user. - -#### iii) Update/Edit Capability in the New Sources Tab - -The above points describe how all the sources will be rendered. However, the Sources tab should be the page to allow -users to delete and add sources. (You can currently change the repo URL and path from the Summary tab, or manually edit -the application by hand, in the Manifest tab, but this is not considered as ‘guided’ editing.) - -_Current Behavior:_ - -The current form-based UI doesn’t support deleting a chosen/desired source of a multi-source application. It, -obviously, does not support deleting the only source in a single-source application. - -_Proposed Change:_ - -In addition to adding the new SOURCES tab from section i) and ii), two new buttons (_Add Source_ and _Delete Source_) will -be added to the page. For the _Add Source_ button, a separate dialog/panel will need to appear to allow the user to -input the parameters or other information. - -Validation of any newly added source should prevent users from adding the same resource, and prevent users from -deleting all sources, etc. - -### History and Rollback - -Current Behavior: The History and Rollback button for multi-source apps is disabled. It's only enabled -for single-source apps, and shows source information as shown in Figure 3. - - - -Figure 3: Source information in History - -Jorge has submitted a [PR](https://github.com/argoproj/argo-cd/pull/14124) for rollback which includes controller and UI changes. -This can be treated as a separate, independent proposal. - -Other related changes pertain to the Last Synced Details. The Sync Details panel needs to be updated to show sync info -from multiple sources. See [Issue 13215](https://github.com/argoproj/argo-cd/issues/13215). - -### New App Dialog - -_Current Behavior:_ - -The dialog currently allows users to ‘quickly’ create a single source application.. - -_Proposed Changes:_ - -Make the form view of the dialog support adding, updating and viewing of multiple sources. The issue with the current -single source New App wizard is that it can lead to loss of “input” provided by the user. The content in the form-based -editor and the YAML editor (accessed via the Edit as YAML button) must match. If the user provides multiple sources in -the YAML editor, and then switches back to the form view, the form will only show the first source. The other sources -are effectively ‘lost’. Furthermore, if the user switches back to the YAML editor, only one source will be shown as well. - -The design and changes (React components) from the new Sources tab can likely be reused in this dialog. - -Other Changes. This includes the underlying plumbing to create an app using the Sources field of the Application CR, so that the -deprecated Source field can be removed in the future. - - - -### Use cases - -The use cases involves those areas in the UI where the current source is displayed. These have been described -in the Summary and Proposal sections. - - -### Implementation Details - -The implementation plan can be divided into different stages. Read-only capability can be provided first and it will -be the safest change. The UI currently is not showing all the sources for the multi-source application so this should -be the highest priority. (Before you can edit, you have to first display it.) - -Here are the general enhancements to be implemented (Upstream issues to be opened if not already): - -1. Create new Sources tab to replace Parameters tab so that all sources can be displayed (Read-only) -2. Update History and Rollback to show a summary of all sources of an application - As mentioned above, this is already covered by Jorge’s [PR](https://github.com/argoproj/argo-cd/pull/14124) -3. Add _Add Source_ and _Delete Source_ buttons to Sources tab. This will depend on #1 above. (Update and Delete) -4. Update New App dialog. (Creation) - - Support adding multiple sources in New App dialog. (This will likely depend on the Components from #1 and #3) - - Use Sources field instead of Source field. Clean up code. - -### Security Considerations -None - -### Risks and Mitigations -None - -### Upgrade / Downgrade Strategy -If downgraded, the UI will revert to showing just the first source. - -## Drawbacks -None - -## Open Questions - -Supporting multiple sources in the New App dialog may not be ‘worth’ the effort? The drawback is that switching from the -YAML editor and form editor can lead to loss of information. - -Users can simply edit the application manifest to add their sources by hand. - - -## Appendix -Multiple sources can be shown as a list of collapsible cards or sections, one below the other, under one page of the -SOURCES tab. However, this can be cumbersome especially when a source, like Helm, has many source parameters. -so it'll be difficult to find the desired source. Perhaps showing one source per page will be better. - -Appendix Figure 1: Zoomed out view of the Helm source parameter list - - diff --git a/docs/requirements.txt b/docs/requirements.txt index 7245c6823c935..d350ac4870ee2 100644 --- a/docs/requirements.txt +++ b/docs/requirements.txt @@ -4,6 +4,6 @@ mkdocs==1.3.0 mkdocs-material==7.1.8 markdown_include==0.6.0 pygments==2.15.0 -jinja2==3.1.4 +jinja2==3.0.3 markdown==3.3.7 pymdown-extensions==10.2.1 \ No newline at end of file diff --git a/docs/snyk/index.md b/docs/snyk/index.md index eb60e85f03604..5f26934a1b4b4 100644 --- a/docs/snyk/index.md +++ b/docs/snyk/index.md @@ -13,63 +13,50 @@ recent minor releases. | | Critical | High | Medium | Low | |---:|:--------:|:----:|:------:|:---:| -| [go.mod](master/argocd-test.html) | 0 | 0 | 6 | 0 | -| [ui/yarn.lock](master/argocd-test.html) | 0 | 0 | 1 | 0 | -| [dex:v2.38.0](master/ghcr.io_dexidp_dex_v2.38.0.html) | 0 | 0 | 2 | 2 | -| [haproxy:2.6.14-alpine](master/haproxy_2.6.14-alpine.html) | 0 | 1 | 3 | 2 | -| [argocd:latest](master/quay.io_argoproj_argocd_latest.html) | 0 | 0 | 5 | 14 | -| [redis:7.0.15-alpine](master/redis_7.0.15-alpine.html) | 0 | 0 | 0 | 1 | +| [go.mod](master/argocd-test.html) | 0 | 0 | 9 | 0 | +| [ui/yarn.lock](master/argocd-test.html) | 0 | 0 | 0 | 0 | +| [dex:v2.38.0](master/ghcr.io_dexidp_dex_v2.38.0.html) | 0 | 0 | 2 | 1 | +| [haproxy:2.6.14-alpine](master/haproxy_2.6.14-alpine.html) | 0 | 1 | 3 | 1 | +| [argocd:latest](master/quay.io_argoproj_argocd_latest.html) | 0 | 0 | 8 | 14 | +| [redis:7.0.14-alpine](master/redis_7.0.14-alpine.html) | 0 | 0 | 2 | 1 | | [install.yaml](master/argocd-iac-install.html) | - | - | - | - | | [namespace-install.yaml](master/argocd-iac-namespace-install.html) | - | - | - | - | -### v2.11.0-rc3 +### v2.9.9 | | Critical | High | Medium | Low | |---:|:--------:|:----:|:------:|:---:| -| [go.mod](v2.11.0-rc3/argocd-test.html) | 0 | 1 | 9 | 0 | -| [ui/yarn.lock](v2.11.0-rc3/argocd-test.html) | 0 | 0 | 1 | 0 | -| [dex:v2.38.0](v2.11.0-rc3/ghcr.io_dexidp_dex_v2.38.0.html) | 0 | 0 | 2 | 2 | -| [haproxy:2.6.14-alpine](v2.11.0-rc3/haproxy_2.6.14-alpine.html) | 0 | 1 | 3 | 2 | -| [argocd:v2.11.0-rc3](v2.11.0-rc3/quay.io_argoproj_argocd_v2.11.0-rc3.html) | 0 | 0 | 5 | 14 | -| [redis:7.0.14-alpine](v2.11.0-rc3/redis_7.0.14-alpine.html) | 0 | 0 | 2 | 2 | -| [install.yaml](v2.11.0-rc3/argocd-iac-install.html) | - | - | - | - | -| [namespace-install.yaml](v2.11.0-rc3/argocd-iac-namespace-install.html) | - | - | - | - | +| [go.mod](v2.9.9/argocd-test.html) | 0 | 1 | 11 | 0 | +| [ui/yarn.lock](v2.9.9/argocd-test.html) | 0 | 0 | 0 | 0 | +| [dex:v2.37.0](v2.9.9/ghcr.io_dexidp_dex_v2.37.0.html) | 1 | 1 | 6 | 1 | +| [haproxy:2.6.14-alpine](v2.9.9/haproxy_2.6.14-alpine.html) | 0 | 1 | 3 | 1 | +| [argocd:v2.9.9](v2.9.9/quay.io_argoproj_argocd_v2.9.9.html) | 0 | 0 | 9 | 14 | +| [redis:7.0.11-alpine](v2.9.9/redis_7.0.11-alpine.html) | 1 | 1 | 6 | 1 | +| [install.yaml](v2.9.9/argocd-iac-install.html) | - | - | - | - | +| [namespace-install.yaml](v2.9.9/argocd-iac-namespace-install.html) | - | - | - | - | -### v2.10.9 +### v2.8.13 | | Critical | High | Medium | Low | |---:|:--------:|:----:|:------:|:---:| -| [go.mod](v2.10.9/argocd-test.html) | 0 | 1 | 12 | 0 | -| [ui/yarn.lock](v2.10.9/argocd-test.html) | 0 | 0 | 1 | 0 | -| [dex:v2.37.0](v2.10.9/ghcr.io_dexidp_dex_v2.37.0.html) | 1 | 1 | 6 | 2 | -| [haproxy:2.6.14-alpine](v2.10.9/haproxy_2.6.14-alpine.html) | 0 | 1 | 3 | 2 | -| [argocd:v2.10.9](v2.10.9/quay.io_argoproj_argocd_v2.10.9.html) | 0 | 0 | 5 | 14 | -| [redis:7.0.15-alpine](v2.10.9/redis_7.0.15-alpine.html) | 0 | 0 | 0 | 1 | -| [install.yaml](v2.10.9/argocd-iac-install.html) | - | - | - | - | -| [namespace-install.yaml](v2.10.9/argocd-iac-namespace-install.html) | - | - | - | - | +| [go.mod](v2.8.13/argocd-test.html) | 0 | 1 | 11 | 0 | +| [ui/yarn.lock](v2.8.13/argocd-test.html) | 0 | 0 | 0 | 0 | +| [dex:v2.37.0](v2.8.13/ghcr.io_dexidp_dex_v2.37.0.html) | 1 | 1 | 6 | 1 | +| [haproxy:2.6.14-alpine](v2.8.13/haproxy_2.6.14-alpine.html) | 0 | 1 | 3 | 1 | +| [argocd:v2.8.13](v2.8.13/quay.io_argoproj_argocd_v2.8.13.html) | 0 | 0 | 9 | 14 | +| [redis:7.0.11-alpine](v2.8.13/redis_7.0.11-alpine.html) | 1 | 1 | 6 | 1 | +| [install.yaml](v2.8.13/argocd-iac-install.html) | - | - | - | - | +| [namespace-install.yaml](v2.8.13/argocd-iac-namespace-install.html) | - | - | - | - | -### v2.9.14 +### v2.7.17 | | Critical | High | Medium | Low | |---:|:--------:|:----:|:------:|:---:| -| [go.mod](v2.9.14/argocd-test.html) | 0 | 2 | 12 | 0 | -| [ui/yarn.lock](v2.9.14/argocd-test.html) | 0 | 0 | 1 | 0 | -| [dex:v2.37.0](v2.9.14/ghcr.io_dexidp_dex_v2.37.0.html) | 1 | 1 | 6 | 2 | -| [haproxy:2.6.14-alpine](v2.9.14/haproxy_2.6.14-alpine.html) | 0 | 1 | 3 | 2 | -| [argocd:v2.9.14](v2.9.14/quay.io_argoproj_argocd_v2.9.14.html) | 0 | 0 | 5 | 14 | -| [redis:7.0.15-alpine](v2.9.14/redis_7.0.15-alpine.html) | 0 | 0 | 0 | 1 | -| [install.yaml](v2.9.14/argocd-iac-install.html) | - | - | - | - | -| [namespace-install.yaml](v2.9.14/argocd-iac-namespace-install.html) | - | - | - | - | - -### v2.8.18 - -| | Critical | High | Medium | Low | -|---:|:--------:|:----:|:------:|:---:| -| [go.mod](v2.8.18/argocd-test.html) | 0 | 2 | 12 | 0 | -| [ui/yarn.lock](v2.8.18/argocd-test.html) | 0 | 0 | 1 | 0 | -| [dex:v2.37.0](v2.8.18/ghcr.io_dexidp_dex_v2.37.0.html) | 1 | 1 | 6 | 2 | -| [haproxy:2.6.14-alpine](v2.8.18/haproxy_2.6.14-alpine.html) | 0 | 1 | 3 | 2 | -| [argocd:v2.8.18](v2.8.18/quay.io_argoproj_argocd_v2.8.18.html) | 0 | 0 | 5 | 14 | -| [redis:7.0.15-alpine](v2.8.18/redis_7.0.15-alpine.html) | 0 | 0 | 0 | 1 | -| [install.yaml](v2.8.18/argocd-iac-install.html) | - | - | - | - | -| [namespace-install.yaml](v2.8.18/argocd-iac-namespace-install.html) | - | - | - | - | +| [go.mod](v2.7.17/argocd-test.html) | 0 | 0 | 9 | 0 | +| [ui/yarn.lock](v2.7.17/argocd-test.html) | 0 | 1 | 0 | 0 | +| [dex:v2.37.0](v2.7.17/ghcr.io_dexidp_dex_v2.37.0.html) | 1 | 1 | 6 | 1 | +| [haproxy:2.6.14-alpine](v2.7.17/haproxy_2.6.14-alpine.html) | 0 | 1 | 3 | 1 | +| [argocd:v2.7.17](v2.7.17/quay.io_argoproj_argocd_v2.7.17.html) | 0 | 0 | 12 | 19 | +| [redis:7.0.14-alpine](v2.7.17/redis_7.0.14-alpine.html) | 0 | 0 | 2 | 1 | +| [install.yaml](v2.7.17/argocd-iac-install.html) | - | - | - | - | +| [namespace-install.yaml](v2.7.17/argocd-iac-namespace-install.html) | - | - | - | - | diff --git a/docs/snyk/master/argocd-iac-install.html b/docs/snyk/master/argocd-iac-install.html index c58d1909aebde..c063a06f7dae8 100644 --- a/docs/snyk/master/argocd-iac-install.html +++ b/docs/snyk/master/argocd-iac-install.html @@ -456,7 +456,7 @@

Snyk test report

-

May 5th 2024, 12:17:54 am (UTC+00:00)

+

March 24th 2024, 12:17:17 am (UTC+00:00)

Scanned the following path: @@ -507,7 +507,7 @@

Role or ClusterRole with dangerous permissions

  • - Line number: 21070 + Line number: 21035
    • @@ -553,7 +553,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 20779 + Line number: 20744
    • @@ -599,7 +599,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 20864 + Line number: 20829
    • @@ -645,7 +645,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 20892 + Line number: 20857
    • @@ -691,7 +691,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 20922 + Line number: 20887
    • @@ -737,7 +737,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 20940 + Line number: 20905
    • @@ -783,7 +783,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 20956 + Line number: 20921
    • @@ -835,7 +835,7 @@

    Container could be running with outdated image

  • - Line number: 22250 + Line number: 22203
    • @@ -893,7 +893,7 @@

    Container has no CPU limit

  • - Line number: 21547 + Line number: 21512
    • @@ -951,7 +951,7 @@

    Container has no CPU limit

  • - Line number: 21798 + Line number: 21763
    • @@ -1009,7 +1009,7 @@

    Container has no CPU limit

  • - Line number: 21764 + Line number: 21729
    • @@ -1067,7 +1067,7 @@

    Container has no CPU limit

  • - Line number: 21858 + Line number: 21823
    • @@ -1125,7 +1125,7 @@

    Container has no CPU limit

  • - Line number: 21957 + Line number: 21922
    • @@ -1183,7 +1183,7 @@

    Container has no CPU limit

  • - Line number: 22250 + Line number: 22203
    • @@ -1241,7 +1241,7 @@

    Container has no CPU limit

  • - Line number: 22014 + Line number: 21979
    • @@ -1299,7 +1299,7 @@

    Container has no CPU limit

  • - Line number: 22335 + Line number: 22288
    • @@ -1357,7 +1357,7 @@

    Container has no CPU limit

  • - Line number: 22681 + Line number: 22634
    • @@ -1409,7 +1409,7 @@

    Container is running with multiple open ports

  • - Line number: 21778 + Line number: 21743
    • @@ -1461,7 +1461,7 @@

    Container is running without liveness probe

  • - Line number: 21547 + Line number: 21512
    • @@ -1513,7 +1513,7 @@

    Container is running without liveness probe

  • - Line number: 21764 + Line number: 21729
    • @@ -1565,7 +1565,7 @@

    Container is running without liveness probe

  • - Line number: 21957 + Line number: 21922
    • @@ -1623,7 +1623,7 @@

    Container is running without memory limit

  • - Line number: 21547 + Line number: 21512
    • @@ -1681,7 +1681,7 @@

    Container is running without memory limit

  • - Line number: 21764 + Line number: 21729
    • @@ -1739,7 +1739,7 @@

    Container is running without memory limit

  • - Line number: 21798 + Line number: 21763
    • @@ -1797,7 +1797,7 @@

    Container is running without memory limit

  • - Line number: 21858 + Line number: 21823
    • @@ -1855,7 +1855,7 @@

    Container is running without memory limit

  • - Line number: 21957 + Line number: 21922
    • @@ -1913,7 +1913,7 @@

    Container is running without memory limit

  • - Line number: 22250 + Line number: 22203
    • @@ -1971,7 +1971,7 @@

    Container is running without memory limit

  • - Line number: 22014 + Line number: 21979
    • @@ -2029,7 +2029,7 @@

    Container is running without memory limit

  • - Line number: 22335 + Line number: 22288
    • @@ -2087,7 +2087,7 @@

    Container is running without memory limit

  • - Line number: 22681 + Line number: 22634
    • @@ -2143,7 +2143,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 21688 + Line number: 21653
    • @@ -2199,7 +2199,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 21806 + Line number: 21771
    • @@ -2255,7 +2255,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 21781 + Line number: 21746
    • @@ -2311,7 +2311,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 21891 + Line number: 21856
    • @@ -2367,7 +2367,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 21967 + Line number: 21932
    • @@ -2423,7 +2423,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 22257 + Line number: 22210
    • @@ -2479,7 +2479,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 22223 + Line number: 22176
    • @@ -2535,7 +2535,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 22591 + Line number: 22544
    • @@ -2591,7 +2591,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 22877 + Line number: 22824
    • diff --git a/docs/snyk/master/argocd-iac-namespace-install.html b/docs/snyk/master/argocd-iac-namespace-install.html index 88bee89daa134..1795ba67af3c6 100644 --- a/docs/snyk/master/argocd-iac-namespace-install.html +++ b/docs/snyk/master/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    May 5th 2024, 12:18:04 am (UTC+00:00)

    +

    March 24th 2024, 12:17:26 am (UTC+00:00)

    Scanned the following path: @@ -789,7 +789,7 @@

    Container could be running with outdated image

  • - Line number: 1336 + Line number: 1324
    • @@ -1137,7 +1137,7 @@

    Container has no CPU limit

  • - Line number: 1336 + Line number: 1324
    • @@ -1253,7 +1253,7 @@

    Container has no CPU limit

  • - Line number: 1421 + Line number: 1409
    • @@ -1311,7 +1311,7 @@

    Container has no CPU limit

  • - Line number: 1767 + Line number: 1755
    • @@ -1867,7 +1867,7 @@

    Container is running without memory limit

  • - Line number: 1336 + Line number: 1324
    • @@ -1983,7 +1983,7 @@

    Container is running without memory limit

  • - Line number: 1421 + Line number: 1409
    • @@ -2041,7 +2041,7 @@

    Container is running without memory limit

  • - Line number: 1767 + Line number: 1755
    • @@ -2377,7 +2377,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 1343 + Line number: 1331
    • @@ -2433,7 +2433,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 1309 + Line number: 1297
    • @@ -2489,7 +2489,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 1677 + Line number: 1665
    • @@ -2545,7 +2545,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 1963 + Line number: 1945
    • diff --git a/docs/snyk/master/argocd-test.html b/docs/snyk/master/argocd-test.html index 45385faf00d73..b745cf7cbd119 100644 --- a/docs/snyk/master/argocd-test.html +++ b/docs/snyk/master/argocd-test.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    May 5th 2024, 12:15:44 am (UTC+00:00)

    +

    March 24th 2024, 12:15:25 am (UTC+00:00)

    Scanned the following paths: @@ -467,9 +467,9 @@

    Snyk test report

    -
    7 known vulnerabilities
    -
    25 vulnerable dependency paths
    -
    2045 dependencies
    +
    9 known vulnerabilities
    +
    144 vulnerable dependency paths
    +
    2037 dependencies

    @@ -538,6 +538,2627 @@

    Detailed paths

    More about this vulnerability

    + +
    +

    Infinite loop

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + google.golang.org/protobuf/internal/encoding/json +
      • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/pkg/grpc/http@#d56162821bd1 + + github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health/grpc_health_v1@1.59.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 + + google.golang.org/grpc/health/grpc_health_v1@1.59.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/reflection@1.59.0 + + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.59.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health@1.59.0 + + google.golang.org/grpc/health/grpc_health_v1@1.59.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/cmd@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/api@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/controller@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

    +

    Note:

    +

    This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

    +

    Remediation

    +

    Upgrade google.golang.org/protobuf/internal/encoding/json to version 1.33.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Stack-based Buffer Overflow

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + google.golang.org/protobuf/encoding/protojson +
      • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 + + go.opentelemetry.io/proto/otlp/collector/trace/v1@1.0.0 + + github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.16.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/pkg/grpc/http@#d56162821bd1 + + github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/internal/gensupport@0.132.0 + + github.com/googleapis/gax-go/v2/apierror@2.12.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/internal/gensupport@0.132.0 + + github.com/googleapis/gax-go/v2@2.12.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 + + go.opentelemetry.io/proto/otlp/collector/trace/v1@1.0.0 + + github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.16.0 + + google.golang.org/protobuf/types/known/structpb@1.31.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health/grpc_health_v1@1.59.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/internal/gensupport@0.132.0 + + github.com/googleapis/gax-go/v2/apierror@2.12.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/cmd@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/internal/gensupport@0.132.0 + + github.com/googleapis/gax-go/v2/apierror@2.12.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/internal/gensupport@0.132.0 + + github.com/googleapis/gax-go/v2@2.12.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/cmd@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/internal/gensupport@0.132.0 + + github.com/googleapis/gax-go/v2@2.12.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health/grpc_health_v1@1.59.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 + + google.golang.org/grpc/health/grpc_health_v1@1.59.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/reflection@1.59.0 + + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.59.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health@1.59.0 + + google.golang.org/grpc/health/grpc_health_v1@1.59.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/api@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/internal/gensupport@0.132.0 + + github.com/googleapis/gax-go/v2/apierror@2.12.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/controller@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/internal/gensupport@0.132.0 + + github.com/googleapis/gax-go/v2/apierror@2.12.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/api@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/internal/gensupport@0.132.0 + + github.com/googleapis/gax-go/v2@2.12.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/controller@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/internal/gensupport@0.132.0 + + github.com/googleapis/gax-go/v2@2.12.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 + + google.golang.org/grpc/health/grpc_health_v1@1.59.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/reflection@1.59.0 + + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.59.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health@1.59.0 + + google.golang.org/grpc/health/grpc_health_v1@1.59.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/cmd@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/cmd@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/api@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/controller@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/api@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/controller@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Stack-based Buffer Overflow when processing input that uses pathologically deep nesting.

    +

    Remediation

    +

    Upgrade google.golang.org/protobuf/encoding/protojson to version 1.32.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Infinite loop

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + google.golang.org/protobuf/encoding/protojson +
      • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 + + go.opentelemetry.io/proto/otlp/collector/trace/v1@1.0.0 + + github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.16.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/pkg/grpc/http@#d56162821bd1 + + github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/internal/gensupport@0.132.0 + + github.com/googleapis/gax-go/v2/apierror@2.12.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/internal/gensupport@0.132.0 + + github.com/googleapis/gax-go/v2@2.12.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 + + go.opentelemetry.io/proto/otlp/collector/trace/v1@1.0.0 + + github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.16.0 + + google.golang.org/protobuf/types/known/structpb@1.31.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health/grpc_health_v1@1.59.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/internal/gensupport@0.132.0 + + github.com/googleapis/gax-go/v2/apierror@2.12.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/cmd@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/internal/gensupport@0.132.0 + + github.com/googleapis/gax-go/v2/apierror@2.12.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/internal/gensupport@0.132.0 + + github.com/googleapis/gax-go/v2@2.12.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/cmd@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/internal/gensupport@0.132.0 + + github.com/googleapis/gax-go/v2@2.12.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health/grpc_health_v1@1.59.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 + + google.golang.org/grpc/health/grpc_health_v1@1.59.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/reflection@1.59.0 + + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.59.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health@1.59.0 + + google.golang.org/grpc/health/grpc_health_v1@1.59.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/api@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/internal/gensupport@0.132.0 + + github.com/googleapis/gax-go/v2/apierror@2.12.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/controller@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/internal/gensupport@0.132.0 + + github.com/googleapis/gax-go/v2/apierror@2.12.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/api@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/internal/gensupport@0.132.0 + + github.com/googleapis/gax-go/v2@2.12.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/controller@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/internal/gensupport@0.132.0 + + github.com/googleapis/gax-go/v2@2.12.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 + + google.golang.org/grpc/health/grpc_health_v1@1.59.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/reflection@1.59.0 + + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.59.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health@1.59.0 + + google.golang.org/grpc/health/grpc_health_v1@1.59.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/cmd@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/cmd@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/api@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/controller@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/api@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/controller@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

    +

    Note:

    +

    This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

    +

    Remediation

    +

    Upgrade google.golang.org/protobuf/encoding/protojson to version 1.33.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    MPL-2.0 license

    @@ -625,7 +3246,7 @@

    MPL-2.0 license

  • Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0, code.gitea.io/sdk/gitea@0.18.0 and others + github.com/argoproj/argo-cd/v2@0.0.0, code.gitea.io/sdk/gitea@0.15.1 and others
    • @@ -639,9 +3260,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - code.gitea.io/sdk/gitea@0.18.0 + code.gitea.io/sdk/gitea@0.15.1 - github.com/hashicorp/go-version@1.6.0 + github.com/hashicorp/go-version@1.2.1 @@ -710,7 +3331,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 github.com/hashicorp/go-retryablehttp@0.7.4 @@ -732,9 +3353,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 github.com/hashicorp/go-retryablehttp@0.7.4 @@ -745,9 +3366,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 + github.com/argoproj/notifications-engine/pkg/cmd@#2daee6022f41 - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 github.com/hashicorp/go-retryablehttp@0.7.4 @@ -758,7 +3379,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -771,11 +3392,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 + github.com/argoproj/notifications-engine/pkg/api@#2daee6022f41 - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 github.com/hashicorp/go-retryablehttp@0.7.4 @@ -786,11 +3407,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 + github.com/argoproj/notifications-engine/pkg/controller@#2daee6022f41 - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 github.com/hashicorp/go-retryablehttp@0.7.4 @@ -801,9 +3422,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -816,9 +3437,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 + github.com/argoproj/notifications-engine/pkg/cmd@#2daee6022f41 - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -831,11 +3452,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 + github.com/argoproj/notifications-engine/pkg/api@#2daee6022f41 - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -848,11 +3469,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 + github.com/argoproj/notifications-engine/pkg/controller@#2daee6022f41 - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -951,7 +3572,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -966,9 +3587,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -983,9 +3604,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 + github.com/argoproj/notifications-engine/pkg/cmd@#2daee6022f41 - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -1000,11 +3621,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 + github.com/argoproj/notifications-engine/pkg/api@#2daee6022f41 - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -1019,11 +3640,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 + github.com/argoproj/notifications-engine/pkg/controller@#2daee6022f41 - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -1109,81 +3730,6 @@

    Detailed paths

    -
    -

    Template Injection

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd ui/yarn.lock -
      • -
    • - Package Manager: npm -
      • -
    • - Vulnerable module: - - dompurify -
      • - -
    • Introduced through: - - - argo-cd-ui@1.0.0, redoc@2.0.0-rc.64 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - argo-cd-ui@1.0.0 - - redoc@2.0.0-rc.64 - - dompurify@2.3.6 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG.

    -

    Affected versions of this package are vulnerable to Template Injection in purify.js, due to inconsistencies in the parsing of XML and HTML tags. Executable code can be injected in HTML inside XML CDATA blocks.

    -

    PoC

    - 
    <![CDATA[ ><img src onerror=alert(1)> ]]>
-
    -

    Remediation

    -

    Upgrade dompurify to version 2.4.9, 3.0.11 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    diff --git a/docs/snyk/master/ghcr.io_dexidp_dex_v2.38.0.html b/docs/snyk/master/ghcr.io_dexidp_dex_v2.38.0.html index a8b34e1212383..7d85ddf3861f8 100644 --- a/docs/snyk/master/ghcr.io_dexidp_dex_v2.38.0.html +++ b/docs/snyk/master/ghcr.io_dexidp_dex_v2.38.0.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    May 5th 2024, 12:15:58 am (UTC+00:00)

    +

    March 24th 2024, 12:15:32 am (UTC+00:00)

    Scanned the following paths: @@ -469,8 +469,8 @@

    Snyk test report

    -
    29 known vulnerabilities
    -
    71 vulnerable dependency paths
    +
    27 known vulnerabilities
    +
    62 vulnerable dependency paths
    829 dependencies
    @@ -479,86 +479,6 @@

    Snyk test report

    -
    -

    Allocation of Resources Without Limits or Throttling

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/net/http2 -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and golang.org/x/net/http2@v0.19.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - golang.org/x/net/http2@v0.19.0 - - - -
      • -
    • - Introduced through: - github.com/dexidp/dex@* - - golang.org/x/net/http2@v0.20.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    -

    Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when reading header data from CONTINUATION frames. As part of the HPACK flow, all incoming HEADERS and CONTINUATION frames are read even if their payloads exceed MaxHeaderBytes and will be discarded. An attacker can send excessive data over a connection to render it unresponsive.

    -

    Remediation

    -

    Upgrade golang.org/x/net/http2 to version 0.23.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -

    Out-of-bounds Write

    @@ -713,10 +633,6 @@

    References

  • https://www.openssl.org/news/secadv/20240109.txt
  • http://www.openwall.com/lists/oss-security/2024/01/09/1
  • https://security.netapp.com/advisory/ntap-20240216-0009/
    • -
  • https://security.netapp.com/advisory/ntap-20240426-0008/
    • -
  • https://security.netapp.com/advisory/ntap-20240426-0013/
    • -
  • http://www.openwall.com/lists/oss-security/2024/03/11/1
    • -
  • https://security.netapp.com/advisory/ntap-20240503-0011/
    • @@ -863,14 +779,13 @@

    Remediation

    Upgrade Alpine:3.19 openssl to version 3.1.4-r5 or higher.

    References

    @@ -2627,38 +2542,9 @@

    Detailed paths

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

    -

    Issue summary: Checking excessively long invalid RSA public keys may take - a long time.

    -

    Impact summary: Applications that use the function EVP_PKEY_public_check() - to check RSA public keys may experience long delays. Where the key that - is being checked has been obtained from an untrusted source this may lead - to a Denial of Service.

    -

    When function EVP_PKEY_public_check() is called on RSA public keys, - a computation is done to confirm that the RSA modulus, n, is composite. - For valid RSA keys, n is a product of two or more large primes and this - computation completes quickly. However, if n is an overly large prime, - then this computation would take a long time.

    -

    An application that calls EVP_PKEY_public_check() and supplies an RSA key - obtained from an untrusted source could be vulnerable to a Denial of Service - attack.

    -

    The function EVP_PKEY_public_check() is not called from other OpenSSL - functions however it is called from the OpenSSL pkey command line - application. For that reason that application is also vulnerable if used - with the '-pubin' and '-check' options on untrusted data.

    -

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    -

    The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

    +

    This vulnerability has not been analyzed by NVD yet.

    Remediation

    Upgrade Alpine:3.19 openssl to version 3.1.4-r4 or higher.

    -

    References

    -
    @@ -2667,158 +2553,6 @@

    References

    -
    -

    CVE-2024-2511

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.19 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.38.0 and openssl/libcrypto3@3.1.4-r2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/ssl_client@1.36.1-r15 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r2 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/ssl_client@1.36.1-r15 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

    -

    Issue summary: Some non-default TLS server configurations can cause unbounded - memory growth when processing TLSv1.3 sessions

    -

    Impact summary: An attacker may exploit certain server configurations to trigger - unbounded memory growth that would lead to a Denial of Service

    -

    This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is - being used (but not if early_data support is also configured and the default - anti-replay protection is in use). In this case, under certain conditions, the - session cache can get into an incorrect state and it will fail to flush properly - as it fills. The session cache will continue to grow in an unbounded manner. A - malicious client could deliberately create the scenario for this failure to - force a Denial of Service. It may also happen by accident in normal operation.

    -

    This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS - clients.

    -

    The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL - 1.0.2 is also not affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.19 openssl to version 3.1.4-r6 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    diff --git a/docs/snyk/master/haproxy_2.6.14-alpine.html b/docs/snyk/master/haproxy_2.6.14-alpine.html index bb13bc1cb2a26..106ec7c2cc72f 100644 --- a/docs/snyk/master/haproxy_2.6.14-alpine.html +++ b/docs/snyk/master/haproxy_2.6.14-alpine.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    May 5th 2024, 12:16:08 am (UTC+00:00)

    +

    March 24th 2024, 12:15:37 am (UTC+00:00)

    Scanned the following path: @@ -466,8 +466,8 @@

    Snyk test report

    -
    6 known vulnerabilities
    -
    54 vulnerable dependency paths
    +
    5 known vulnerabilities
    +
    45 vulnerable dependency paths
    18 dependencies
    @@ -660,14 +660,14 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r0 or higher.

    References

    @@ -844,14 +844,13 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r1 or higher.

    References

    @@ -1037,10 +1036,6 @@

    References

  • https://www.openssl.org/news/secadv/20240109.txt
  • http://www.openwall.com/lists/oss-security/2024/01/09/1
  • https://security.netapp.com/advisory/ntap-20240216-0009/
    • -
  • https://security.netapp.com/advisory/ntap-20240426-0008/
    • -
  • https://security.netapp.com/advisory/ntap-20240426-0013/
    • -
  • http://www.openwall.com/lists/oss-security/2024/03/11/1
    • -
  • https://security.netapp.com/advisory/ntap-20240503-0011/
    • @@ -1209,14 +1204,13 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r5 or higher.

    References

    @@ -1363,38 +1357,9 @@

    Detailed paths

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Checking excessively long invalid RSA public keys may take - a long time.

    -

    Impact summary: Applications that use the function EVP_PKEY_public_check() - to check RSA public keys may experience long delays. Where the key that - is being checked has been obtained from an untrusted source this may lead - to a Denial of Service.

    -

    When function EVP_PKEY_public_check() is called on RSA public keys, - a computation is done to confirm that the RSA modulus, n, is composite. - For valid RSA keys, n is a product of two or more large primes and this - computation completes quickly. However, if n is an overly large prime, - then this computation would take a long time.

    -

    An application that calls EVP_PKEY_public_check() and supplies an RSA key - obtained from an untrusted source could be vulnerable to a Denial of Service - attack.

    -

    The function EVP_PKEY_public_check() is not called from other OpenSSL - functions however it is called from the OpenSSL pkey command line - application. For that reason that application is also vulnerable if used - with the '-pubin' and '-check' options on untrusted data.

    -

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    -

    The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

    +

    This vulnerability has not been analyzed by NVD yet.

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r4 or higher.

    -

    References

    -
    @@ -1403,180 +1368,6 @@

    References

    -
    -

    CVE-2024-2511

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Some non-default TLS server configurations can cause unbounded - memory growth when processing TLSv1.3 sessions

    -

    Impact summary: An attacker may exploit certain server configurations to trigger - unbounded memory growth that would lead to a Denial of Service

    -

    This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is - being used (but not if early_data support is also configured and the default - anti-replay protection is in use). In this case, under certain conditions, the - session cache can get into an incorrect state and it will fail to flush properly - as it fills. The session cache will continue to grow in an unbounded manner. A - malicious client could deliberately create the scenario for this failure to - force a Denial of Service. It may also happen by accident in normal operation.

    -

    This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS - clients.

    -

    The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL - 1.0.2 is also not affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.4-r6 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    diff --git a/docs/snyk/master/quay.io_argoproj_argocd_latest.html b/docs/snyk/master/quay.io_argoproj_argocd_latest.html index d77bb8858c3d3..045db290b0fbb 100644 --- a/docs/snyk/master/quay.io_argoproj_argocd_latest.html +++ b/docs/snyk/master/quay.io_argoproj_argocd_latest.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    May 5th 2024, 12:16:29 am (UTC+00:00)

    +

    March 24th 2024, 12:15:54 am (UTC+00:00)

    Scanned the following paths: @@ -470,9 +470,9 @@

    Snyk test report

    -
    27 known vulnerabilities
    -
    160 vulnerable dependency paths
    -
    2282 dependencies
    +
    32 known vulnerabilities
    +
    175 vulnerable dependency paths
    +
    2276 dependencies
    @@ -480,32 +480,32 @@

    Snyk test report

    -
    -

    Allocation of Resources Without Limits or Throttling

    +
    +

    CVE-2020-22916

    -
    - high severity +
    + medium severity
    • - Manifest file: quay.io/argoproj/argocd:latest/helm/v3 /usr/local/bin/helm + Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd Dockerfile
    • - Package Manager: golang + Package Manager: ubuntu:22.04
    • Vulnerable module: - golang.org/x/net/http2 + xz-utils/liblzma5
    • Introduced through: - helm.sh/helm/v3@* and golang.org/x/net/http2@v0.17.0 + docker-image|quay.io/argoproj/argocd@latest and xz-utils/liblzma5@5.2.5-2ubuntu1
    @@ -518,9 +518,9 @@

    Detailed paths

    -

    CVE-2020-22916

    +

    CVE-2023-51767

    @@ -571,12 +576,12 @@

    CVE-2020-22916

  • Vulnerable module: - xz-utils/liblzma5 + openssh/openssh-client
  • Introduced through: - docker-image|quay.io/argoproj/argocd@latest and xz-utils/liblzma5@5.2.5-2ubuntu1 + docker-image|quay.io/argoproj/argocd@latest and openssh/openssh-client@1:8.9p1-3ubuntu0.6
    • @@ -591,7 +596,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - xz-utils/liblzma5@5.2.5-2ubuntu1 + openssh/openssh-client@1:8.9p1-3ubuntu0.6 @@ -603,27 +608,27 @@

    Detailed paths

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream xz-utils package and not the xz-utils package as distributed by Ubuntu. +

    Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    An issue discovered in XZ 5.2.5 allows attackers to cause a denial of service via decompression of a crafted file. NOTE: the vendor disputes the claims of "endless output" and "denial of service" because decompression of the 17,486 bytes always results in 114,881,179 bytes, which is often a reasonable size increase.

    +

    OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges.

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 xz-utils.

    +

    There is no fixed version for Ubuntu:22.04 openssh.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    @@ -698,9 +703,9 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - apt@2.4.12 + apt@2.4.11 - apt/libapt-pkg6.0@2.4.12 + apt/libapt-pkg6.0@2.4.11 libgcrypt20@1.9.4-3ubuntu3 @@ -711,7 +716,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - apt@2.4.12 + apt@2.4.11 gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -802,9 +807,9 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - apt@2.4.12 + apt@2.4.11 - apt/libapt-pkg6.0@2.4.12 + apt/libapt-pkg6.0@2.4.11 systemd/libsystemd0@249.11-0ubuntu3.12 @@ -830,7 +835,6 @@

    References

  • http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-2236
  • https://access.redhat.com/security/cve/CVE-2024-2236
  • https://bugzilla.redhat.com/show_bug.cgi?id=2268268
    • -
  • https://bugzilla.redhat.com/show_bug.cgi?id=2245218
    • @@ -972,7 +976,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - openssh/openssh-client@1:8.9p1-3ubuntu0.7 + openssh/openssh-client@1:8.9p1-3ubuntu0.6 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -985,7 +989,7 @@

    Detailed paths

    git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -998,7 +1002,7 @@

    Detailed paths

    git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 @@ -1192,7 +1196,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - openssh/openssh-client@1:8.9p1-3ubuntu0.7 + openssh/openssh-client@1:8.9p1-3ubuntu0.6 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1205,7 +1209,7 @@

    Detailed paths

    git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1218,7 +1222,7 @@

    Detailed paths

    git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 @@ -1412,7 +1416,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - openssh/openssh-client@1:8.9p1-3ubuntu0.7 + openssh/openssh-client@1:8.9p1-3ubuntu0.6 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1425,7 +1429,7 @@

    Detailed paths

    git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1438,7 +1442,7 @@

    Detailed paths

    git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 @@ -1559,6 +1563,491 @@

    Detailed paths

    More about this vulnerability

    +
    +
    +

    Infinite loop

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:latest/argoproj/argo-cd/v2 /usr/local/bin/argocd +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + google.golang.org/protobuf/internal/encoding/json +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@* and google.golang.org/protobuf/internal/encoding/json@v1.31.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@* + + google.golang.org/protobuf/internal/encoding/json@v1.31.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

    +

    Note:

    +

    This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

    +

    Remediation

    +

    Upgrade google.golang.org/protobuf/internal/encoding/json to version 1.33.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Stack-based Buffer Overflow

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:latest/argoproj/argo-cd/v2 /usr/local/bin/argocd +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + google.golang.org/protobuf/encoding/protojson +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@* and google.golang.org/protobuf/encoding/protojson@v1.31.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@* + + google.golang.org/protobuf/encoding/protojson@v1.31.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Stack-based Buffer Overflow when processing input that uses pathologically deep nesting.

    +

    Remediation

    +

    Upgrade google.golang.org/protobuf/encoding/protojson to version 1.32.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Infinite loop

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:latest/argoproj/argo-cd/v2 /usr/local/bin/argocd +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + google.golang.org/protobuf/encoding/protojson +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@* and google.golang.org/protobuf/encoding/protojson@v1.31.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@* + + google.golang.org/protobuf/encoding/protojson@v1.31.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

    +

    Note:

    +

    This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

    +

    Remediation

    +

    Upgrade google.golang.org/protobuf/encoding/protojson to version 1.33.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Information Exposure

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + gnutls28/libgnutls30 +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@latest and gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + apt@2.4.11 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + gnupg2/dirmngr@2.2.27-3ubuntu2.1 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + openldap/libldap-2.5-0@2.5.17+dfsg-0ubuntu0.22.04.1 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build4 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 gnutls28.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Uncaught Exception

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + gnutls28/libgnutls30 +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@latest and gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + apt@2.4.11 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + gnupg2/dirmngr@2.2.27-3ubuntu2.1 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + openldap/libldap-2.5-0@2.5.17+dfsg-0ubuntu0.22.04.1 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build4 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 gnutls28.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    MPL-2.0 license

    @@ -1645,7 +2134,7 @@

    MPL-2.0 license

  • Introduced through: - github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-version@v1.6.0 + github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-version@v1.2.1
    • @@ -1660,7 +2149,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@* - github.com/hashicorp/go-version@v1.6.0 + github.com/hashicorp/go-version@v1.2.1 @@ -1969,7 +2458,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - apt@2.4.12 + apt@2.4.11 systemd/libsystemd0@249.11-0ubuntu3.12 @@ -1991,7 +2480,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - util-linux@2.37.2-4ubuntu3.4 + util-linux@2.37.2-4ubuntu3 systemd/libsystemd0@249.11-0ubuntu3.12 @@ -2002,7 +2491,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - util-linux/bsdutils@1:2.37.2-4ubuntu3.4 + util-linux/bsdutils@1:2.37.2-4ubuntu3 systemd/libsystemd0@249.11-0ubuntu3.12 @@ -2013,9 +2502,9 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - apt@2.4.12 + apt@2.4.11 - apt/libapt-pkg6.0@2.4.12 + apt/libapt-pkg6.0@2.4.11 systemd/libsystemd0@249.11-0ubuntu3.12 @@ -2046,7 +2535,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - util-linux@2.37.2-4ubuntu3.4 + util-linux@2.37.2-4ubuntu3 systemd/libudev1@249.11-0ubuntu3.12 @@ -2057,9 +2546,9 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - apt@2.4.12 + apt@2.4.11 - apt/libapt-pkg6.0@2.4.12 + apt/libapt-pkg6.0@2.4.11 systemd/libudev1@249.11-0ubuntu3.12 @@ -2087,7 +2576,6 @@

    References

  • https://github.com/systemd/systemd/issues/25676
  • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QHNBXGKJWISJETTTDTZKTBFIBJUOSLKL/
  • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4GMDEG5PKONWNHOEYSUDRT6JEOISRMN2/
    • -
  • https://access.redhat.com/errata/RHSA-2024:2463
    • @@ -2157,7 +2645,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - openssh/openssh-client@1:8.9p1-3ubuntu0.7 + openssh/openssh-client@1:8.9p1-3ubuntu0.6 shadow/passwd@1:4.8.1-2ubuntu2.2 @@ -2271,15 +2759,15 @@

    Remediation

    There is no fixed version for Ubuntu:22.04 pcre3.

    References

    @@ -2418,13 +2906,13 @@

    Remediation

    There is no fixed version for Ubuntu:22.04 patch.

    References

    @@ -2505,7 +2993,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - less@590-1ubuntu0.22.04.3 + less@590-1ubuntu0.22.04.2 ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -2560,7 +3048,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - util-linux@2.37.2-4ubuntu3.4 + util-linux@2.37.2-4ubuntu3 ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -2769,7 +3257,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - less@590-1ubuntu0.22.04.3 + less@590-1ubuntu0.22.04.2 ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -2824,7 +3312,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - util-linux@2.37.2-4ubuntu3.4 + util-linux@2.37.2-4ubuntu3 ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -3019,15 +3507,15 @@

    Remediation

    There is no fixed version for Ubuntu:22.04 libzstd.

    References

    @@ -3169,7 +3657,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - openssh/openssh-client@1:8.9p1-3ubuntu0.7 + openssh/openssh-client@1:8.9p1-3ubuntu0.6 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -3182,7 +3670,7 @@

    Detailed paths

    git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -3195,7 +3683,7 @@

    Detailed paths

    git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 @@ -3310,7 +3798,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - apt@2.4.12 + apt@2.4.11 gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -3624,13 +4112,13 @@

    Remediation

    There is no fixed version for Ubuntu:22.04 gnupg2.

    References

    @@ -3665,7 +4153,7 @@

    Allocation of Resources Without Limits or Throttling

    Introduced through: - docker-image|quay.io/argoproj/argocd@latest and glibc/libc-bin@2.35-0ubuntu3.7 + docker-image|quay.io/argoproj/argocd@latest and glibc/libc-bin@2.35-0ubuntu3.6 @@ -3680,7 +4168,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - glibc/libc-bin@2.35-0ubuntu3.7 + glibc/libc-bin@2.35-0ubuntu3.6 @@ -3689,7 +4177,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - glibc/libc6@2.35-0ubuntu3.7 + glibc/libc6@2.35-0ubuntu3.6 @@ -3708,10 +4196,10 @@

    Remediation

    There is no fixed version for Ubuntu:22.04 glibc.

    References

    @@ -3802,8 +4290,8 @@

    Remediation

    There is no fixed version for Ubuntu:22.04 git.

    References

    @@ -3863,7 +4351,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - apt@2.4.12 + apt@2.4.11 gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 @@ -3874,9 +4362,9 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - apt@2.4.12 + apt@2.4.11 - apt/libapt-pkg6.0@2.4.12 + apt/libapt-pkg6.0@2.4.11 gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 @@ -3954,7 +4442,7 @@

    Improper Input Validation

  • Introduced through: - docker-image|quay.io/argoproj/argocd@latest and coreutils@8.32-4.1ubuntu1.2 + docker-image|quay.io/argoproj/argocd@latest and coreutils@8.32-4.1ubuntu1.1
    • @@ -3969,7 +4457,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - coreutils@8.32-4.1ubuntu1.2 + coreutils@8.32-4.1ubuntu1.1 @@ -3988,12 +4476,12 @@

    Remediation

    There is no fixed version for Ubuntu:22.04 coreutils.

    References

    diff --git a/docs/snyk/v2.11.0-rc3/redis_7.0.14-alpine.html b/docs/snyk/master/redis_7.0.14-alpine.html similarity index 73% rename from docs/snyk/v2.11.0-rc3/redis_7.0.14-alpine.html rename to docs/snyk/master/redis_7.0.14-alpine.html index bd29d333cc51a..f47d4fe717527 100644 --- a/docs/snyk/v2.11.0-rc3/redis_7.0.14-alpine.html +++ b/docs/snyk/master/redis_7.0.14-alpine.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    May 5th 2024, 12:19:00 am (UTC+00:00)

    +

    March 24th 2024, 12:15:59 am (UTC+00:00)

    Scanned the following paths: @@ -467,8 +467,8 @@

    Snyk test report

    -
    4 known vulnerabilities
    -
    36 vulnerable dependency paths
    +
    3 known vulnerabilities
    +
    27 vulnerable dependency paths
    19 dependencies
    @@ -653,10 +653,6 @@

    References

  • https://www.openssl.org/news/secadv/20240109.txt
  • http://www.openwall.com/lists/oss-security/2024/01/09/1
  • https://security.netapp.com/advisory/ntap-20240216-0009/
    • -
  • https://security.netapp.com/advisory/ntap-20240426-0008/
    • -
  • https://security.netapp.com/advisory/ntap-20240426-0013/
    • -
  • http://www.openwall.com/lists/oss-security/2024/03/11/1
    • -
  • https://security.netapp.com/advisory/ntap-20240503-0011/
    • @@ -825,14 +821,13 @@

    Remediation

    Upgrade Alpine:3.19 openssl to version 3.1.4-r5 or higher.

    References

    @@ -979,38 +974,9 @@

    Detailed paths

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

    -

    Issue summary: Checking excessively long invalid RSA public keys may take - a long time.

    -

    Impact summary: Applications that use the function EVP_PKEY_public_check() - to check RSA public keys may experience long delays. Where the key that - is being checked has been obtained from an untrusted source this may lead - to a Denial of Service.

    -

    When function EVP_PKEY_public_check() is called on RSA public keys, - a computation is done to confirm that the RSA modulus, n, is composite. - For valid RSA keys, n is a product of two or more large primes and this - computation completes quickly. However, if n is an overly large prime, - then this computation would take a long time.

    -

    An application that calls EVP_PKEY_public_check() and supplies an RSA key - obtained from an untrusted source could be vulnerable to a Denial of Service - attack.

    -

    The function EVP_PKEY_public_check() is not called from other OpenSSL - functions however it is called from the OpenSSL pkey command line - application. For that reason that application is also vulnerable if used - with the '-pubin' and '-check' options on untrusted data.

    -

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    -

    The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

    +

    This vulnerability has not been analyzed by NVD yet.

    Remediation

    Upgrade Alpine:3.19 openssl to version 3.1.4-r4 or higher.

    -

    References

    -
    @@ -1019,180 +985,6 @@

    References

    -
    -

    CVE-2024-2511

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.19 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|redis@7.0.14-alpine and openssl/libcrypto3@3.1.4-r2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - .redis-rundeps@20231208.201137 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - busybox/ssl_client@1.36.1-r15 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - .redis-rundeps@20231208.201137 - - openssl/libssl3@3.1.4-r2 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - .redis-rundeps@20231208.201137 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - busybox/ssl_client@1.36.1-r15 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

    -

    Issue summary: Some non-default TLS server configurations can cause unbounded - memory growth when processing TLSv1.3 sessions

    -

    Impact summary: An attacker may exploit certain server configurations to trigger - unbounded memory growth that would lead to a Denial of Service

    -

    This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is - being used (but not if early_data support is also configured and the default - anti-replay protection is in use). In this case, under certain conditions, the - session cache can get into an incorrect state and it will fail to flush properly - as it fills. The session cache will continue to grow in an unbounded manner. A - malicious client could deliberately create the scenario for this failure to - force a Denial of Service. It may also happen by accident in normal operation.

    -

    This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS - clients.

    -

    The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL - 1.0.2 is also not affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.19 openssl to version 3.1.4-r6 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    diff --git a/docs/snyk/master/redis_7.0.15-alpine.html b/docs/snyk/master/redis_7.0.15-alpine.html deleted file mode 100644 index 26d3c74a390ca..0000000000000 --- a/docs/snyk/master/redis_7.0.15-alpine.html +++ /dev/null @@ -1,659 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    May 5th 2024, 12:16:36 am (UTC+00:00)

    -
    -
    - Scanned the following paths: -
      -
    • redis:7.0.15-alpine (apk)
      • -
    • redis:7.0.15-alpine/tianon/gosu//usr/local/bin/gosu (gomodules)
      • -
    -
    - -
    -
    1 known vulnerabilities
    -
    9 vulnerable dependency paths
    -
    19 dependencies
    -
    -
    -
    -
    - -
    -
    -
    -

    CVE-2024-2511

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.19 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|redis@7.0.15-alpine and openssl/libcrypto3@3.1.4-r5 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - openssl/libcrypto3@3.1.4-r5 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - .redis-rundeps@20240315.235535 - - openssl/libcrypto3@3.1.4-r5 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libcrypto3@3.1.4-r5 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - busybox/ssl_client@1.36.1-r15 - - openssl/libcrypto3@3.1.4-r5 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - .redis-rundeps@20240315.235535 - - openssl/libssl3@3.1.4-r5 - - openssl/libcrypto3@3.1.4-r5 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - openssl/libssl3@3.1.4-r5 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - .redis-rundeps@20240315.235535 - - openssl/libssl3@3.1.4-r5 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r5 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - busybox/ssl_client@1.36.1-r15 - - openssl/libssl3@3.1.4-r5 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

    -

    Issue summary: Some non-default TLS server configurations can cause unbounded - memory growth when processing TLSv1.3 sessions

    -

    Impact summary: An attacker may exploit certain server configurations to trigger - unbounded memory growth that would lead to a Denial of Service

    -

    This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is - being used (but not if early_data support is also configured and the default - anti-replay protection is in use). In this case, under certain conditions, the - session cache can get into an incorrect state and it will fail to flush properly - as it fills. The session cache will continue to grow in an unbounded manner. A - malicious client could deliberately create the scenario for this failure to - force a Denial of Service. It may also happen by accident in normal operation.

    -

    This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS - clients.

    -

    The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL - 1.0.2 is also not affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.19 openssl to version 3.1.4-r6 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -
    -
    - - - diff --git a/docs/snyk/v2.10.9/argocd-iac-install.html b/docs/snyk/v2.10.9/argocd-iac-install.html deleted file mode 100644 index 77f83e382a406..0000000000000 --- a/docs/snyk/v2.10.9/argocd-iac-install.html +++ /dev/null @@ -1,2621 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    May 5th 2024, 12:22:34 am (UTC+00:00)

    -
    -
    - Scanned the following path: -
      -
    • /argo-cd/manifests/install.yaml (Kubernetes)
      • -
    -
    - -
    -
    39 total issues
    -
    -
    -
    -
    - -
    - - - - - - -
    Project manifests/install.yaml
    Path /argo-cd/manifests/install.yaml
    Project Type Kubernetes
    -
    -
    -
    -

    Role or ClusterRole with dangerous permissions

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 16] - - rules[5] - - resources - -
      • - -
    • - Line number: 20871 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

    - -

    Remediation

    -

    Consider removing these permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role or ClusterRole with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 10] - - rules[0] - - resources - -
      • - -
    • - Line number: 20580 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

    - -

    Remediation

    -

    Consider removing these permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role or ClusterRole with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 11] - - rules[4] - - resources - -
      • - -
    • - Line number: 20665 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

    - -

    Remediation

    -

    Consider removing these permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role or ClusterRole with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 12] - - rules[0] - - resources - -
      • - -
    • - Line number: 20693 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

    - -

    Remediation

    -

    Consider removing these permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role or ClusterRole with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 13] - - rules[1] - - resources - -
      • - -
    • - Line number: 20723 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

    - -

    Remediation

    -

    Consider removing these permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role or ClusterRole with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 13] - - rules[3] - - resources - -
      • - -
    • - Line number: 20741 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

    - -

    Remediation

    -

    Consider removing these permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role or ClusterRole with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 14] - - rules[0] - - resources - -
      • - -
    • - Line number: 20757 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

    - -

    Remediation

    -

    Consider removing these permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container could be running with outdated image

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-42 -
      • - -
    • Introduced through: - [DocId: 47] - - spec - - template - - spec - - initContainers[copyutil] - - imagePullPolicy - -
      • - -
    • - Line number: 22039 -
      • -
    - -
    - -

    Impact

    -

    The container may run with outdated or unauthorized image

    - -

    Remediation

    -

    Set `imagePullPolicy` attribute to `Always`

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 43] - - input - - spec - - template - - spec - - containers[argocd-applicationset-controller] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 21348 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 44] - - input - - spec - - template - - spec - - initContainers[copyutil] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 21599 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 44] - - input - - spec - - template - - spec - - containers[dex] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 21565 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 45] - - input - - spec - - template - - spec - - containers[argocd-notifications-controller] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 21659 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 46] - - input - - spec - - template - - spec - - containers[redis] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 21758 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 47] - - input - - spec - - template - - spec - - initContainers[copyutil] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 22039 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 47] - - input - - spec - - template - - spec - - containers[argocd-repo-server] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 21815 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 48] - - input - - spec - - template - - spec - - containers[argocd-server] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 22124 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 49] - - input - - spec - - template - - spec - - containers[argocd-application-controller] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 22470 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running with multiple open ports

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-36 -
      • - -
    • Introduced through: - [DocId: 44] - - spec - - template - - spec - - containers[dex] - - ports - -
      • - -
    • - Line number: 21579 -
      • -
    - -
    - -

    Impact

    -

    Increases the attack surface of the application and the container.

    - -

    Remediation

    -

    Reduce `ports` count to 2

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without liveness probe

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-41 -
      • - -
    • Introduced through: - [DocId: 43] - - spec - - template - - spec - - containers[argocd-applicationset-controller] - - livenessProbe - -
      • - -
    • - Line number: 21348 -
      • -
    - -
    - -

    Impact

    -

    Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

    - -

    Remediation

    -

    Add `livenessProbe` attribute

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without liveness probe

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-41 -
      • - -
    • Introduced through: - [DocId: 44] - - spec - - template - - spec - - containers[dex] - - livenessProbe - -
      • - -
    • - Line number: 21565 -
      • -
    - -
    - -

    Impact

    -

    Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

    - -

    Remediation

    -

    Add `livenessProbe` attribute

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without liveness probe

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-41 -
      • - -
    • Introduced through: - [DocId: 46] - - spec - - template - - spec - - containers[redis] - - livenessProbe - -
      • - -
    • - Line number: 21758 -
      • -
    - -
    - -

    Impact

    -

    Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

    - -

    Remediation

    -

    Add `livenessProbe` attribute

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 43] - - input - - spec - - template - - spec - - containers[argocd-applicationset-controller] - - resources - - limits - - memory - -
      • - -
    • - Line number: 21348 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 44] - - input - - spec - - template - - spec - - containers[dex] - - resources - - limits - - memory - -
      • - -
    • - Line number: 21565 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 44] - - input - - spec - - template - - spec - - initContainers[copyutil] - - resources - - limits - - memory - -
      • - -
    • - Line number: 21599 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 45] - - input - - spec - - template - - spec - - containers[argocd-notifications-controller] - - resources - - limits - - memory - -
      • - -
    • - Line number: 21659 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 46] - - input - - spec - - template - - spec - - containers[redis] - - resources - - limits - - memory - -
      • - -
    • - Line number: 21758 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 47] - - input - - spec - - template - - spec - - initContainers[copyutil] - - resources - - limits - - memory - -
      • - -
    • - Line number: 22039 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 47] - - input - - spec - - template - - spec - - containers[argocd-repo-server] - - resources - - limits - - memory - -
      • - -
    • - Line number: 21815 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 48] - - input - - spec - - template - - spec - - containers[argocd-server] - - resources - - limits - - memory - -
      • - -
    • - Line number: 22124 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 49] - - input - - spec - - template - - spec - - containers[argocd-application-controller] - - resources - - limits - - memory - -
      • - -
    • - Line number: 22470 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's or Pod's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 43] - - input - - spec - - template - - spec - - containers[argocd-applicationset-controller] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 21489 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's or Pod's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 44] - - input - - spec - - template - - spec - - initContainers[copyutil] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 21607 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's or Pod's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 44] - - input - - spec - - template - - spec - - containers[dex] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 21582 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's or Pod's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 45] - - input - - spec - - template - - spec - - containers[argocd-notifications-controller] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 21692 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's or Pod's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 46] - - input - - spec - - template - - spec - - containers[redis] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 21768 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's or Pod's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 47] - - input - - spec - - template - - spec - - initContainers[copyutil] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 22046 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's or Pod's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 47] - - input - - spec - - template - - spec - - containers[argocd-repo-server] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 22012 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's or Pod's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 48] - - input - - spec - - template - - spec - - containers[argocd-server] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 22380 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's or Pod's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 49] - - input - - spec - - template - - spec - - containers[argocd-application-controller] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 22666 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -
    - -
    - - - diff --git a/docs/snyk/v2.10.9/argocd-iac-namespace-install.html b/docs/snyk/v2.10.9/argocd-iac-namespace-install.html deleted file mode 100644 index d1027993f915b..0000000000000 --- a/docs/snyk/v2.10.9/argocd-iac-namespace-install.html +++ /dev/null @@ -1,2575 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    May 5th 2024, 12:22:45 am (UTC+00:00)

    -
    -
    - Scanned the following path: -
      -
    • /argo-cd/manifests/namespace-install.yaml (Kubernetes)
      • -
    -
    - -
    -
    38 total issues
    -
    -
    -
    -
    - -
    - - - - - - -
    Project manifests/namespace-install.yaml
    Path /argo-cd/manifests/namespace-install.yaml
    Project Type Kubernetes
    -
    -
    -
    -

    Role or ClusterRole with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 7] - - rules[0] - - resources - -
      • - -
    • - Line number: 77 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

    - -

    Remediation

    -

    Consider removing these permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role or ClusterRole with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 8] - - rules[4] - - resources - -
      • - -
    • - Line number: 162 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

    - -

    Remediation

    -

    Consider removing these permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role or ClusterRole with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 9] - - rules[0] - - resources - -
      • - -
    • - Line number: 190 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

    - -

    Remediation

    -

    Consider removing these permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role or ClusterRole with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 10] - - rules[1] - - resources - -
      • - -
    • - Line number: 220 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

    - -

    Remediation

    -

    Consider removing these permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role or ClusterRole with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 10] - - rules[3] - - resources - -
      • - -
    • - Line number: 238 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

    - -

    Remediation

    -

    Consider removing these permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role or ClusterRole with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 11] - - rules[0] - - resources - -
      • - -
    • - Line number: 254 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

    - -

    Remediation

    -

    Consider removing these permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container could be running with outdated image

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-42 -
      • - -
    • Introduced through: - [DocId: 38] - - spec - - template - - spec - - initContainers[copyutil] - - imagePullPolicy - -
      • - -
    • - Line number: 1324 -
      • -
    - -
    - -

    Impact

    -

    The container may run with outdated or unauthorized image

    - -

    Remediation

    -

    Set `imagePullPolicy` attribute to `Always`

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 34] - - input - - spec - - template - - spec - - containers[argocd-applicationset-controller] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 633 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 35] - - input - - spec - - template - - spec - - initContainers[copyutil] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 884 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 35] - - input - - spec - - template - - spec - - containers[dex] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 850 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 36] - - input - - spec - - template - - spec - - containers[argocd-notifications-controller] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 944 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 37] - - input - - spec - - template - - spec - - containers[redis] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 1043 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 38] - - input - - spec - - template - - spec - - initContainers[copyutil] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 1324 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 38] - - input - - spec - - template - - spec - - containers[argocd-repo-server] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 1100 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 39] - - input - - spec - - template - - spec - - containers[argocd-server] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 1409 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 40] - - input - - spec - - template - - spec - - containers[argocd-application-controller] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 1755 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running with multiple open ports

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-36 -
      • - -
    • Introduced through: - [DocId: 35] - - spec - - template - - spec - - containers[dex] - - ports - -
      • - -
    • - Line number: 864 -
      • -
    - -
    - -

    Impact

    -

    Increases the attack surface of the application and the container.

    - -

    Remediation

    -

    Reduce `ports` count to 2

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without liveness probe

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-41 -
      • - -
    • Introduced through: - [DocId: 34] - - spec - - template - - spec - - containers[argocd-applicationset-controller] - - livenessProbe - -
      • - -
    • - Line number: 633 -
      • -
    - -
    - -

    Impact

    -

    Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

    - -

    Remediation

    -

    Add `livenessProbe` attribute

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without liveness probe

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-41 -
      • - -
    • Introduced through: - [DocId: 35] - - spec - - template - - spec - - containers[dex] - - livenessProbe - -
      • - -
    • - Line number: 850 -
      • -
    - -
    - -

    Impact

    -

    Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

    - -

    Remediation

    -

    Add `livenessProbe` attribute

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without liveness probe

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-41 -
      • - -
    • Introduced through: - [DocId: 37] - - spec - - template - - spec - - containers[redis] - - livenessProbe - -
      • - -
    • - Line number: 1043 -
      • -
    - -
    - -

    Impact

    -

    Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

    - -

    Remediation

    -

    Add `livenessProbe` attribute

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 34] - - input - - spec - - template - - spec - - containers[argocd-applicationset-controller] - - resources - - limits - - memory - -
      • - -
    • - Line number: 633 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 35] - - input - - spec - - template - - spec - - containers[dex] - - resources - - limits - - memory - -
      • - -
    • - Line number: 850 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 35] - - input - - spec - - template - - spec - - initContainers[copyutil] - - resources - - limits - - memory - -
      • - -
    • - Line number: 884 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 36] - - input - - spec - - template - - spec - - containers[argocd-notifications-controller] - - resources - - limits - - memory - -
      • - -
    • - Line number: 944 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 37] - - input - - spec - - template - - spec - - containers[redis] - - resources - - limits - - memory - -
      • - -
    • - Line number: 1043 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 38] - - input - - spec - - template - - spec - - initContainers[copyutil] - - resources - - limits - - memory - -
      • - -
    • - Line number: 1324 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 38] - - input - - spec - - template - - spec - - containers[argocd-repo-server] - - resources - - limits - - memory - -
      • - -
    • - Line number: 1100 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 39] - - input - - spec - - template - - spec - - containers[argocd-server] - - resources - - limits - - memory - -
      • - -
    • - Line number: 1409 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 40] - - input - - spec - - template - - spec - - containers[argocd-application-controller] - - resources - - limits - - memory - -
      • - -
    • - Line number: 1755 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's or Pod's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 34] - - input - - spec - - template - - spec - - containers[argocd-applicationset-controller] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 774 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's or Pod's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 35] - - input - - spec - - template - - spec - - initContainers[copyutil] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 892 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's or Pod's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 35] - - input - - spec - - template - - spec - - containers[dex] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 867 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's or Pod's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 36] - - input - - spec - - template - - spec - - containers[argocd-notifications-controller] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 977 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's or Pod's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 37] - - input - - spec - - template - - spec - - containers[redis] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 1053 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's or Pod's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 38] - - input - - spec - - template - - spec - - initContainers[copyutil] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 1331 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's or Pod's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 38] - - input - - spec - - template - - spec - - containers[argocd-repo-server] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 1297 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's or Pod's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 39] - - input - - spec - - template - - spec - - containers[argocd-server] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 1665 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's or Pod's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 40] - - input - - spec - - template - - spec - - containers[argocd-application-controller] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 1951 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -
    - -
    - - - diff --git a/docs/snyk/v2.10.9/argocd-test.html b/docs/snyk/v2.10.9/argocd-test.html deleted file mode 100644 index 3f6d212bee664..0000000000000 --- a/docs/snyk/v2.10.9/argocd-test.html +++ /dev/null @@ -1,7066 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    May 5th 2024, 12:20:40 am (UTC+00:00)

    -
    -
    - Scanned the following paths: -
      -
    • /argo-cd/argoproj/argo-cd/v2/go.mod (gomodules)
      • -
    • /argo-cd/ui/yarn.lock (yarn)
      • -
    -
    - -
    -
    14 known vulnerabilities
    -
    306 vulnerable dependency paths
    -
    2040 dependencies
    -
    -
    -
    -
    - -
    -
    -
    -

    Allocation of Resources Without Limits or Throttling

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/net/http2 -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, k8s.io/apimachinery/pkg/util/net@0.26.11 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/soheilhy/cmux@0.1.5 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/transport/spdy@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/pkg/kubeclientmetrics@#d56162821bd1 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/testing@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/azure@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/gcp@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/oidc@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/record@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/clientcmd@0.26.11 - - k8s.io/client-go/tools/auth@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/discovery/fake@0.26.11 - - k8s.io/client-go/testing@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes/fake@0.26.11 - - k8s.io/client-go/testing@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers/apps/v1@0.26.11 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers@0.26.11 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/listers/core/v1@0.26.11 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/remotecommand@0.26.11 - - k8s.io/client-go/transport/spdy@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/api/rbac/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/api/errors@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/common@#792124280fcc - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/api/equality@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/transport/spdy@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/pkg/kubeclientmetrics@#d56162821bd1 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/testing@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/azure@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/gcp@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/oidc@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/reflection@1.59.0 - - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health@1.59.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/cache@#792124280fcc - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync@#792124280fcc - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/utils/kube@#792124280fcc - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - - k8s.io/client-go/listers/core/v1@0.26.11 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - - k8s.io/client-go/tools/clientcmd@0.26.11 - - k8s.io/client-go/tools/auth@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers/core/v1@0.26.11 - - k8s.io/client-go/listers/core/v1@0.26.11 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/cache@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/cache/internal@0.14.7 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/term@0.26.11 - - k8s.io/client-go/tools/remotecommand@0.26.11 - - k8s.io/client-go/transport/spdy@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 - - k8s.io/client-go/tools/leaderelection@0.26.11 - - k8s.io/client-go/tools/leaderelection/resourcelock@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/Azure/kubelogin/pkg/token@0.0.20 - - k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/ignore@#792124280fcc - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#792124280fcc - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/utils/testing@#792124280fcc - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/util/strategicpatch@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/scheme@0.14.7 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/listers/core/v1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/resource@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/health@#792124280fcc - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/util/retry@0.26.11 - - k8s.io/apimachinery/pkg/api/errors@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/util/managedfields@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/tools/pager@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/portforward@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1@0.26.11 - - k8s.io/apimachinery/pkg/api/equality@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/api/validation@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/validation@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/discovery/fake@0.26.11 - - k8s.io/client-go/testing@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes/fake@0.26.11 - - k8s.io/client-go/testing@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/remotecommand@0.26.11 - - k8s.io/client-go/transport/spdy@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/health@#792124280fcc - - github.com/argoproj/gitops-engine/pkg/utils/kube@#792124280fcc - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/common@#792124280fcc - - github.com/argoproj/gitops-engine/pkg/utils/kube@#792124280fcc - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.14.7 - - k8s.io/client-go/restmapper@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/envtest@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/internal/testing/controlplane@0.14.7 - - k8s.io/client-go/tools/clientcmd@0.26.11 - - k8s.io/client-go/tools/auth@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/handler@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/diff@#792124280fcc - - k8s.io/apimachinery/pkg/util/strategicpatch@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/runtime/serializer@0.26.11 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers/core/v1@0.26.11 - - k8s.io/client-go/listers/core/v1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes/scheme@0.26.11 - - k8s.io/api/storage/v1beta1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/record@0.26.11 - - k8s.io/client-go/tools/reference@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/hook@#792124280fcc - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#792124280fcc - - github.com/argoproj/gitops-engine/pkg/sync/common@#792124280fcc - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/tools/pager@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers/apps/v1@0.26.11 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/tools/pager@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers@0.26.11 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/tools/pager@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/term@0.26.11 - - k8s.io/client-go/tools/remotecommand@0.26.11 - - k8s.io/client-go/transport/spdy@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 - - k8s.io/client-go/tools/leaderelection@0.26.11 - - k8s.io/client-go/tools/leaderelection/resourcelock@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - - k8s.io/client-go/listers/core/v1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes@0.26.11 - - k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.26.11 - - k8s.io/client-go/applyconfigurations/storage/v1beta1@0.26.11 - - k8s.io/client-go/applyconfigurations/meta/v1@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/clientcmd@0.26.11 - - k8s.io/client-go/tools/clientcmd/api/latest@0.26.11 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/kubernetes/scheme@0.26.11 - - k8s.io/api/storage/v1beta1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/cache@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/cache/internal@0.14.7 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/tools/pager@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/diff@#792124280fcc - - k8s.io/kubectl/pkg/cmd/util@0.26.11 - - k8s.io/kubectl/pkg/validation@0.26.11 - - k8s.io/cli-runtime/pkg/resource@0.26.11 - - k8s.io/client-go/restmapper@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/hook@#792124280fcc - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#792124280fcc - - github.com/argoproj/gitops-engine/pkg/sync/common@#792124280fcc - - github.com/argoproj/gitops-engine/pkg/utils/kube@#792124280fcc - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#792124280fcc - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#792124280fcc - - github.com/argoproj/gitops-engine/pkg/sync/common@#792124280fcc - - github.com/argoproj/gitops-engine/pkg/utils/kube@#792124280fcc - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/source@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/builder@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/webhook/admission@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 - - k8s.io/client-go/tools/leaderelection@0.26.11 - - k8s.io/client-go/tools/leaderelection/resourcelock@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/builder@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/webhook/conversion@0.14.7 - - k8s.io/apimachinery/pkg/runtime/serializer@0.26.11 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/envtest@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/webhook/conversion@0.14.7 - - k8s.io/apimachinery/pkg/runtime/serializer@0.26.11 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - - k8s.io/client-go/tools/clientcmd@0.26.11 - - k8s.io/client-go/tools/clientcmd/api/latest@0.26.11 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/kubernetes/scheme@0.26.11 - - k8s.io/api/storage/v1beta1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes@0.26.11 - - k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.26.11 - - k8s.io/client-go/kubernetes/scheme@0.26.11 - - k8s.io/api/storage/v1beta1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#792124280fcc - - k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 - - k8s.io/kubernetes/pkg/apis/storage/v1alpha1@1.26.11 - - k8s.io/api/storage/v1alpha1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/handler@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/ignore@#792124280fcc - - github.com/argoproj/gitops-engine/pkg/sync/hook@#792124280fcc - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#792124280fcc - - github.com/argoproj/gitops-engine/pkg/sync/common@#792124280fcc - - github.com/argoproj/gitops-engine/pkg/utils/kube@#792124280fcc - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/controller@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/source@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/manager@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/webhook@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 - - k8s.io/client-go/tools/leaderelection@0.26.11 - - k8s.io/client-go/tools/leaderelection/resourcelock@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/cache@#792124280fcc - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/kubernetes/scheme@0.26.11 - - k8s.io/api/storage/v1beta1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync@#792124280fcc - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/kubernetes/scheme@0.26.11 - - k8s.io/api/storage/v1beta1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/utils/kube@#792124280fcc - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/kubernetes/scheme@0.26.11 - - k8s.io/api/storage/v1beta1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.14.7 - - k8s.io/client-go/restmapper@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/kubernetes/scheme@0.26.11 - - k8s.io/api/storage/v1beta1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/source@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/controller@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/source@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    -

    Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when reading header data from CONTINUATION frames. As part of the HPACK flow, all incoming HEADERS and CONTINUATION frames are read even if their payloads exceed MaxHeaderBytes and will be discarded. An attacker can send excessive data over a connection to render it unresponsive.

    -

    Remediation

    -

    Upgrade golang.org/x/net/http2 to version 0.23.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    LGPL-3.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - gopkg.in/retry.v1 -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/Azure/kubelogin/pkg/token@0.0.20 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/Azure/kubelogin/pkg/token@0.0.20 - - gopkg.in/retry.v1@1.0.3 - - - -
      • -
    - -
    - -
    - -

    LGPL-3.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Infinite loop

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - google.golang.org/protobuf/internal/encoding/json -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/pkg/grpc/http@#d56162821bd1 - - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/reflection@1.59.0 - - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health@1.59.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

    -

    Note:

    -

    This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

    -

    Remediation

    -

    Upgrade google.golang.org/protobuf/internal/encoding/json to version 1.33.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Stack-based Buffer Overflow

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - google.golang.org/protobuf/encoding/protojson -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 - - go.opentelemetry.io/proto/otlp/collector/trace/v1@1.0.0 - - github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.16.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/pkg/grpc/http@#d56162821bd1 - - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2/apierror@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 - - go.opentelemetry.io/proto/otlp/collector/trace/v1@1.0.0 - - github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.16.0 - - google.golang.org/protobuf/types/known/structpb@1.31.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2/apierror@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2/apierror@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/reflection@1.59.0 - - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health@1.59.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2/apierror@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2/apierror@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/reflection@1.59.0 - - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health@1.59.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Stack-based Buffer Overflow when processing input that uses pathologically deep nesting.

    -

    Remediation

    -

    Upgrade google.golang.org/protobuf/encoding/protojson to version 1.32.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Infinite loop

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - google.golang.org/protobuf/encoding/protojson -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 - - go.opentelemetry.io/proto/otlp/collector/trace/v1@1.0.0 - - github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.16.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/pkg/grpc/http@#d56162821bd1 - - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2/apierror@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 - - go.opentelemetry.io/proto/otlp/collector/trace/v1@1.0.0 - - github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.16.0 - - google.golang.org/protobuf/types/known/structpb@1.31.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2/apierror@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2/apierror@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/reflection@1.59.0 - - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health@1.59.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2/apierror@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2/apierror@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/reflection@1.59.0 - - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health@1.59.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

    -

    Note:

    -

    This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

    -

    Remediation

    -

    Upgrade google.golang.org/protobuf/encoding/protojson to version 1.33.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Authentication Bypass by Capture-replay

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/crypto/ssh -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and golang.org/x/crypto/ssh@0.16.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - golang.org/x/crypto/ssh@0.16.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - golang.org/x/crypto/ssh/knownhosts@0.16.0 - - golang.org/x/crypto/ssh@0.16.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - golang.org/x/crypto/ssh@0.16.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - github.com/skeema/knownhosts@1.2.2 - - golang.org/x/crypto/ssh@0.16.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - golang.org/x/crypto/ssh@0.16.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - github.com/skeema/knownhosts@1.2.2 - - golang.org/x/crypto/ssh/knownhosts@0.16.0 - - golang.org/x/crypto/ssh@0.16.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - github.com/skeema/knownhosts@1.2.2 - - golang.org/x/crypto/ssh@0.16.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - github.com/xanzy/ssh-agent@0.3.3 - - golang.org/x/crypto/ssh/agent@0.16.0 - - golang.org/x/crypto/ssh@0.16.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-git/go-git/v5@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - golang.org/x/crypto/ssh@0.16.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - github.com/skeema/knownhosts@1.2.2 - - golang.org/x/crypto/ssh/knownhosts@0.16.0 - - golang.org/x/crypto/ssh@0.16.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-git/go-git/v5@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - github.com/skeema/knownhosts@1.2.2 - - golang.org/x/crypto/ssh@0.16.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - github.com/xanzy/ssh-agent@0.3.3 - - golang.org/x/crypto/ssh/agent@0.16.0 - - golang.org/x/crypto/ssh@0.16.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-git/go-git/v5@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - github.com/skeema/knownhosts@1.2.2 - - golang.org/x/crypto/ssh/knownhosts@0.16.0 - - golang.org/x/crypto/ssh@0.16.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-git/go-git/v5@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - github.com/xanzy/ssh-agent@0.3.3 - - golang.org/x/crypto/ssh/agent@0.16.0 - - golang.org/x/crypto/ssh@0.16.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    golang.org/x/crypto/ssh is a SSH client and server

    -

    Affected versions of this package are vulnerable to Authentication Bypass by Capture-replay during the establishment of the secure channel. An attacker can manipulate handshake sequence numbers to delete messages sent immediately after the channel is established.

    -

    Note:

    -
      -

    1. Sequence numbers are only validated once the channel is established and arbitrary messages are allowed during the handshake, allowing them to manipulate the sequence numbers.

      -
      2. -

    2. The potential consequences of the general Terrapin attack are dependent on the messages exchanged after the handshake concludes. If you are using a custom SSH service and do not resort to the authentication protocol, you should check that dropping the first few messages of a connection does not yield security risks.

      -
      3. -
    -

    Impact:

    -

    While cryptographically novel, there is no discernable impact on the integrity of SSH traffic beyond giving the attacker the ability to delete the message that enables some features related to keystroke timing obfuscation. To successfully carry out the exploitation, the connection needs to be protected using either the ChaCha20-Poly1305 or CBC with Encrypt-then-MAC encryption methods. The attacker must also be able to intercept and modify the connection's traffic.

    -

    Workaround

    -

    Temporarily disable the affected chacha20-poly1305@openssh.com encryption and *-etm@openssh.com MAC algorithms in the affected configuration, and use unaffected algorithms like AES-GCM instead.

    -

    Remediation

    -

    Upgrade golang.org/x/crypto/ssh to version 0.17.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Regular Expression Denial of Service (ReDoS)

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - github.com/whilp/git-urls -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/whilp/git-urls@1.0.2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/whilp/git-urls@1.0.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/whilp/git-urls@1.0.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/whilp/git-urls@1.0.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/whilp/git-urls@1.0.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/whilp/git-urls@1.0.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/whilp/git-urls@1.0.2 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    github.com/whilp/git-urls is a Git URLs parser

    -

    Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression in scpSyntax. Exploiting this vulnerability is possible when a long input is provided inside the directory path of the git URL.

    -

    Note: - This vulnerability has existed since commit 4a18977c6eecbf4ce0ca1e486e9ba77072ba4395.

    -

    PoC

    - 
    
-        var payload = strings.Repeat("////", 19000000) //payload used, the number can be tweaked to cause 7 second delay
-        malicious_url := "6en6ar@-:0////" + payload + "\"
-        begin := time.Now()
-        //u, err := giturls.ParseScp("remote_username@10.10.0.2:/remote/directory")// normal git url
-        _, err := giturls.ParseScp(malicious_url)
-        if err != nil {
-        fmt.Errorf("[ - ] Error ->" + err.Error())
-        }
-        //fmt.Println("[ + ] Url --> " + u.Host)
-        elapse := time.Since(begin)
-        fmt.Printf("Function took %s", elapse)
-
    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.

    -

    The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.

    -

    Let’s take the following regular expression as an example:

    - 
    regex = /A(B|C+)+D/
-
    -

    This regular expression accomplishes the following:

    -
      -
    • A The string must start with the letter 'A'
      • -
    • (B|C+)+ The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the + matches one or more times). The + at the end of this section states that we can look for one or more matches of this section.
      • -
    • D Finally, we ensure this section of the string ends with a 'D'
      • -
    -

    The expression would match inputs such as ABBD, ABCCCCD, ABCBCCCD and ACCCCCD

    -

    It most cases, it doesn't take very long for a regex engine to find a match:

    - 
    $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD")'
-        0.04s user 0.01s system 95% cpu 0.052 total
-        
-        $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX")'
-        1.79s user 0.02s system 99% cpu 1.812 total
-
    -

    The entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.

    -

    Most Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as catastrophic backtracking.

    -

    Let's look at how our expression runs into this problem, using a shorter string: "ACCCX". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:

    -
      -
    1. CCC
      2. -
    2. CC+C
      3. -
    3. C+CC
      4. -
    4. C+C+C.
      5. -
    -

    The engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use RegEx 101 debugger to see the engine has to take a total of 38 steps before it can determine the string doesn't match.

    -

    From there, the number of steps the engine must use to validate a string just continues to grow.

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    StringNumber of C'sNumber of steps
    ACCCX338
    ACCCCX471
    ACCCCCX5136
    ACCCCCCCCCCCCCCX1465,553
    -

    By the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.

    -

    Remediation

    -

    There is no fixed version for github.com/whilp/git-urls.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/r3labs/diff -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/r3labs/diff@1.1.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/r3labs/diff@1.1.0 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-version -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, code.gitea.io/sdk/gitea@0.15.1 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - code.gitea.io/sdk/gitea@0.15.1 - - github.com/hashicorp/go-version@1.2.1 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-retryablehttp -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/hashicorp/go-retryablehttp@0.7.4 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/xanzy/go-gitlab@0.91.1 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-cleanhttp -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/hashicorp/go-retryablehttp@0.7.4 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/xanzy/go-gitlab@0.91.1 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/xanzy/go-gitlab@0.91.1 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/gosimple/slug -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/gosimple/slug@1.13.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/gosimple/slug@1.13.1 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Handling of Highly Compressed Data (Data Amplification)

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - github.com/go-jose/go-jose/v3 -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/go-jose/go-jose/v3@3.0.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-jose/go-jose/v3@3.0.1 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/coreos/go-oidc/v3/oidc@3.6.0 - - github.com/go-jose/go-jose/v3@3.0.1 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data (Data Amplification). An attacker could send a JWE containing compressed data that, when decompressed by Decrypt or DecryptMulti, would use large amounts of memory and CPU.

    -

    Remediation

    -

    Upgrade github.com/go-jose/go-jose/v3 to version 3.0.3 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Template Injection

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd ui/yarn.lock -
      • -
    • - Package Manager: npm -
      • -
    • - Vulnerable module: - - dompurify -
      • - -
    • Introduced through: - - - argo-cd-ui@1.0.0, redoc@2.0.0-rc.64 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - argo-cd-ui@1.0.0 - - redoc@2.0.0-rc.64 - - dompurify@2.3.6 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG.

    -

    Affected versions of this package are vulnerable to Template Injection in purify.js, due to inconsistencies in the parsing of XML and HTML tags. Executable code can be injected in HTML inside XML CDATA blocks.

    -

    PoC

    - 
    <![CDATA[ ><img src onerror=alert(1)> ]]>
-
    -

    Remediation

    -

    Upgrade dompurify to version 2.4.9, 3.0.11 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -
    -
    - - - diff --git a/docs/snyk/v2.10.9/redis_7.0.15-alpine.html b/docs/snyk/v2.10.9/redis_7.0.15-alpine.html deleted file mode 100644 index f910d7c9eaafa..0000000000000 --- a/docs/snyk/v2.10.9/redis_7.0.15-alpine.html +++ /dev/null @@ -1,659 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    May 5th 2024, 12:21:16 am (UTC+00:00)

    -
    -
    - Scanned the following paths: -
      -
    • redis:7.0.15-alpine (apk)
      • -
    • redis:7.0.15-alpine/tianon/gosu//usr/local/bin/gosu (gomodules)
      • -
    -
    - -
    -
    1 known vulnerabilities
    -
    9 vulnerable dependency paths
    -
    19 dependencies
    -
    -
    -
    -
    - -
    -
    -
    -

    CVE-2024-2511

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.19 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|redis@7.0.15-alpine and openssl/libcrypto3@3.1.4-r5 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - openssl/libcrypto3@3.1.4-r5 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - .redis-rundeps@20240315.235535 - - openssl/libcrypto3@3.1.4-r5 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libcrypto3@3.1.4-r5 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - busybox/ssl_client@1.36.1-r15 - - openssl/libcrypto3@3.1.4-r5 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - .redis-rundeps@20240315.235535 - - openssl/libssl3@3.1.4-r5 - - openssl/libcrypto3@3.1.4-r5 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - openssl/libssl3@3.1.4-r5 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - .redis-rundeps@20240315.235535 - - openssl/libssl3@3.1.4-r5 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r5 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - busybox/ssl_client@1.36.1-r15 - - openssl/libssl3@3.1.4-r5 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

    -

    Issue summary: Some non-default TLS server configurations can cause unbounded - memory growth when processing TLSv1.3 sessions

    -

    Impact summary: An attacker may exploit certain server configurations to trigger - unbounded memory growth that would lead to a Denial of Service

    -

    This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is - being used (but not if early_data support is also configured and the default - anti-replay protection is in use). In this case, under certain conditions, the - session cache can get into an incorrect state and it will fail to flush properly - as it fills. The session cache will continue to grow in an unbounded manner. A - malicious client could deliberately create the scenario for this failure to - force a Denial of Service. It may also happen by accident in normal operation.

    -

    This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS - clients.

    -

    The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL - 1.0.2 is also not affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.19 openssl to version 3.1.4-r6 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -
    -
    - - - diff --git a/docs/snyk/v2.11.0-rc3/argocd-test.html b/docs/snyk/v2.11.0-rc3/argocd-test.html deleted file mode 100644 index 166d4809e425b..0000000000000 --- a/docs/snyk/v2.11.0-rc3/argocd-test.html +++ /dev/null @@ -1,6476 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    May 5th 2024, 12:18:17 am (UTC+00:00)

    -
    -
    - Scanned the following paths: -
      -
    • /argo-cd/argoproj/argo-cd/v2/go.mod (gomodules)
      • -
    • /argo-cd/ui/yarn.lock (yarn)
      • -
    -
    - -
    -
    11 known vulnerabilities
    -
    284 vulnerable dependency paths
    -
    2039 dependencies
    -
    -
    -
    -
    - -
    -
    -
    -

    Allocation of Resources Without Limits or Throttling

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/net/http2 -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, k8s.io/apimachinery/pkg/util/net@0.26.11 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/soheilhy/cmux@0.1.5 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/transport/spdy@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/pkg/kubeclientmetrics@#d56162821bd1 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/testing@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/azure@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/gcp@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/oidc@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/record@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/clientcmd@0.26.11 - - k8s.io/client-go/tools/auth@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/discovery/fake@0.26.11 - - k8s.io/client-go/testing@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes/fake@0.26.11 - - k8s.io/client-go/testing@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers/apps/v1@0.26.11 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers@0.26.11 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/listers/core/v1@0.26.11 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/remotecommand@0.26.11 - - k8s.io/client-go/transport/spdy@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/api/rbac/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/api/errors@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/common@#5fd9f449e757 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/api/equality@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/transport/spdy@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/pkg/kubeclientmetrics@#d56162821bd1 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/testing@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/azure@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/gcp@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/oidc@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/reflection@1.59.0 - - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health@1.59.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/cache@#5fd9f449e757 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync@#5fd9f449e757 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/utils/kube@#5fd9f449e757 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 - - k8s.io/client-go/listers/core/v1@0.26.11 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 - - k8s.io/client-go/tools/clientcmd@0.26.11 - - k8s.io/client-go/tools/auth@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers/core/v1@0.26.11 - - k8s.io/client-go/listers/core/v1@0.26.11 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/cache@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/cache/internal@0.14.7 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/term@0.26.11 - - k8s.io/client-go/tools/remotecommand@0.26.11 - - k8s.io/client-go/transport/spdy@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 - - k8s.io/client-go/tools/leaderelection@0.26.11 - - k8s.io/client-go/tools/leaderelection/resourcelock@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/Azure/kubelogin/pkg/token@0.0.20 - - k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/ignore@#5fd9f449e757 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#5fd9f449e757 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/utils/testing@#5fd9f449e757 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/util/strategicpatch@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/scheme@0.14.7 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/listers/core/v1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/resource@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/health@#5fd9f449e757 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/util/retry@0.26.11 - - k8s.io/apimachinery/pkg/api/errors@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/util/managedfields@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/tools/pager@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/portforward@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1@0.26.11 - - k8s.io/apimachinery/pkg/api/equality@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/api/validation@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/validation@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/discovery/fake@0.26.11 - - k8s.io/client-go/testing@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes/fake@0.26.11 - - k8s.io/client-go/testing@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/remotecommand@0.26.11 - - k8s.io/client-go/transport/spdy@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/health@#5fd9f449e757 - - github.com/argoproj/gitops-engine/pkg/utils/kube@#5fd9f449e757 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/common@#5fd9f449e757 - - github.com/argoproj/gitops-engine/pkg/utils/kube@#5fd9f449e757 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.14.7 - - k8s.io/client-go/restmapper@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/envtest@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/internal/testing/controlplane@0.14.7 - - k8s.io/client-go/tools/clientcmd@0.26.11 - - k8s.io/client-go/tools/auth@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/handler@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/diff@#5fd9f449e757 - - k8s.io/apimachinery/pkg/util/strategicpatch@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/runtime/serializer@0.26.11 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers/core/v1@0.26.11 - - k8s.io/client-go/listers/core/v1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes/scheme@0.26.11 - - k8s.io/api/storage/v1beta1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/record@0.26.11 - - k8s.io/client-go/tools/reference@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/hook@#5fd9f449e757 - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#5fd9f449e757 - - github.com/argoproj/gitops-engine/pkg/sync/common@#5fd9f449e757 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/tools/pager@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers/apps/v1@0.26.11 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/tools/pager@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers@0.26.11 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/tools/pager@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/term@0.26.11 - - k8s.io/client-go/tools/remotecommand@0.26.11 - - k8s.io/client-go/transport/spdy@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 - - k8s.io/client-go/tools/leaderelection@0.26.11 - - k8s.io/client-go/tools/leaderelection/resourcelock@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 - - k8s.io/client-go/listers/core/v1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes@0.26.11 - - k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.26.11 - - k8s.io/client-go/applyconfigurations/storage/v1beta1@0.26.11 - - k8s.io/client-go/applyconfigurations/meta/v1@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/clientcmd@0.26.11 - - k8s.io/client-go/tools/clientcmd/api/latest@0.26.11 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/kubernetes/scheme@0.26.11 - - k8s.io/api/storage/v1beta1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/cache@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/cache/internal@0.14.7 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/tools/pager@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/diff@#5fd9f449e757 - - k8s.io/kubectl/pkg/cmd/util@0.26.11 - - k8s.io/kubectl/pkg/validation@0.26.11 - - k8s.io/cli-runtime/pkg/resource@0.26.11 - - k8s.io/client-go/restmapper@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/hook@#5fd9f449e757 - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#5fd9f449e757 - - github.com/argoproj/gitops-engine/pkg/sync/common@#5fd9f449e757 - - github.com/argoproj/gitops-engine/pkg/utils/kube@#5fd9f449e757 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#5fd9f449e757 - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#5fd9f449e757 - - github.com/argoproj/gitops-engine/pkg/sync/common@#5fd9f449e757 - - github.com/argoproj/gitops-engine/pkg/utils/kube@#5fd9f449e757 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/source@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/builder@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/webhook/admission@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 - - k8s.io/client-go/tools/leaderelection@0.26.11 - - k8s.io/client-go/tools/leaderelection/resourcelock@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/builder@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/webhook/conversion@0.14.7 - - k8s.io/apimachinery/pkg/runtime/serializer@0.26.11 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/envtest@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/webhook/conversion@0.14.7 - - k8s.io/apimachinery/pkg/runtime/serializer@0.26.11 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 - - k8s.io/client-go/tools/clientcmd@0.26.11 - - k8s.io/client-go/tools/clientcmd/api/latest@0.26.11 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/kubernetes/scheme@0.26.11 - - k8s.io/api/storage/v1beta1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes@0.26.11 - - k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.26.11 - - k8s.io/client-go/kubernetes/scheme@0.26.11 - - k8s.io/api/storage/v1beta1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#5fd9f449e757 - - k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 - - k8s.io/kubernetes/pkg/apis/storage/v1alpha1@1.26.11 - - k8s.io/api/storage/v1alpha1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/handler@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/ignore@#5fd9f449e757 - - github.com/argoproj/gitops-engine/pkg/sync/hook@#5fd9f449e757 - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#5fd9f449e757 - - github.com/argoproj/gitops-engine/pkg/sync/common@#5fd9f449e757 - - github.com/argoproj/gitops-engine/pkg/utils/kube@#5fd9f449e757 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/controller@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/source@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/manager@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/webhook@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 - - k8s.io/client-go/tools/leaderelection@0.26.11 - - k8s.io/client-go/tools/leaderelection/resourcelock@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/cache@#5fd9f449e757 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/kubernetes/scheme@0.26.11 - - k8s.io/api/storage/v1beta1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync@#5fd9f449e757 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/kubernetes/scheme@0.26.11 - - k8s.io/api/storage/v1beta1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/utils/kube@#5fd9f449e757 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/kubernetes/scheme@0.26.11 - - k8s.io/api/storage/v1beta1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.14.7 - - k8s.io/client-go/restmapper@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/kubernetes/scheme@0.26.11 - - k8s.io/api/storage/v1beta1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/source@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/controller@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/source@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    -

    Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when reading header data from CONTINUATION frames. As part of the HPACK flow, all incoming HEADERS and CONTINUATION frames are read even if their payloads exceed MaxHeaderBytes and will be discarded. An attacker can send excessive data over a connection to render it unresponsive.

    -

    Remediation

    -

    Upgrade golang.org/x/net/http2 to version 0.23.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    LGPL-3.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - gopkg.in/retry.v1 -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/Azure/kubelogin/pkg/token@0.0.20 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/Azure/kubelogin/pkg/token@0.0.20 - - gopkg.in/retry.v1@1.0.3 - - - -
      • -
    - -
    - -
    - -

    LGPL-3.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Infinite loop

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - google.golang.org/protobuf/internal/encoding/json -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/pkg/grpc/http@#d56162821bd1 - - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/reflection@1.59.0 - - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health@1.59.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

    -

    Note:

    -

    This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

    -

    Remediation

    -

    Upgrade google.golang.org/protobuf/internal/encoding/json to version 1.33.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Stack-based Buffer Overflow

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - google.golang.org/protobuf/encoding/protojson -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 - - go.opentelemetry.io/proto/otlp/collector/trace/v1@1.0.0 - - github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.16.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/pkg/grpc/http@#d56162821bd1 - - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2/apierror@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 - - go.opentelemetry.io/proto/otlp/collector/trace/v1@1.0.0 - - github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.16.0 - - google.golang.org/protobuf/types/known/structpb@1.31.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2/apierror@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2/apierror@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/reflection@1.59.0 - - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health@1.59.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2/apierror@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2/apierror@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/reflection@1.59.0 - - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health@1.59.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Stack-based Buffer Overflow when processing input that uses pathologically deep nesting.

    -

    Remediation

    -

    Upgrade google.golang.org/protobuf/encoding/protojson to version 1.32.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Infinite loop

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - google.golang.org/protobuf/encoding/protojson -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 - - go.opentelemetry.io/proto/otlp/collector/trace/v1@1.0.0 - - github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.16.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/pkg/grpc/http@#d56162821bd1 - - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2/apierror@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 - - go.opentelemetry.io/proto/otlp/collector/trace/v1@1.0.0 - - github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.16.0 - - google.golang.org/protobuf/types/known/structpb@1.31.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2/apierror@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2/apierror@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/reflection@1.59.0 - - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health@1.59.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2/apierror@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2/apierror@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/reflection@1.59.0 - - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health@1.59.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

    -

    Note:

    -

    This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

    -

    Remediation

    -

    Upgrade google.golang.org/protobuf/encoding/protojson to version 1.33.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/r3labs/diff -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/r3labs/diff@1.1.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/r3labs/diff@1.1.0 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-version -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, code.gitea.io/sdk/gitea@0.15.1 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - code.gitea.io/sdk/gitea@0.15.1 - - github.com/hashicorp/go-version@1.2.1 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-retryablehttp -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/hashicorp/go-retryablehttp@0.7.4 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/xanzy/go-gitlab@0.91.1 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-cleanhttp -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/hashicorp/go-retryablehttp@0.7.4 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/xanzy/go-gitlab@0.91.1 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/xanzy/go-gitlab@0.91.1 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/gosimple/slug -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/gosimple/slug@1.13.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/gosimple/slug@1.13.1 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Template Injection

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd ui/yarn.lock -
      • -
    • - Package Manager: npm -
      • -
    • - Vulnerable module: - - dompurify -
      • - -
    • Introduced through: - - - argo-cd-ui@1.0.0, redoc@2.0.0-rc.64 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - argo-cd-ui@1.0.0 - - redoc@2.0.0-rc.64 - - dompurify@2.3.6 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG.

    -

    Affected versions of this package are vulnerable to Template Injection in purify.js, due to inconsistencies in the parsing of XML and HTML tags. Executable code can be injected in HTML inside XML CDATA blocks.

    -

    PoC

    - 
    <![CDATA[ ><img src onerror=alert(1)> ]]>
-
    -

    Remediation

    -

    Upgrade dompurify to version 2.4.9, 3.0.11 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -
    -
    - - - diff --git a/docs/snyk/v2.11.0-rc3/ghcr.io_dexidp_dex_v2.38.0.html b/docs/snyk/v2.11.0-rc3/ghcr.io_dexidp_dex_v2.38.0.html deleted file mode 100644 index a75d20b2773b7..0000000000000 --- a/docs/snyk/v2.11.0-rc3/ghcr.io_dexidp_dex_v2.38.0.html +++ /dev/null @@ -1,2827 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    May 5th 2024, 12:18:24 am (UTC+00:00)

    -
    -
    - Scanned the following paths: -
      -
    • ghcr.io/dexidp/dex:v2.38.0/dexidp/dex (apk)
      • -
    • ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3//usr/local/bin/gomplate (gomodules)
      • -
    • ghcr.io/dexidp/dex:v2.38.0/dexidp/dex//usr/local/bin/docker-entrypoint (gomodules)
      • -
    • ghcr.io/dexidp/dex:v2.38.0/dexidp/dex//usr/local/bin/dex (gomodules)
      • -
    -
    - -
    -
    29 known vulnerabilities
    -
    71 vulnerable dependency paths
    -
    829 dependencies
    -
    -
    -
    -
    - -
    -
    -
    -

    Allocation of Resources Without Limits or Throttling

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/net/http2 -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and golang.org/x/net/http2@v0.19.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - golang.org/x/net/http2@v0.19.0 - - - -
      • -
    • - Introduced through: - github.com/dexidp/dex@* - - golang.org/x/net/http2@v0.20.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    -

    Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when reading header data from CONTINUATION frames. As part of the HPACK flow, all incoming HEADERS and CONTINUATION frames are read even if their payloads exceed MaxHeaderBytes and will be discarded. An attacker can send excessive data over a connection to render it unresponsive.

    -

    Remediation

    -

    Upgrade golang.org/x/net/http2 to version 0.23.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Out-of-bounds Write

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.19 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.38.0 and openssl/libcrypto3@3.1.4-r2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/ssl_client@1.36.1-r15 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r2 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/ssl_client@1.36.1-r15 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

    -

    Issue summary: The POLY1305 MAC (message authentication code) implementation - contains a bug that might corrupt the internal state of applications running - on PowerPC CPU based platforms if the CPU provides vector instructions.

    -

    Impact summary: If an attacker can influence whether the POLY1305 MAC - algorithm is used, the application state might be corrupted with various - application dependent consequences.

    -

    The POLY1305 MAC (message authentication code) implementation in OpenSSL for - PowerPC CPUs restores the contents of vector registers in a different order - than they are saved. Thus the contents of some of these vector registers - are corrupted when returning to the caller. The vulnerable code is used only - on newer PowerPC processors supporting the PowerISA 2.07 instructions.

    -

    The consequences of this kind of internal application state corruption can - be various - from no consequences, if the calling application does not - depend on the contents of non-volatile XMM registers at all, to the worst - consequences, where the attacker could get complete control of the application - process. However unless the compiler uses the vector registers for storing - pointers, the most likely consequence, if any, would be an incorrect result - of some application dependent calculations or a crash leading to a denial of - service.

    -

    The POLY1305 MAC algorithm is most frequently used as part of the - CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) - algorithm. The most common usage of this AEAD cipher is with TLS protocol - versions 1.2 and 1.3. If this cipher is enabled on the server a malicious - client can influence whether this AEAD cipher is used. This implies that - TLS server applications using OpenSSL can be potentially impacted. However - we are currently not aware of any concrete application that would be affected - by this issue therefore we consider this a Low severity security issue.

    -

    Remediation

    -

    Upgrade Alpine:3.19 openssl to version 3.1.4-r3 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2024-0727

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.19 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.38.0 and openssl/libcrypto3@3.1.4-r2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/ssl_client@1.36.1-r15 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r2 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/ssl_client@1.36.1-r15 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

    -

    Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL - to crash leading to a potential Denial of Service attack

    -

    Impact summary: Applications loading files in the PKCS12 format from untrusted - sources might terminate abruptly.

    -

    A file in PKCS12 format can contain certificates and keys and may come from an - untrusted source. The PKCS12 specification allows certain fields to be NULL, but - OpenSSL does not correctly check for this case. This can lead to a NULL pointer - dereference that results in OpenSSL crashing. If an application processes PKCS12 - files from an untrusted source using the OpenSSL APIs then that application will - be vulnerable to this issue.

    -

    OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), - PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() - and PKCS12_newpass().

    -

    We have also fixed a similar issue in SMIME_write_PKCS7(). However since this - function is related to writing data we do not consider it security significant.

    -

    The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.19 openssl to version 3.1.4-r5 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Infinite loop

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - google.golang.org/protobuf/internal/encoding/json -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and google.golang.org/protobuf/internal/encoding/json@v1.31.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - google.golang.org/protobuf/internal/encoding/json@v1.31.0 - - - -
      • -
    • - Introduced through: - github.com/dexidp/dex@* - - google.golang.org/protobuf/internal/encoding/json@v1.32.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

    -

    Note:

    -

    This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

    -

    Remediation

    -

    Upgrade google.golang.org/protobuf/internal/encoding/json to version 1.33.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Stack-based Buffer Overflow

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - google.golang.org/protobuf/encoding/protojson -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and google.golang.org/protobuf/encoding/protojson@v1.31.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - google.golang.org/protobuf/encoding/protojson@v1.31.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Stack-based Buffer Overflow when processing input that uses pathologically deep nesting.

    -

    Remediation

    -

    Upgrade google.golang.org/protobuf/encoding/protojson to version 1.32.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Infinite loop

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - google.golang.org/protobuf/encoding/protojson -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and google.golang.org/protobuf/encoding/protojson@v1.31.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - google.golang.org/protobuf/encoding/protojson@v1.31.0 - - - -
      • -
    • - Introduced through: - github.com/dexidp/dex@* - - google.golang.org/protobuf/encoding/protojson@v1.32.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

    -

    Note:

    -

    This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

    -

    Remediation

    -

    Upgrade google.golang.org/protobuf/encoding/protojson to version 1.33.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/vault/sdk/helper/certutil -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/vault/sdk/helper/certutil@v0.5.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/vault/sdk/helper/certutil@v0.5.0 - - - -
      • -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/vault/sdk/helper/compressutil@v0.5.0 - - - -
      • -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/vault/sdk/helper/jsonutil@v0.5.0 - - - -
      • -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/vault/sdk/helper/pluginutil@v0.5.0 - - - -
      • -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/vault/sdk/helper/strutil@v0.5.0 - - - -
      • -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/vault/sdk/logical@v0.5.0 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/vault/api -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/vault/api@v1.6.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/vault/api@v1.6.0 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/serf/coordinate -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/serf/coordinate@v0.9.7 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/serf/coordinate@v0.9.7 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/dexidp/dex /usr/local/bin/dex -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/hcl/v2 -
      • - -
    • Introduced through: - - github.com/dexidp/dex@* and github.com/hashicorp/hcl/v2@v2.13.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/dexidp/dex@* - - github.com/hashicorp/hcl/v2@v2.13.0 - - - -
      • -
    • - Introduced through: - github.com/dexidp/dex@* - - github.com/hashicorp/hcl/v2/ext/customdecode@v2.13.0 - - - -
      • -
    • - Introduced through: - github.com/dexidp/dex@* - - github.com/hashicorp/hcl/v2/ext/tryfunc@v2.13.0 - - - -
      • -
    • - Introduced through: - github.com/dexidp/dex@* - - github.com/hashicorp/hcl/v2/gohcl@v2.13.0 - - - -
      • -
    • - Introduced through: - github.com/dexidp/dex@* - - github.com/hashicorp/hcl/v2/hclparse@v2.13.0 - - - -
      • -
    • - Introduced through: - github.com/dexidp/dex@* - - github.com/hashicorp/hcl/v2/hclsyntax@v2.13.0 - - - -
      • -
    • - Introduced through: - github.com/dexidp/dex@* - - github.com/hashicorp/hcl/v2/hclwrite@v2.13.0 - - - -
      • -
    • - Introduced through: - github.com/dexidp/dex@* - - github.com/hashicorp/hcl/v2/json@v2.13.0 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/hcl -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/hcl@v1.0.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/hcl@v1.0.0 - - - -
      • -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/hcl/hcl/token@v1.0.0 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/golang-lru/simplelru -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/golang-lru/simplelru@v0.5.4 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/golang-lru/simplelru@v0.5.4 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-version -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-version@v1.5.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/go-version@v1.5.0 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-sockaddr -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-sockaddr@v1.0.2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/go-sockaddr@v1.0.2 - - - -
      • -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/go-sockaddr/template@v1.0.2 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-secure-stdlib/strutil -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-secure-stdlib/strutil@v0.1.2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/go-secure-stdlib/strutil@v0.1.2 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-secure-stdlib/parseutil -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-secure-stdlib/parseutil@v0.1.5 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/go-secure-stdlib/parseutil@v0.1.5 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-secure-stdlib/mlock -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-secure-stdlib/mlock@v0.1.2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/go-secure-stdlib/mlock@v0.1.2 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-rootcerts -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-rootcerts@v1.0.2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/go-rootcerts@v1.0.2 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-retryablehttp -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-retryablehttp@v0.7.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/go-retryablehttp@v0.7.1 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-plugin -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-plugin@v1.4.4 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/go-plugin@v1.4.4 - - - -
      • -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/go-plugin/internal/plugin@v1.4.4 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-immutable-radix -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-immutable-radix@v1.3.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/go-immutable-radix@v1.3.1 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-cleanhttp -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-cleanhttp@v0.5.2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/go-cleanhttp@v0.5.2 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/errwrap -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/errwrap@v1.1.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/errwrap@v1.1.0 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/consul/api -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/consul/api@v1.13.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/consul/api@v1.13.0 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/gosimple/slug -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/gosimple/slug@v1.12.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/gosimple/slug@v1.12.0 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/dexidp/dex /usr/local/bin/dex -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/go-sql-driver/mysql -
      • - -
    • Introduced through: - - github.com/dexidp/dex@* and github.com/go-sql-driver/mysql@v1.7.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/dexidp/dex@* - - github.com/go-sql-driver/mysql@v1.7.1 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Handling of Highly Compressed Data (Data Amplification)

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/dexidp/dex /usr/local/bin/dex -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - github.com/go-jose/go-jose/v3 -
      • - -
    • Introduced through: - - github.com/dexidp/dex@* and github.com/go-jose/go-jose/v3@v3.0.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/dexidp/dex@* - - github.com/go-jose/go-jose/v3@v3.0.1 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data (Data Amplification). An attacker could send a JWE containing compressed data that, when decompressed by Decrypt or DecryptMulti, would use large amounts of memory and CPU.

    -

    Remediation

    -

    Upgrade github.com/go-jose/go-jose/v3 to version 3.0.3 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2023-6237

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.19 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.38.0 and openssl/libcrypto3@3.1.4-r2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/ssl_client@1.36.1-r15 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r2 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/ssl_client@1.36.1-r15 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

    -

    Issue summary: Checking excessively long invalid RSA public keys may take - a long time.

    -

    Impact summary: Applications that use the function EVP_PKEY_public_check() - to check RSA public keys may experience long delays. Where the key that - is being checked has been obtained from an untrusted source this may lead - to a Denial of Service.

    -

    When function EVP_PKEY_public_check() is called on RSA public keys, - a computation is done to confirm that the RSA modulus, n, is composite. - For valid RSA keys, n is a product of two or more large primes and this - computation completes quickly. However, if n is an overly large prime, - then this computation would take a long time.

    -

    An application that calls EVP_PKEY_public_check() and supplies an RSA key - obtained from an untrusted source could be vulnerable to a Denial of Service - attack.

    -

    The function EVP_PKEY_public_check() is not called from other OpenSSL - functions however it is called from the OpenSSL pkey command line - application. For that reason that application is also vulnerable if used - with the '-pubin' and '-check' options on untrusted data.

    -

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    -

    The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.19 openssl to version 3.1.4-r4 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2024-2511

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.19 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.38.0 and openssl/libcrypto3@3.1.4-r2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/ssl_client@1.36.1-r15 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r2 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/ssl_client@1.36.1-r15 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

    -

    Issue summary: Some non-default TLS server configurations can cause unbounded - memory growth when processing TLSv1.3 sessions

    -

    Impact summary: An attacker may exploit certain server configurations to trigger - unbounded memory growth that would lead to a Denial of Service

    -

    This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is - being used (but not if early_data support is also configured and the default - anti-replay protection is in use). In this case, under certain conditions, the - session cache can get into an incorrect state and it will fail to flush properly - as it fills. The session cache will continue to grow in an unbounded manner. A - malicious client could deliberately create the scenario for this failure to - force a Denial of Service. It may also happen by accident in normal operation.

    -

    This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS - clients.

    -

    The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL - 1.0.2 is also not affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.19 openssl to version 3.1.4-r6 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -
    -
    - - - diff --git a/docs/snyk/v2.11.0-rc3/quay.io_argoproj_argocd_v2.11.0-rc3.html b/docs/snyk/v2.11.0-rc3/quay.io_argoproj_argocd_v2.11.0-rc3.html deleted file mode 100644 index 049a698fdee3c..0000000000000 --- a/docs/snyk/v2.11.0-rc3/quay.io_argoproj_argocd_v2.11.0-rc3.html +++ /dev/null @@ -1,4230 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    May 5th 2024, 12:18:53 am (UTC+00:00)

    -
    -
    - Scanned the following paths: -
      -
    • quay.io/argoproj/argocd:v2.11.0-rc3/argoproj/argocd/Dockerfile (deb)
      • -
    • quay.io/argoproj/argocd:v2.11.0-rc3/argoproj/argo-cd/v2//usr/local/bin/argocd (gomodules)
      • -
    • quay.io/argoproj/argocd:v2.11.0-rc3//usr/local/bin/kustomize (gomodules)
      • -
    • quay.io/argoproj/argocd:v2.11.0-rc3/helm/v3//usr/local/bin/helm (gomodules)
      • -
    • quay.io/argoproj/argocd:v2.11.0-rc3/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)
      • -
    -
    - -
    -
    30 known vulnerabilities
    -
    164 vulnerable dependency paths
    -
    2277 dependencies
    -
    -
    -
    -
    - -
    -
    -
    -

    Allocation of Resources Without Limits or Throttling

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc3/argoproj/argo-cd/v2 /usr/local/bin/argocd -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/net/http2 -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and golang.org/x/net/http2@v0.19.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - golang.org/x/net/http2@v0.19.0 - - - -
      • -
    • - Introduced through: - helm.sh/helm/v3@* - - golang.org/x/net/http2@v0.17.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    -

    Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when reading header data from CONTINUATION frames. As part of the HPACK flow, all incoming HEADERS and CONTINUATION frames are read even if their payloads exceed MaxHeaderBytes and will be discarded. An attacker can send excessive data over a connection to render it unresponsive.

    -

    Remediation

    -

    Upgrade golang.org/x/net/http2 to version 0.23.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2020-22916

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc3/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - xz-utils/liblzma5 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 and xz-utils/liblzma5@5.2.5-2ubuntu1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - xz-utils/liblzma5@5.2.5-2ubuntu1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream xz-utils package and not the xz-utils package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    An issue discovered in XZ 5.2.5 allows attackers to cause a denial of service via decompression of a crafted file. NOTE: the vendor disputes the claims of "endless output" and "denial of service" because decompression of the 17,486 bytes always results in 114,881,179 bytes, which is often a reasonable size increase.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 xz-utils.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Information Exposure

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc3/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - libgcrypt20 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 and libgcrypt20@1.9.4-3ubuntu3 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - libgcrypt20@1.9.4-3ubuntu3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - - libgcrypt20@1.9.4-3ubuntu3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - libgcrypt20@1.9.4-3ubuntu3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - apt@2.4.12 - - apt/libapt-pkg6.0@2.4.12 - - libgcrypt20@1.9.4-3ubuntu3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - apt@2.4.12 - - gnupg2/gpgv@2.2.27-3ubuntu2.1 - - libgcrypt20@1.9.4-3ubuntu3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - libgcrypt20@1.9.4-3ubuntu3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 - - libgcrypt20@1.9.4-3ubuntu3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - libgcrypt20@1.9.4-3ubuntu3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 - - libgcrypt20@1.9.4-3ubuntu3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 - - libgcrypt20@1.9.4-3ubuntu3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpgsm@2.2.27-3ubuntu2.1 - - libgcrypt20@1.9.4-3ubuntu3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - apt@2.4.12 - - apt/libapt-pkg6.0@2.4.12 - - systemd/libsystemd0@249.11-0ubuntu3.12 - - libgcrypt20@1.9.4-3ubuntu3 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream libgcrypt20 package and not the libgcrypt20 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 libgcrypt20.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2024-26461

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc3/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - krb5/libk5crypto3 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - openssh/openssh-client@1:8.9p1-3ubuntu0.7 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - krb5/libkrb5support0@1.19.2-2ubuntu0.3 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 krb5.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2024-26462

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc3/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - krb5/libk5crypto3 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - openssh/openssh-client@1:8.9p1-3ubuntu0.7 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - krb5/libkrb5support0@1.19.2-2ubuntu0.3 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 krb5.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2024-26458

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc3/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - krb5/libk5crypto3 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - openssh/openssh-client@1:8.9p1-3ubuntu0.7 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - krb5/libkrb5support0@1.19.2-2ubuntu0.3 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 krb5.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    LGPL-3.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc3/argoproj/argo-cd/v2 /usr/local/bin/argocd -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - gopkg.in/retry.v1 -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and gopkg.in/retry.v1@v1.0.3 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - gopkg.in/retry.v1@v1.0.3 - - - -
      • -
    - -
    - -
    - -

    LGPL-3.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Infinite loop

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc3/argoproj/argo-cd/v2 /usr/local/bin/argocd -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - google.golang.org/protobuf/internal/encoding/json -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and google.golang.org/protobuf/internal/encoding/json@v1.31.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - google.golang.org/protobuf/internal/encoding/json@v1.31.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

    -

    Note:

    -

    This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

    -

    Remediation

    -

    Upgrade google.golang.org/protobuf/internal/encoding/json to version 1.33.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Stack-based Buffer Overflow

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc3/argoproj/argo-cd/v2 /usr/local/bin/argocd -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - google.golang.org/protobuf/encoding/protojson -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and google.golang.org/protobuf/encoding/protojson@v1.31.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - google.golang.org/protobuf/encoding/protojson@v1.31.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Stack-based Buffer Overflow when processing input that uses pathologically deep nesting.

    -

    Remediation

    -

    Upgrade google.golang.org/protobuf/encoding/protojson to version 1.32.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Infinite loop

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc3/argoproj/argo-cd/v2 /usr/local/bin/argocd -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - google.golang.org/protobuf/encoding/protojson -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and google.golang.org/protobuf/encoding/protojson@v1.31.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - google.golang.org/protobuf/encoding/protojson@v1.31.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

    -

    Note:

    -

    This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

    -

    Remediation

    -

    Upgrade google.golang.org/protobuf/encoding/protojson to version 1.33.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc3/argoproj/argo-cd/v2 /usr/local/bin/argocd -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/r3labs/diff -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/r3labs/diff@v1.1.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - github.com/r3labs/diff@v1.1.0 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc3/argoproj/argo-cd/v2 /usr/local/bin/argocd -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-version -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-version@v1.2.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - github.com/hashicorp/go-version@v1.2.1 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc3/argoproj/argo-cd/v2 /usr/local/bin/argocd -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-retryablehttp -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-retryablehttp@v0.7.4 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - github.com/hashicorp/go-retryablehttp@v0.7.4 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc3/helm/v3 /usr/local/bin/helm -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-multierror -
      • - -
    • Introduced through: - - helm.sh/helm/v3@* and github.com/hashicorp/go-multierror@v1.1.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - helm.sh/helm/v3@* - - github.com/hashicorp/go-multierror@v1.1.1 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc3/argoproj/argo-cd/v2 /usr/local/bin/argocd -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-cleanhttp -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-cleanhttp@v0.5.2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - github.com/hashicorp/go-cleanhttp@v0.5.2 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc3/argoproj/argo-cd/v2 /usr/local/bin/argocd -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/gosimple/slug -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/gosimple/slug@v1.13.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - github.com/gosimple/slug@v1.13.1 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2023-7008

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc3/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - systemd/libsystemd0 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 and systemd/libsystemd0@249.11-0ubuntu3.12 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - systemd/libsystemd0@249.11-0ubuntu3.12 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - apt@2.4.12 - - systemd/libsystemd0@249.11-0ubuntu3.12 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - procps/libprocps8@2:3.3.17-6ubuntu2.1 - - systemd/libsystemd0@249.11-0ubuntu3.12 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - util-linux@2.37.2-4ubuntu3.4 - - systemd/libsystemd0@249.11-0ubuntu3.12 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - util-linux/bsdutils@1:2.37.2-4ubuntu3.4 - - systemd/libsystemd0@249.11-0ubuntu3.12 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - apt@2.4.12 - - apt/libapt-pkg6.0@2.4.12 - - systemd/libsystemd0@249.11-0ubuntu3.12 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - systemd/libudev1@249.11-0ubuntu3.12 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - libfido2/libfido2-1@1.10.0-1 - - systemd/libudev1@249.11-0ubuntu3.12 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - util-linux@2.37.2-4ubuntu3.4 - - systemd/libudev1@249.11-0ubuntu3.12 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - apt@2.4.12 - - apt/libapt-pkg6.0@2.4.12 - - systemd/libudev1@249.11-0ubuntu3.12 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream systemd package and not the systemd package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 systemd.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Arbitrary Code Injection

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc3/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - shadow/passwd -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 and shadow/passwd@1:4.8.1-2ubuntu2.2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - openssh/openssh-client@1:8.9p1-3ubuntu0.7 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - shadow/login@1:4.8.1-2ubuntu2.2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream shadow package and not the shadow package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 shadow.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Uncontrolled Recursion

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc3/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - pcre3/libpcre3 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - grep@3.7-1build1 - - pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream pcre3 package and not the pcre3 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 pcre3.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Release of Invalid Pointer or Reference

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc3/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - patch -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 and patch@2.7.6-7build2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - patch@2.7.6-7build2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream patch package and not the patch package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 patch.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Double Free

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc3/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - patch -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 and patch@2.7.6-7build2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - patch@2.7.6-7build2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream patch package and not the patch package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 patch.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2023-50495

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc3/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - ncurses/libtinfo6 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 and ncurses/libtinfo6@6.3-2ubuntu0.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - bash@5.1-6ubuntu1.1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - ncurses/libncursesw6@6.3-2ubuntu0.1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - less@590-1ubuntu0.22.04.3 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - libedit/libedit2@3.1-20210910-1build1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - ncurses/libncurses6@6.3-2ubuntu0.1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - ncurses/ncurses-bin@6.3-2ubuntu0.1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - procps@2:3.3.17-6ubuntu2.1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - util-linux@2.37.2-4ubuntu3.4 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - readline/libreadline8@8.1.2-1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - pinentry/pinentry-curses@1.1.1-1build2 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - ncurses/libncursesw6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - procps@2:3.3.17-6ubuntu2.1 - - ncurses/libncursesw6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - pinentry/pinentry-curses@1.1.1-1build2 - - ncurses/libncursesw6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - ncurses/libncurses6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - procps@2:3.3.17-6ubuntu2.1 - - ncurses/libncurses6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - ncurses/ncurses-base@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - ncurses/ncurses-bin@6.3-2ubuntu0.1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream ncurses package and not the ncurses package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 ncurses.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2023-45918

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc3/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - ncurses/libtinfo6 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 and ncurses/libtinfo6@6.3-2ubuntu0.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - bash@5.1-6ubuntu1.1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - ncurses/libncursesw6@6.3-2ubuntu0.1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - less@590-1ubuntu0.22.04.3 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - libedit/libedit2@3.1-20210910-1build1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - ncurses/libncurses6@6.3-2ubuntu0.1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - ncurses/ncurses-bin@6.3-2ubuntu0.1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - procps@2:3.3.17-6ubuntu2.1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - util-linux@2.37.2-4ubuntu3.4 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - readline/libreadline8@8.1.2-1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - pinentry/pinentry-curses@1.1.1-1build2 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - ncurses/libncursesw6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - procps@2:3.3.17-6ubuntu2.1 - - ncurses/libncursesw6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - pinentry/pinentry-curses@1.1.1-1build2 - - ncurses/libncursesw6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - ncurses/libncurses6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - procps@2:3.3.17-6ubuntu2.1 - - ncurses/libncurses6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - ncurses/ncurses-base@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - ncurses/ncurses-bin@6.3-2ubuntu0.1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream ncurses package and not the ncurses package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 ncurses.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Resource Exhaustion

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc3/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - libzstd/libzstd1 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 and libzstd/libzstd1@1.4.8+dfsg-3build1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - libzstd/libzstd1@1.4.8+dfsg-3build1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream libzstd package and not the libzstd package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 libzstd.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Integer Overflow or Wraparound

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc3/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - krb5/libk5crypto3 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - openssh/openssh-client@1:8.9p1-3ubuntu0.7 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - krb5/libkrb5support0@1.19.2-2ubuntu0.3 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 krb5.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Out-of-bounds Write

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc3/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - gnupg2/gpgv -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 and gnupg2/gpgv@2.2.27-3ubuntu2.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gpgv@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - apt@2.4.12 - - gnupg2/gpgv@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpgv@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpgsm@2.2.27-3ubuntu2.1 - - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 - - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gpgsm@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpgsm@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream gnupg2 package and not the gnupg2 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 gnupg2.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Allocation of Resources Without Limits or Throttling

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc3/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - glibc/libc-bin -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 and glibc/libc-bin@2.35-0ubuntu3.7 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - glibc/libc-bin@2.35-0ubuntu3.7 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - glibc/libc6@2.35-0ubuntu3.7 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 glibc.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Input Validation

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc3/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - git/git-man -
      • - -
    • Introduced through: - - - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3, git@1:2.34.1-1ubuntu1.10 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - git@1:2.34.1-1ubuntu1.10 - - git/git-man@1:2.34.1-1ubuntu1.10 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - git@1:2.34.1-1ubuntu1.10 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - git-lfs@3.0.2-1ubuntu0.2 - - git@1:2.34.1-1ubuntu1.10 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream git package and not the git package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack).

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 git.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Uncontrolled Recursion

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc3/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - gcc-12/libstdc++6 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 and gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - apt@2.4.12 - - gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - apt@2.4.12 - - apt/libapt-pkg6.0@2.4.12 - - gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gcc-12/gcc-12-base@12.3.0-1ubuntu1~22.04 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gcc-12/libgcc-s1@12.3.0-1ubuntu1~22.04 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream gcc-12 package and not the gcc-12 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 gcc-12.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Input Validation

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc3/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - coreutils -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 and coreutils@8.32-4.1ubuntu1.2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - coreutils@8.32-4.1ubuntu1.2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream coreutils package and not the coreutils package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 coreutils.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -
    -
    - - - diff --git a/docs/snyk/v2.11.0-rc3/argocd-iac-install.html b/docs/snyk/v2.7.17/argocd-iac-install.html similarity index 96% rename from docs/snyk/v2.11.0-rc3/argocd-iac-install.html rename to docs/snyk/v2.7.17/argocd-iac-install.html index 444385fc2e128..cfced2ce2b173 100644 --- a/docs/snyk/v2.11.0-rc3/argocd-iac-install.html +++ b/docs/snyk/v2.7.17/argocd-iac-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    May 5th 2024, 12:20:19 am (UTC+00:00)

    +

    March 24th 2024, 12:23:21 am (UTC+00:00)

    Scanned the following path: @@ -482,52 +482,6 @@

    Snyk test report

    -
    -

    Role or ClusterRole with dangerous permissions

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 16] - - rules[5] - - resources - -
      • - -
    • - Line number: 21035 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

    - -

    Remediation

    -

    Consider removing these permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -

    Role or ClusterRole with dangerous permissions

    @@ -553,7 +507,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 20744 + Line number: 16324
    • @@ -599,7 +553,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 20829 + Line number: 16401
    • @@ -645,7 +599,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 20857 + Line number: 16429
    • @@ -691,7 +645,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 20887 + Line number: 16459
    • @@ -737,7 +691,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 20905 + Line number: 16477
    • @@ -783,7 +737,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 20921 + Line number: 16493
    • @@ -820,7 +774,7 @@

    Container could be running with outdated image

  • Introduced through: - [DocId: 47] + [DocId: 46] spec @@ -835,7 +789,7 @@

    Container could be running with outdated image

  • - Line number: 22209 + Line number: 17537
    • @@ -872,7 +826,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 43] + [DocId: 42] input @@ -893,7 +847,7 @@

    Container has no CPU limit

  • - Line number: 21512 + Line number: 16980
    • @@ -930,7 +884,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 44] + [DocId: 43] input @@ -951,7 +905,7 @@

    Container has no CPU limit

  • - Line number: 21763 + Line number: 17152
    • @@ -988,7 +942,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 44] + [DocId: 43] input @@ -1009,7 +963,7 @@

    Container has no CPU limit

  • - Line number: 21729 + Line number: 17118
    • @@ -1046,7 +1000,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 45] + [DocId: 44] input @@ -1067,7 +1021,7 @@

    Container has no CPU limit

  • - Line number: 21823 + Line number: 17212
    • @@ -1104,7 +1058,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 46] + [DocId: 45] input @@ -1125,7 +1079,7 @@

    Container has no CPU limit

  • - Line number: 21922 + Line number: 17293
    • @@ -1162,7 +1116,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 47] + [DocId: 46] input @@ -1183,7 +1137,7 @@

    Container has no CPU limit

  • - Line number: 22209 + Line number: 17537
    • @@ -1220,7 +1174,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 47] + [DocId: 46] input @@ -1241,7 +1195,7 @@

    Container has no CPU limit

  • - Line number: 21979 + Line number: 17349
    • @@ -1278,7 +1232,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 48] + [DocId: 47] input @@ -1299,7 +1253,7 @@

    Container has no CPU limit

  • - Line number: 22294 + Line number: 17622
    • @@ -1336,7 +1290,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 49] + [DocId: 48] input @@ -1357,7 +1311,7 @@

    Container has no CPU limit

  • - Line number: 22640 + Line number: 17932
    • @@ -1394,7 +1348,7 @@

    Container is running with multiple open ports

  • Introduced through: - [DocId: 44] + [DocId: 43] spec @@ -1409,7 +1363,7 @@

    Container is running with multiple open ports

  • - Line number: 21743 + Line number: 17132
    • @@ -1429,6 +1383,60 @@

    Remediation

    More about this issue

    +
    +
    +

    Container is running with writable root filesystem

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-8 +
      • + +
    • Introduced through: + [DocId: 45] + + spec + + template + + spec + + containers[redis] + + securityContext + + readOnlyRootFilesystem + +
      • + +
    • + Line number: 17303 +
      • +
    + +
    + +

    Impact

    +

    Compromised process could abuse writable root filesystem to elevate privileges

    + +

    Remediation

    +

    Set `spec.{containers, initContainers}.securityContext.readOnlyRootFilesystem` to `true`

    + + +
    +
    + +
    +

    More about this issue

    +
    +

    Container is running without liveness probe

    @@ -1446,7 +1454,7 @@

    Container is running without liveness probe

  • Introduced through: - [DocId: 43] + [DocId: 42] spec @@ -1461,7 +1469,7 @@

    Container is running without liveness probe

  • - Line number: 21512 + Line number: 16980
    • @@ -1498,7 +1506,7 @@

    Container is running without liveness probe

  • Introduced through: - [DocId: 44] + [DocId: 43] spec @@ -1513,7 +1521,7 @@

    Container is running without liveness probe

  • - Line number: 21729 + Line number: 17118
    • @@ -1550,7 +1558,7 @@

    Container is running without liveness probe

  • Introduced through: - [DocId: 46] + [DocId: 45] spec @@ -1565,7 +1573,7 @@

    Container is running without liveness probe

  • - Line number: 21922 + Line number: 17293
    • @@ -1602,7 +1610,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 43] + [DocId: 42] input @@ -1623,7 +1631,7 @@

    Container is running without memory limit

  • - Line number: 21512 + Line number: 16980
    • @@ -1660,7 +1668,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 44] + [DocId: 43] input @@ -1681,7 +1689,7 @@

    Container is running without memory limit

  • - Line number: 21729 + Line number: 17118
    • @@ -1718,7 +1726,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 44] + [DocId: 43] input @@ -1739,7 +1747,7 @@

    Container is running without memory limit

  • - Line number: 21763 + Line number: 17152
    • @@ -1776,7 +1784,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 45] + [DocId: 44] input @@ -1797,7 +1805,7 @@

    Container is running without memory limit

  • - Line number: 21823 + Line number: 17212
    • @@ -1834,7 +1842,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 46] + [DocId: 45] input @@ -1855,7 +1863,7 @@

    Container is running without memory limit

  • - Line number: 21922 + Line number: 17293
    • @@ -1892,7 +1900,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 47] + [DocId: 46] input @@ -1913,7 +1921,7 @@

    Container is running without memory limit

  • - Line number: 22209 + Line number: 17537
    • @@ -1950,7 +1958,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 47] + [DocId: 46] input @@ -1971,7 +1979,7 @@

    Container is running without memory limit

  • - Line number: 21979 + Line number: 17349
    • @@ -2008,7 +2016,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 48] + [DocId: 47] input @@ -2029,7 +2037,7 @@

    Container is running without memory limit

  • - Line number: 22294 + Line number: 17622
    • @@ -2066,7 +2074,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 49] + [DocId: 48] input @@ -2087,7 +2095,7 @@

    Container is running without memory limit

  • - Line number: 22640 + Line number: 17932
    • @@ -2124,7 +2132,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 43] + [DocId: 42] input @@ -2143,7 +2151,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 21653 + Line number: 17055
    • @@ -2180,7 +2188,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 44] + [DocId: 43] input @@ -2199,7 +2207,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 21771 + Line number: 17160
    • @@ -2236,7 +2244,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 44] + [DocId: 43] input @@ -2255,7 +2263,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 21746 + Line number: 17135
    • @@ -2292,7 +2300,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 45] + [DocId: 44] input @@ -2311,7 +2319,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 21856 + Line number: 17227
    • @@ -2348,7 +2356,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 46] + [DocId: 45] input @@ -2367,7 +2375,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 21932 + Line number: 17303
    • @@ -2404,7 +2412,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 47] + [DocId: 46] input @@ -2423,7 +2431,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 22216 + Line number: 17544
    • @@ -2460,7 +2468,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 47] + [DocId: 46] input @@ -2479,7 +2487,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 22182 + Line number: 17510
    • @@ -2516,7 +2524,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 48] + [DocId: 47] input @@ -2535,7 +2543,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 22550 + Line number: 17842
    • @@ -2572,7 +2580,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 49] + [DocId: 48] input @@ -2591,7 +2599,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 22836 + Line number: 18074
    • diff --git a/docs/snyk/v2.11.0-rc3/argocd-iac-namespace-install.html b/docs/snyk/v2.7.17/argocd-iac-namespace-install.html similarity index 95% rename from docs/snyk/v2.11.0-rc3/argocd-iac-namespace-install.html rename to docs/snyk/v2.7.17/argocd-iac-namespace-install.html index c811849f8fab8..f9744975422e6 100644 --- a/docs/snyk/v2.11.0-rc3/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.7.17/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    May 5th 2024, 12:20:29 am (UTC+00:00)

    +

    March 24th 2024, 12:23:30 am (UTC+00:00)

    Scanned the following path: @@ -466,7 +466,7 @@

    Snyk test report

    -
    38 total issues
    +
    39 total issues

    @@ -553,7 +553,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 162 + Line number: 154
    • @@ -599,7 +599,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 190 + Line number: 182
    • @@ -645,7 +645,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 220 + Line number: 212
    • @@ -691,7 +691,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 238 + Line number: 230
    • @@ -737,7 +737,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 254 + Line number: 246
    • @@ -774,7 +774,7 @@

    Container could be running with outdated image

  • Introduced through: - [DocId: 38] + [DocId: 39] spec @@ -789,7 +789,7 @@

    Container could be running with outdated image

  • - Line number: 1330 + Line number: 1197
    • @@ -826,7 +826,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 34] + [DocId: 35] input @@ -847,7 +847,7 @@

    Container has no CPU limit

  • - Line number: 633 + Line number: 640
    • @@ -884,7 +884,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 35] + [DocId: 36] input @@ -905,7 +905,7 @@

    Container has no CPU limit

  • - Line number: 884 + Line number: 812
    • @@ -942,7 +942,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 35] + [DocId: 36] input @@ -963,7 +963,7 @@

    Container has no CPU limit

  • - Line number: 850 + Line number: 778
    • @@ -1000,7 +1000,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 36] + [DocId: 37] input @@ -1021,7 +1021,7 @@

    Container has no CPU limit

  • - Line number: 944 + Line number: 872
    • @@ -1058,7 +1058,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 37] + [DocId: 38] input @@ -1079,7 +1079,7 @@

    Container has no CPU limit

  • - Line number: 1043 + Line number: 953
    • @@ -1116,7 +1116,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 38] + [DocId: 39] input @@ -1137,7 +1137,7 @@

    Container has no CPU limit

  • - Line number: 1330 + Line number: 1197
    • @@ -1174,7 +1174,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 38] + [DocId: 39] input @@ -1195,7 +1195,7 @@

    Container has no CPU limit

  • - Line number: 1100 + Line number: 1009
    • @@ -1232,7 +1232,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 39] + [DocId: 40] input @@ -1253,7 +1253,7 @@

    Container has no CPU limit

  • - Line number: 1415 + Line number: 1282
    • @@ -1290,7 +1290,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 40] + [DocId: 41] input @@ -1311,7 +1311,7 @@

    Container has no CPU limit

  • - Line number: 1761 + Line number: 1592
    • @@ -1348,7 +1348,7 @@

    Container is running with multiple open ports

  • Introduced through: - [DocId: 35] + [DocId: 36] spec @@ -1363,7 +1363,7 @@

    Container is running with multiple open ports

  • - Line number: 864 + Line number: 792
    • @@ -1383,6 +1383,60 @@

    Remediation

    More about this issue

    +
    +
    +

    Container is running with writable root filesystem

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-8 +
      • + +
    • Introduced through: + [DocId: 38] + + spec + + template + + spec + + containers[redis] + + securityContext + + readOnlyRootFilesystem + +
      • + +
    • + Line number: 963 +
      • +
    + +
    + +

    Impact

    +

    Compromised process could abuse writable root filesystem to elevate privileges

    + +

    Remediation

    +

    Set `spec.{containers, initContainers}.securityContext.readOnlyRootFilesystem` to `true`

    + + +
    +
    + +
    +

    More about this issue

    +
    +

    Container is running without liveness probe

    @@ -1400,7 +1454,7 @@

    Container is running without liveness probe

  • Introduced through: - [DocId: 34] + [DocId: 35] spec @@ -1415,7 +1469,7 @@

    Container is running without liveness probe

  • - Line number: 633 + Line number: 640
    • @@ -1452,7 +1506,7 @@

    Container is running without liveness probe

  • Introduced through: - [DocId: 35] + [DocId: 36] spec @@ -1467,7 +1521,7 @@

    Container is running without liveness probe

  • - Line number: 850 + Line number: 778
    • @@ -1504,7 +1558,7 @@

    Container is running without liveness probe

  • Introduced through: - [DocId: 37] + [DocId: 38] spec @@ -1519,7 +1573,7 @@

    Container is running without liveness probe

  • - Line number: 1043 + Line number: 953
    • @@ -1556,7 +1610,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 34] + [DocId: 35] input @@ -1577,7 +1631,7 @@

    Container is running without memory limit

  • - Line number: 633 + Line number: 640
    • @@ -1614,7 +1668,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 35] + [DocId: 36] input @@ -1635,7 +1689,7 @@

    Container is running without memory limit

  • - Line number: 850 + Line number: 778
    • @@ -1672,7 +1726,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 35] + [DocId: 36] input @@ -1693,7 +1747,7 @@

    Container is running without memory limit

  • - Line number: 884 + Line number: 812
    • @@ -1730,7 +1784,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 36] + [DocId: 37] input @@ -1751,7 +1805,7 @@

    Container is running without memory limit

  • - Line number: 944 + Line number: 872
    • @@ -1788,7 +1842,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 37] + [DocId: 38] input @@ -1809,7 +1863,7 @@

    Container is running without memory limit

  • - Line number: 1043 + Line number: 953
    • @@ -1846,7 +1900,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 38] + [DocId: 39] input @@ -1867,7 +1921,7 @@

    Container is running without memory limit

  • - Line number: 1330 + Line number: 1197
    • @@ -1904,7 +1958,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 38] + [DocId: 39] input @@ -1925,7 +1979,7 @@

    Container is running without memory limit

  • - Line number: 1100 + Line number: 1009
    • @@ -1962,7 +2016,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 39] + [DocId: 40] input @@ -1983,7 +2037,7 @@

    Container is running without memory limit

  • - Line number: 1415 + Line number: 1282
    • @@ -2020,7 +2074,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 40] + [DocId: 41] input @@ -2041,7 +2095,7 @@

    Container is running without memory limit

  • - Line number: 1761 + Line number: 1592
    • @@ -2078,7 +2132,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 34] + [DocId: 35] input @@ -2097,7 +2151,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 774 + Line number: 715
    • @@ -2134,7 +2188,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 35] + [DocId: 36] input @@ -2153,7 +2207,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 892 + Line number: 820
    • @@ -2190,7 +2244,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 35] + [DocId: 36] input @@ -2209,7 +2263,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 867 + Line number: 795
    • @@ -2246,7 +2300,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 36] + [DocId: 37] input @@ -2265,7 +2319,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 977 + Line number: 887
    • @@ -2302,7 +2356,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 37] + [DocId: 38] input @@ -2321,7 +2375,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 1053 + Line number: 963
    • @@ -2358,7 +2412,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 38] + [DocId: 39] input @@ -2377,7 +2431,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 1337 + Line number: 1204
    • @@ -2414,7 +2468,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 38] + [DocId: 39] input @@ -2433,7 +2487,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 1303 + Line number: 1170
    • @@ -2470,7 +2524,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 39] + [DocId: 40] input @@ -2489,7 +2543,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 1671 + Line number: 1502
    • @@ -2526,7 +2580,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 40] + [DocId: 41] input @@ -2545,7 +2599,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 1957 + Line number: 1734
    • diff --git a/docs/snyk/v2.7.17/argocd-test.html b/docs/snyk/v2.7.17/argocd-test.html new file mode 100644 index 0000000000000..f130f831d96d1 --- /dev/null +++ b/docs/snyk/v2.7.17/argocd-test.html @@ -0,0 +1,2957 @@ + + + + + + + + + Snyk test report + + + + + + + + + +
    +
    +
    +
    + + + Snyk - Open Source Security + + + + + + + +
    +

    Snyk test report

    + +

    March 24th 2024, 12:21:51 am (UTC+00:00)

    +
    +
    + Scanned the following paths: +
      +
    • /argo-cd/argoproj/argo-cd/v2/go.mod (gomodules)
      • +
    • /argo-cd/ui/yarn.lock (yarn)
      • +
    +
    + +
    +
    10 known vulnerabilities
    +
    106 vulnerable dependency paths
    +
    1755 dependencies
    +
    +
    +
    +
    + +
    +
    +
    +

    Regular Expression Denial of Service (ReDoS)

    +
    + +
    + high severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd ui/yarn.lock +
      • +
    • + Package Manager: npm +
      • +
    • + Vulnerable module: + + semver +
      • + +
    • Introduced through: + + + argo-cd-ui@1.0.0, superagent@8.0.9 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + argo-cd-ui@1.0.0 + + superagent@8.0.9 + + semver@7.3.8 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    semver is a semantic version parser used by npm.

    +

    Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.

    +

    PoC

    + 
    
+        const semver = require('semver')
+        const lengths_2 = [2000, 4000, 8000, 16000, 32000, 64000, 128000]
+        
+        console.log("n[+] Valid range - Test payloads")
+        for (let i = 0; i =1.2.3' + ' '.repeat(lengths_2[i]) + '<1.3.0';
+        const start = Date.now()
+        semver.validRange(value)
+        // semver.minVersion(value)
+        // semver.maxSatisfying(["1.2.3"], value)
+        // semver.minSatisfying(["1.2.3"], value)
+        // new semver.Range(value, {})
+        
+        const end = Date.now();
+        console.log('length=%d, time=%d ms', value.length, end - start);
+        }
+
    +

    Details

    +

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.

    +

    The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.

    +

    Let’s take the following regular expression as an example:

    + 
    regex = /A(B|C+)+D/
+
    +

    This regular expression accomplishes the following:

    +
      +
    • A The string must start with the letter 'A'
      • +
    • (B|C+)+ The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the + matches one or more times). The + at the end of this section states that we can look for one or more matches of this section.
      • +
    • D Finally, we ensure this section of the string ends with a 'D'
      • +
    +

    The expression would match inputs such as ABBD, ABCCCCD, ABCBCCCD and ACCCCCD

    +

    It most cases, it doesn't take very long for a regex engine to find a match:

    + 
    $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD")'
+        0.04s user 0.01s system 95% cpu 0.052 total
+        
+        $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX")'
+        1.79s user 0.02s system 99% cpu 1.812 total
+
    +

    The entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.

    +

    Most Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as catastrophic backtracking.

    +

    Let's look at how our expression runs into this problem, using a shorter string: "ACCCX". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:

    +
      +
    1. CCC
      2. +
    2. CC+C
      3. +
    3. C+CC
      4. +
    4. C+C+C.
      5. +
    +

    The engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use RegEx 101 debugger to see the engine has to take a total of 38 steps before it can determine the string doesn't match.

    +

    From there, the number of steps the engine must use to validate a string just continues to grow.

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    StringNumber of C'sNumber of steps
    ACCCX338
    ACCCCX471
    ACCCCCX5136
    ACCCCCCCCCCCCCCX1465,553
    +

    By the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.

    +

    Remediation

    +

    Upgrade semver to version 5.7.2, 6.3.1, 7.5.2 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Infinite loop

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + google.golang.org/protobuf/internal/encoding/json +
      • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/pkg/grpc/http@#a4dd357b057e + + github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/auth@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/retry@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.11.1 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.31.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/improbable-eng/grpc-web/go/grpcweb@#16092bd1d58a + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/reflection@1.58.3 + + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health@1.58.3 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.3.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.3.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags@1.3.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

    +

    Note:

    +

    This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

    +

    Remediation

    +

    Upgrade google.golang.org/protobuf/internal/encoding/json to version 1.33.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Stack-based Buffer Overflow

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + google.golang.org/protobuf/encoding/protojson +
      • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/pkg/grpc/http@#a4dd357b057e + + github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.11.1 + + go.opentelemetry.io/proto/otlp/collector/trace/v1@0.19.0 + + github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.7.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/auth@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/retry@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.11.1 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.31.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/improbable-eng/grpc-web/go/grpcweb@#16092bd1d58a + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/reflection@1.58.3 + + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health@1.58.3 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/auth@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/retry@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.11.1 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.31.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/improbable-eng/grpc-web/go/grpcweb@#16092bd1d58a + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/reflection@1.58.3 + + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health@1.58.3 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.3.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.3.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags@1.3.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.3.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.3.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags@1.3.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Stack-based Buffer Overflow when processing input that uses pathologically deep nesting.

    +

    Remediation

    +

    Upgrade google.golang.org/protobuf/encoding/protojson to version 1.32.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Infinite loop

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + google.golang.org/protobuf/encoding/protojson +
      • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/pkg/grpc/http@#a4dd357b057e + + github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.11.1 + + go.opentelemetry.io/proto/otlp/collector/trace/v1@0.19.0 + + github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.7.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/auth@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/retry@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.11.1 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.31.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/improbable-eng/grpc-web/go/grpcweb@#16092bd1d58a + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/reflection@1.58.3 + + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health@1.58.3 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/auth@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/retry@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.11.1 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.31.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/improbable-eng/grpc-web/go/grpcweb@#16092bd1d58a + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/reflection@1.58.3 + + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health@1.58.3 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.3.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.3.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags@1.3.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.3.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.3.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags@1.3.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

    +

    Note:

    +

    This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

    +

    Remediation

    +

    Upgrade google.golang.org/protobuf/encoding/protojson to version 1.33.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Authentication Bypass by Capture-replay

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + golang.org/x/crypto/ssh +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@0.0.0 and golang.org/x/crypto/ssh@0.16.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + golang.org/x/crypto/ssh/knownhosts@0.16.0 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + github.com/skeema/knownhosts@1.2.1 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + github.com/skeema/knownhosts@1.2.1 + + golang.org/x/crypto/ssh/knownhosts@0.16.0 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + github.com/skeema/knownhosts@1.2.1 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + github.com/xanzy/ssh-agent@0.3.3 + + golang.org/x/crypto/ssh/agent@0.16.0 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + github.com/skeema/knownhosts@1.2.1 + + golang.org/x/crypto/ssh/knownhosts@0.16.0 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + github.com/skeema/knownhosts@1.2.1 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + github.com/xanzy/ssh-agent@0.3.3 + + golang.org/x/crypto/ssh/agent@0.16.0 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + github.com/skeema/knownhosts@1.2.1 + + golang.org/x/crypto/ssh/knownhosts@0.16.0 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + github.com/xanzy/ssh-agent@0.3.3 + + golang.org/x/crypto/ssh/agent@0.16.0 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    golang.org/x/crypto/ssh is a SSH client and server

    +

    Affected versions of this package are vulnerable to Authentication Bypass by Capture-replay during the establishment of the secure channel. An attacker can manipulate handshake sequence numbers to delete messages sent immediately after the channel is established.

    +

    Note:

    +
      +

    1. Sequence numbers are only validated once the channel is established and arbitrary messages are allowed during the handshake, allowing them to manipulate the sequence numbers.

      +
      2. +

    2. The potential consequences of the general Terrapin attack are dependent on the messages exchanged after the handshake concludes. If you are using a custom SSH service and do not resort to the authentication protocol, you should check that dropping the first few messages of a connection does not yield security risks.

      +
      3. +
    +

    Impact:

    +

    While cryptographically novel, there is no discernable impact on the integrity of SSH traffic beyond giving the attacker the ability to delete the message that enables some features related to keystroke timing obfuscation. To successfully carry out the exploitation, the connection needs to be protected using either the ChaCha20-Poly1305 or CBC with Encrypt-then-MAC encryption methods. The attacker must also be able to intercept and modify the connection's traffic.

    +

    Workaround

    +

    Temporarily disable the affected chacha20-poly1305@openssh.com encryption and *-etm@openssh.com MAC algorithms in the affected configuration, and use unaffected algorithms like AES-GCM instead.

    +

    Remediation

    +

    Upgrade golang.org/x/crypto/ssh to version 0.17.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/r3labs/diff +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@0.0.0 and github.com/r3labs/diff@1.1.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/r3labs/diff@1.1.0 + + + +
      • +
    + +
    + +
    + +

    MPL-2.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/hashicorp/go-version +
      • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, code.gitea.io/sdk/gitea@0.15.1 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + code.gitea.io/sdk/gitea@0.15.1 + + github.com/hashicorp/go-version@1.2.1 + + + +
      • +
    + +
    + +
    + +

    MPL-2.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/hashicorp/go-retryablehttp +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@0.0.0 and github.com/hashicorp/go-retryablehttp@0.7.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/hashicorp/go-retryablehttp@0.7.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/xanzy/go-gitlab@0.60.0 + + github.com/hashicorp/go-retryablehttp@0.7.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/services@#f754726f03da + + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + + github.com/hashicorp/go-retryablehttp@0.7.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#f754726f03da + + github.com/argoproj/notifications-engine/pkg/services@#f754726f03da + + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + + github.com/hashicorp/go-retryablehttp@0.7.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/cmd@#f754726f03da + + github.com/argoproj/notifications-engine/pkg/services@#f754726f03da + + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + + github.com/hashicorp/go-retryablehttp@0.7.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/api@#f754726f03da + + github.com/argoproj/notifications-engine/pkg/subscriptions@#f754726f03da + + github.com/argoproj/notifications-engine/pkg/services@#f754726f03da + + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + + github.com/hashicorp/go-retryablehttp@0.7.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/controller@#f754726f03da + + github.com/argoproj/notifications-engine/pkg/subscriptions@#f754726f03da + + github.com/argoproj/notifications-engine/pkg/services@#f754726f03da + + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + + github.com/hashicorp/go-retryablehttp@0.7.0 + + + +
      • +
    + +
    + +
    + +

    MPL-2.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/hashicorp/go-cleanhttp +
      • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, github.com/hashicorp/go-retryablehttp@0.7.0 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/hashicorp/go-retryablehttp@0.7.0 + + github.com/hashicorp/go-cleanhttp@0.5.2 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/xanzy/go-gitlab@0.60.0 + + github.com/hashicorp/go-cleanhttp@0.5.2 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/xanzy/go-gitlab@0.60.0 + + github.com/hashicorp/go-retryablehttp@0.7.0 + + github.com/hashicorp/go-cleanhttp@0.5.2 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/services@#f754726f03da + + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + + github.com/hashicorp/go-retryablehttp@0.7.0 + + github.com/hashicorp/go-cleanhttp@0.5.2 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#f754726f03da + + github.com/argoproj/notifications-engine/pkg/services@#f754726f03da + + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + + github.com/hashicorp/go-retryablehttp@0.7.0 + + github.com/hashicorp/go-cleanhttp@0.5.2 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/cmd@#f754726f03da + + github.com/argoproj/notifications-engine/pkg/services@#f754726f03da + + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + + github.com/hashicorp/go-retryablehttp@0.7.0 + + github.com/hashicorp/go-cleanhttp@0.5.2 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/api@#f754726f03da + + github.com/argoproj/notifications-engine/pkg/subscriptions@#f754726f03da + + github.com/argoproj/notifications-engine/pkg/services@#f754726f03da + + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + + github.com/hashicorp/go-retryablehttp@0.7.0 + + github.com/hashicorp/go-cleanhttp@0.5.2 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/controller@#f754726f03da + + github.com/argoproj/notifications-engine/pkg/subscriptions@#f754726f03da + + github.com/argoproj/notifications-engine/pkg/services@#f754726f03da + + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + + github.com/hashicorp/go-retryablehttp@0.7.0 + + github.com/hashicorp/go-cleanhttp@0.5.2 + + + +
      • +
    + +
    + +
    + +

    MPL-2.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/gosimple/slug +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@0.0.0 and github.com/gosimple/slug@1.13.1 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/gosimple/slug@1.13.1 + + + +
      • +
    + +
    + +
    + +

    MPL-2.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +
    +
    + + + diff --git a/docs/snyk/v2.9.14/ghcr.io_dexidp_dex_v2.37.0.html b/docs/snyk/v2.7.17/ghcr.io_dexidp_dex_v2.37.0.html similarity index 89% rename from docs/snyk/v2.9.14/ghcr.io_dexidp_dex_v2.37.0.html rename to docs/snyk/v2.7.17/ghcr.io_dexidp_dex_v2.37.0.html index 07f30b33a9d48..2bc1adb34dcef 100644 --- a/docs/snyk/v2.9.14/ghcr.io_dexidp_dex_v2.37.0.html +++ b/docs/snyk/v2.7.17/ghcr.io_dexidp_dex_v2.37.0.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    May 5th 2024, 12:23:11 am (UTC+00:00)

    +

    March 24th 2024, 12:21:56 am (UTC+00:00)

    Scanned the following paths: @@ -469,8 +469,8 @@

    Snyk test report

    -
    44 known vulnerabilities
    -
    130 vulnerable dependency paths
    +
    42 known vulnerabilities
    +
    121 vulnerable dependency paths
    786 dependencies

    @@ -655,7 +655,7 @@

    Remediation

    Upgrade Alpine:3.18 busybox to version 1.36.1-r1 or higher.

    References

    @@ -818,14 +818,14 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r0 or higher.

    References

    @@ -904,7 +904,6 @@

    References

    -
    -
    -

    Allocation of Resources Without Limits or Throttling

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/net/http2 -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and golang.org/x/net/http2@v0.7.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - golang.org/x/net/http2@v0.7.0 - - - -
      • -
    • - Introduced through: - github.com/dexidp/dex@* - - golang.org/x/net/http2@v0.11.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    -

    Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when reading header data from CONTINUATION frames. As part of the HPACK flow, all incoming HEADERS and CONTINUATION frames are read even if their payloads exceed MaxHeaderBytes and will be discarded. An attacker can send excessive data over a connection to render it unresponsive.

    -

    Remediation

    -

    Upgrade golang.org/x/net/http2 to version 0.23.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    -

    Heap-based Buffer Overflow

    @@ -1236,7 +1154,6 @@

    Remediation

    Upgrade github.com/go-jose/go-jose/v3 to version 3.0.1 or higher.

    References

    @@ -1386,13 +1303,13 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.1-r2 or higher.

    References

    @@ -1545,18 +1462,18 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.1-r3 or higher.

    References

    @@ -1707,20 +1624,20 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.2-r0 or higher.

    References

    @@ -1875,14 +1792,13 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r1 or higher.

    References

    @@ -2046,10 +1962,6 @@

    References

  • https://www.openssl.org/news/secadv/20240109.txt
  • http://www.openwall.com/lists/oss-security/2024/01/09/1
  • https://security.netapp.com/advisory/ntap-20240216-0009/
    • -
  • https://security.netapp.com/advisory/ntap-20240426-0008/
    • -
  • https://security.netapp.com/advisory/ntap-20240426-0013/
    • -
  • http://www.openwall.com/lists/oss-security/2024/03/11/1
    • -
  • https://security.netapp.com/advisory/ntap-20240503-0011/
    • @@ -2196,14 +2108,13 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r5 or higher.

    References

    @@ -2734,18 +2645,13 @@

    References

  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
    • -
  • GitHub Commit
    • -
  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
  • GitHub Issue
  • GitHub Issue
    • -
  • GitHub PR
  • Go Forum
  • Google Groups Forum
    • -
  • Jenkins Advisory
  • Security Release
    • -
  • Nuclei Templates
    • @@ -4412,38 +4318,9 @@

    Detailed paths

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Checking excessively long invalid RSA public keys may take - a long time.

    -

    Impact summary: Applications that use the function EVP_PKEY_public_check() - to check RSA public keys may experience long delays. Where the key that - is being checked has been obtained from an untrusted source this may lead - to a Denial of Service.

    -

    When function EVP_PKEY_public_check() is called on RSA public keys, - a computation is done to confirm that the RSA modulus, n, is composite. - For valid RSA keys, n is a product of two or more large primes and this - computation completes quickly. However, if n is an overly large prime, - then this computation would take a long time.

    -

    An application that calls EVP_PKEY_public_check() and supplies an RSA key - obtained from an untrusted source could be vulnerable to a Denial of Service - attack.

    -

    The function EVP_PKEY_public_check() is not called from other OpenSSL - functions however it is called from the OpenSSL pkey command line - application. For that reason that application is also vulnerable if used - with the '-pubin' and '-check' options on untrusted data.

    -

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    -

    The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

    +

    This vulnerability has not been analyzed by NVD yet.

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r4 or higher.

    -

    References

    -
    @@ -4452,158 +4329,6 @@

    References

    -
    -

    CVE-2024-2511

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Some non-default TLS server configurations can cause unbounded - memory growth when processing TLSv1.3 sessions

    -

    Impact summary: An attacker may exploit certain server configurations to trigger - unbounded memory growth that would lead to a Denial of Service

    -

    This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is - being used (but not if early_data support is also configured and the default - anti-replay protection is in use). In this case, under certain conditions, the - session cache can get into an incorrect state and it will fail to flush properly - as it fills. The session cache will continue to grow in an unbounded manner. A - malicious client could deliberately create the scenario for this failure to - force a Denial of Service. It may also happen by accident in normal operation.

    -

    This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS - clients.

    -

    The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL - 1.0.2 is also not affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.4-r6 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    diff --git a/docs/snyk/v2.11.0-rc3/haproxy_2.6.14-alpine.html b/docs/snyk/v2.7.17/haproxy_2.6.14-alpine.html similarity index 78% rename from docs/snyk/v2.11.0-rc3/haproxy_2.6.14-alpine.html rename to docs/snyk/v2.7.17/haproxy_2.6.14-alpine.html index f9e040cba19f3..4487d720d3a0c 100644 --- a/docs/snyk/v2.11.0-rc3/haproxy_2.6.14-alpine.html +++ b/docs/snyk/v2.7.17/haproxy_2.6.14-alpine.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    May 5th 2024, 12:18:28 am (UTC+00:00)

    +

    March 24th 2024, 12:22:00 am (UTC+00:00)

    Scanned the following path: @@ -466,8 +466,8 @@

    Snyk test report

    -
    6 known vulnerabilities
    -
    54 vulnerable dependency paths
    +
    5 known vulnerabilities
    +
    45 vulnerable dependency paths
    18 dependencies
    @@ -660,14 +660,14 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r0 or higher.

    References

    @@ -844,14 +844,13 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r1 or higher.

    References

    @@ -1037,10 +1036,6 @@

    References

  • https://www.openssl.org/news/secadv/20240109.txt
  • http://www.openwall.com/lists/oss-security/2024/01/09/1
  • https://security.netapp.com/advisory/ntap-20240216-0009/
    • -
  • https://security.netapp.com/advisory/ntap-20240426-0008/
    • -
  • https://security.netapp.com/advisory/ntap-20240426-0013/
    • -
  • http://www.openwall.com/lists/oss-security/2024/03/11/1
    • -
  • https://security.netapp.com/advisory/ntap-20240503-0011/
    • @@ -1209,14 +1204,13 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r5 or higher.

    References

    @@ -1363,38 +1357,9 @@

    Detailed paths

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Checking excessively long invalid RSA public keys may take - a long time.

    -

    Impact summary: Applications that use the function EVP_PKEY_public_check() - to check RSA public keys may experience long delays. Where the key that - is being checked has been obtained from an untrusted source this may lead - to a Denial of Service.

    -

    When function EVP_PKEY_public_check() is called on RSA public keys, - a computation is done to confirm that the RSA modulus, n, is composite. - For valid RSA keys, n is a product of two or more large primes and this - computation completes quickly. However, if n is an overly large prime, - then this computation would take a long time.

    -

    An application that calls EVP_PKEY_public_check() and supplies an RSA key - obtained from an untrusted source could be vulnerable to a Denial of Service - attack.

    -

    The function EVP_PKEY_public_check() is not called from other OpenSSL - functions however it is called from the OpenSSL pkey command line - application. For that reason that application is also vulnerable if used - with the '-pubin' and '-check' options on untrusted data.

    -

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    -

    The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

    +

    This vulnerability has not been analyzed by NVD yet.

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r4 or higher.

    -

    References

    -
    @@ -1403,180 +1368,6 @@

    References

    -
    -

    CVE-2024-2511

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Some non-default TLS server configurations can cause unbounded - memory growth when processing TLSv1.3 sessions

    -

    Impact summary: An attacker may exploit certain server configurations to trigger - unbounded memory growth that would lead to a Denial of Service

    -

    This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is - being used (but not if early_data support is also configured and the default - anti-replay protection is in use). In this case, under certain conditions, the - session cache can get into an incorrect state and it will fail to flush properly - as it fills. The session cache will continue to grow in an unbounded manner. A - malicious client could deliberately create the scenario for this failure to - force a Denial of Service. It may also happen by accident in normal operation.

    -

    This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS - clients.

    -

    The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL - 1.0.2 is also not affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.4-r6 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    diff --git a/docs/snyk/v2.10.9/quay.io_argoproj_argocd_v2.10.9.html b/docs/snyk/v2.7.17/quay.io_argoproj_argocd_v2.7.17.html similarity index 64% rename from docs/snyk/v2.10.9/quay.io_argoproj_argocd_v2.10.9.html rename to docs/snyk/v2.7.17/quay.io_argoproj_argocd_v2.7.17.html index 93cf1c001a823..88785b4be1777 100644 --- a/docs/snyk/v2.10.9/quay.io_argoproj_argocd_v2.10.9.html +++ b/docs/snyk/v2.7.17/quay.io_argoproj_argocd_v2.7.17.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,23 +456,23 @@

    Snyk test report

    -

    May 5th 2024, 12:21:10 am (UTC+00:00)

    +

    March 24th 2024, 12:22:17 am (UTC+00:00)

    Scanned the following paths:
      -
    • quay.io/argoproj/argocd:v2.10.9/argoproj/argocd/Dockerfile (deb)
      • -
    • quay.io/argoproj/argocd:v2.10.9/argoproj/argo-cd/v2//usr/local/bin/argocd (gomodules)
      • -
    • quay.io/argoproj/argocd:v2.10.9//usr/local/bin/kustomize (gomodules)
      • -
    • quay.io/argoproj/argocd:v2.10.9/helm/v3//usr/local/bin/helm (gomodules)
      • -
    • quay.io/argoproj/argocd:v2.10.9/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.7.17/argoproj/argocd/Dockerfile (deb)
      • +
    • quay.io/argoproj/argocd:v2.7.17/argoproj/argo-cd/v2//usr/local/bin/argocd (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.7.17/kustomize/kustomize/v5//usr/local/bin/kustomize (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.7.17/helm/v3//usr/local/bin/helm (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.7.17/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)
    -
    32 known vulnerabilities
    -
    166 vulnerable dependency paths
    -
    2275 dependencies
    +
    46 known vulnerabilities
    +
    224 vulnerable dependency paths
    +
    2070 dependencies
    @@ -481,7 +481,89 @@

    Snyk test report

    -

    Allocation of Resources Without Limits or Throttling

    +

    Denial of Service (DoS)

    +
    + +
    + high severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.7.17/helm/v3 /usr/local/bin/helm +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + golang.org/x/net/http2/hpack +
      • + +
    • Introduced through: + + helm.sh/helm/v3@* and golang.org/x/net/http2/hpack@v0.5.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + helm.sh/helm/v3@* + + golang.org/x/net/http2/hpack@v0.5.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

    +

    Details

    +

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    +

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    +

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    +

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    +

    Two common types of DoS vulnerabilities:

    +
      +

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      +
      • +

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      +
      • +
    +

    Remediation

    +

    Upgrade golang.org/x/net/http2/hpack to version 0.7.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Denial of Service (DoS)

    @@ -492,7 +574,7 @@

    Allocation of Resources Without Limits or Throttling

  • - Manifest file: quay.io/argoproj/argocd:v2.10.9/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.7.17/helm/v3 /usr/local/bin/helm
  • Package Manager: golang @@ -505,7 +587,7 @@

    Allocation of Resources Without Limits or Throttling

    Introduced through: - github.com/argoproj/argo-cd/v2@* and golang.org/x/net/http2@v0.19.0 + helm.sh/helm/v3@* and golang.org/x/net/http2@v0.5.0
    • @@ -518,18 +600,92 @@

    Detailed paths

    • Introduced through: - github.com/argoproj/argo-cd/v2@* + helm.sh/helm/v3@* - golang.org/x/net/http2@v0.19.0 + golang.org/x/net/http2@v0.5.0
      • +
    + +
    + +
    + +

    Overview

    +

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    +

    Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

    +

    Details

    +

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    +

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    +

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    +

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    +

    Two common types of DoS vulnerabilities:

    +
      +

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      +
      • +

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      +
      • +
    +

    Remediation

    +

    Upgrade golang.org/x/net/http2 to version 0.7.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Denial of Service (DoS)

    +
    + +
    + high severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.7.17/helm/v3 /usr/local/bin/helm +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + golang.org/x/net/http2 +
      • + +
    • Introduced through: + + helm.sh/helm/v3@* and golang.org/x/net/http2@v0.5.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
    +
    +

    Directory Traversal

    +
    + +
    + high severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.7.17/helm/v3 /usr/local/bin/helm +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + github.com/cyphar/filepath-securejoin +
      • + +
    • Introduced through: + + helm.sh/helm/v3@* and github.com/cyphar/filepath-securejoin@v0.2.3 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + helm.sh/helm/v3@* + + github.com/cyphar/filepath-securejoin@v0.2.3 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Directory Traversal via the filepath.FromSlash() function, allwoing attackers to generate paths that were outside of the provided rootfs.

    +

    Note: + This vulnerability is only exploitable on Windows OS.

    +

    Details

    +

    A Directory Traversal attack (also known as path traversal) aims to access files and directories that are stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and its variations, or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system, including application source code, configuration, and other critical system files.

    +

    Directory Traversal vulnerabilities can be generally divided into two types:

    +
      +
    • Information Disclosure: Allows the attacker to gain information about the folder structure or read the contents of sensitive files on the system.
      • +
    +

    st is a module for serving static files on web pages, and contains a vulnerability of this type. In our example, we will serve files from the public route.

    +

    If an attacker requests the following URL from our server, it will in turn leak the sensitive private key of the root user.

    + 
    curl http://localhost:8080/public/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/root/.ssh/id_rsa
+
    +

    Note %2e is the URL encoded version of . (dot).

    +
      +
    • Writing arbitrary files: Allows the attacker to create or replace existing files. This type of vulnerability is also known as Zip-Slip.
      • +
    +

    One way to achieve this is by using a malicious zip archive that holds path traversal filenames. When each filename in the zip archive gets concatenated to the target extraction folder, without validation, the final path ends up outside of the target folder. If an executable or a configuration file is overwritten with a file containing malicious code, the problem can turn into an arbitrary code execution issue quite easily.

    +

    The following is an example of a zip archive with one benign file and one malicious file. Extracting the malicious file will result in traversing out of the target folder, ending up in /root/.ssh/ overwriting the authorized_keys file:

    + 
    2018-04-15 22:04:29 .....           19           19  good.txt
+        2018-04-15 22:04:42 .....           20           20  ../../../../../../root/.ssh/authorized_keys
+

    Remediation

    -

    Upgrade golang.org/x/net/http2 to version 0.23.0 or higher.

    +

    Upgrade github.com/cyphar/filepath-securejoin to version 0.2.4 or higher.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    @@ -572,7 +828,7 @@

    CVE-2020-22916

    • - Manifest file: quay.io/argoproj/argocd:v2.10.9/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -585,7 +841,7 @@

      CVE-2020-22916

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 and xz-utils/liblzma5@5.2.5-2ubuntu1 + docker-image|quay.io/argoproj/argocd@v2.7.17 and xz-utils/liblzma5@5.2.5-2ubuntu1
    @@ -598,7 +854,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 xz-utils/liblzma5@5.2.5-2ubuntu1 @@ -635,6 +891,82 @@

      References

      More about this vulnerability

    +
    +
    +

    CVE-2023-51767

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + openssh/openssh-client +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.7.17 and openssh/openssh-client@1:8.9p1-3ubuntu0.6 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + openssh/openssh-client@1:8.9p1-3ubuntu0.6 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 openssh.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    Information Exposure

    @@ -648,7 +980,7 @@

    Information Exposure

    • - Manifest file: quay.io/argoproj/argocd:v2.10.9/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -661,7 +993,7 @@

      Information Exposure

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 and libgcrypt20@1.9.4-3ubuntu3 + docker-image|quay.io/argoproj/argocd@v2.7.17 and libgcrypt20@1.9.4-3ubuntu3
    @@ -674,7 +1006,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 libgcrypt20@1.9.4-3ubuntu3 @@ -683,7 +1015,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -694,7 +1026,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -705,11 +1037,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 - apt@2.4.12 + apt@2.4.11 - apt/libapt-pkg6.0@2.4.12 + apt/libapt-pkg6.0@2.4.11 libgcrypt20@1.9.4-3ubuntu3 @@ -718,9 +1050,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 - apt@2.4.12 + apt@2.4.11 gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -731,7 +1063,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -744,7 +1076,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -757,7 +1089,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -770,7 +1102,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -783,7 +1115,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -796,7 +1128,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -809,11 +1141,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 - apt@2.4.12 + apt@2.4.11 - apt/libapt-pkg6.0@2.4.12 + apt/libapt-pkg6.0@2.4.11 systemd/libsystemd0@249.11-0ubuntu3.12 @@ -839,7 +1171,6 @@

      References

    • http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-2236
    • https://access.redhat.com/security/cve/CVE-2024-2236
    • https://bugzilla.redhat.com/show_bug.cgi?id=2268268
      • -
    • https://bugzilla.redhat.com/show_bug.cgi?id=2245218
    @@ -850,7 +1181,7 @@

    References

    -

    CVE-2024-26461

    +

    CVE-2022-48624

    @@ -861,7 +1192,7 @@

    CVE-2024-26461

    • - Manifest file: quay.io/argoproj/argocd:v2.10.9/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -869,12 +1200,12 @@

      CVE-2024-26461

    • Vulnerable module: - krb5/libk5crypto3 + less
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 + docker-image|quay.io/argoproj/argocd@v2.7.17 and less@590-1ubuntu0.22.04.1
    @@ -887,27 +1218,99 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 - krb5/libk5crypto3@1.19.2-2ubuntu0.3 + less@590-1ubuntu0.22.04.1
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream less package and not the less package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE.

    +

    Remediation

    +

    Upgrade Ubuntu:22.04 less to version 590-1ubuntu0.22.04.2 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    CVE-2024-26461

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + krb5/libk5crypto3 +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.7.17 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + krb5/libk5crypto3@1.19.2-2ubuntu0.3 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.1 + + pam/libpam-modules@1.4.0-11ubuntu2.4 + + libnsl/libnsl2@1.3.0-2build2 + + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 krb5/libk5crypto3@1.19.2-2ubuntu0.3 @@ -917,11 +1320,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 adduser@3.118ubuntu5 - shadow/passwd@1:4.8.1-2ubuntu2.2 + shadow/passwd@1:4.8.1-2ubuntu2.1 pam/libpam-modules@1.4.0-11ubuntu2.4 @@ -940,7 +1343,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 krb5/libkrb5-3@1.19.2-2ubuntu0.3 @@ -949,11 +1352,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 adduser@3.118ubuntu5 - shadow/passwd@1:4.8.1-2ubuntu2.2 + shadow/passwd@1:4.8.1-2ubuntu2.1 pam/libpam-modules@1.4.0-11ubuntu2.4 @@ -970,7 +1373,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -979,9 +1382,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 - openssh/openssh-client@1:8.9p1-3ubuntu0.7 + openssh/openssh-client@1:8.9p1-3ubuntu0.6 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -990,11 +1393,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1003,11 +1406,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 @@ -1018,11 +1421,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 adduser@3.118ubuntu5 - shadow/passwd@1:4.8.1-2ubuntu2.2 + shadow/passwd@1:4.8.1-2ubuntu2.1 pam/libpam-modules@1.4.0-11ubuntu2.4 @@ -1037,7 +1440,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 krb5/libkrb5support0@1.19.2-2ubuntu0.3 @@ -1081,7 +1484,7 @@

      CVE-2024-26462

      • - Manifest file: quay.io/argoproj/argocd:v2.10.9/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile
      • Package Manager: ubuntu:22.04 @@ -1094,7 +1497,7 @@

        CVE-2024-26462

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 + docker-image|quay.io/argoproj/argocd@v2.7.17 and krb5/libk5crypto3@1.19.2-2ubuntu0.3
      @@ -1107,7 +1510,7 @@

      Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 krb5/libk5crypto3@1.19.2-2ubuntu0.3 @@ -1116,11 +1519,11 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 adduser@3.118ubuntu5 - shadow/passwd@1:4.8.1-2ubuntu2.2 + shadow/passwd@1:4.8.1-2ubuntu2.1 pam/libpam-modules@1.4.0-11ubuntu2.4 @@ -1137,11 +1540,11 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 adduser@3.118ubuntu5 - shadow/passwd@1:4.8.1-2ubuntu2.2 + shadow/passwd@1:4.8.1-2ubuntu2.1 pam/libpam-modules@1.4.0-11ubuntu2.4 @@ -1160,7 +1563,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 krb5/libkrb5-3@1.19.2-2ubuntu0.3 @@ -1169,11 +1572,11 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 adduser@3.118ubuntu5 - shadow/passwd@1:4.8.1-2ubuntu2.2 + shadow/passwd@1:4.8.1-2ubuntu2.1 pam/libpam-modules@1.4.0-11ubuntu2.4 @@ -1190,7 +1593,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1199,9 +1602,9 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 - openssh/openssh-client@1:8.9p1-3ubuntu0.7 + openssh/openssh-client@1:8.9p1-3ubuntu0.6 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1210,11 +1613,11 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1223,11 +1626,11 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 @@ -1238,11 +1641,11 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 adduser@3.118ubuntu5 - shadow/passwd@1:4.8.1-2ubuntu2.2 + shadow/passwd@1:4.8.1-2ubuntu2.1 pam/libpam-modules@1.4.0-11ubuntu2.4 @@ -1257,7 +1660,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 krb5/libkrb5support0@1.19.2-2ubuntu0.3 @@ -1301,7 +1704,7 @@

        CVE-2024-26458

        • - Manifest file: quay.io/argoproj/argocd:v2.10.9/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile
        • Package Manager: ubuntu:22.04 @@ -1314,7 +1717,7 @@

          CVE-2024-26458

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 + docker-image|quay.io/argoproj/argocd@v2.7.17 and krb5/libk5crypto3@1.19.2-2ubuntu0.3
        @@ -1327,7 +1730,7 @@

        Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 krb5/libk5crypto3@1.19.2-2ubuntu0.3 @@ -1336,11 +1739,11 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 adduser@3.118ubuntu5 - shadow/passwd@1:4.8.1-2ubuntu2.2 + shadow/passwd@1:4.8.1-2ubuntu2.1 pam/libpam-modules@1.4.0-11ubuntu2.4 @@ -1357,11 +1760,11 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 adduser@3.118ubuntu5 - shadow/passwd@1:4.8.1-2ubuntu2.2 + shadow/passwd@1:4.8.1-2ubuntu2.1 pam/libpam-modules@1.4.0-11ubuntu2.4 @@ -1380,7 +1783,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 krb5/libkrb5-3@1.19.2-2ubuntu0.3 @@ -1389,11 +1792,11 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 adduser@3.118ubuntu5 - shadow/passwd@1:4.8.1-2ubuntu2.2 + shadow/passwd@1:4.8.1-2ubuntu2.1 pam/libpam-modules@1.4.0-11ubuntu2.4 @@ -1410,7 +1813,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1419,9 +1822,9 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 - openssh/openssh-client@1:8.9p1-3ubuntu0.7 + openssh/openssh-client@1:8.9p1-3ubuntu0.6 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1430,11 +1833,11 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1443,11 +1846,11 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 @@ -1458,11 +1861,11 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 adduser@3.118ubuntu5 - shadow/passwd@1:4.8.1-2ubuntu2.2 + shadow/passwd@1:4.8.1-2ubuntu2.1 pam/libpam-modules@1.4.0-11ubuntu2.4 @@ -1477,7 +1880,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 krb5/libkrb5support0@1.19.2-2ubuntu0.3 @@ -1510,7 +1913,7 @@

          References

    -

    LGPL-3.0 license

    +

    Infinite loop

    @@ -1521,20 +1924,20 @@

    LGPL-3.0 license

    • - Manifest file: quay.io/argoproj/argocd:v2.10.9/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argo-cd/v2 /usr/local/bin/argocd
    • Package Manager: golang
    • - Module: + Vulnerable module: - gopkg.in/retry.v1 + google.golang.org/protobuf/internal/encoding/json
    • Introduced through: - github.com/argoproj/argo-cd/v2@* and gopkg.in/retry.v1@v1.0.3 + github.com/argoproj/argo-cd/v2@* and google.golang.org/protobuf/internal/encoding/json@v1.31.0
    @@ -1549,7 +1952,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@* - gopkg.in/retry.v1@v1.0.3 + google.golang.org/protobuf/internal/encoding/json@v1.31.0 @@ -1560,17 +1963,28 @@

    Detailed paths

    -

    LGPL-3.0 license

    +

    Overview

    +

    Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

    +

    Note:

    +

    This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

    +

    Remediation

    +

    Upgrade google.golang.org/protobuf/internal/encoding/json to version 1.33.0 or higher.

    +

    References

    +
    -

    More about this vulnerability

    +

    More about this vulnerability

    -

    Infinite loop

    +

    Stack-based Buffer Overflow

    @@ -1581,7 +1995,7 @@

    Infinite loop

    • - Manifest file: quay.io/argoproj/argocd:v2.10.9/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argo-cd/v2 /usr/local/bin/argocd
    • Package Manager: golang @@ -1589,12 +2003,12 @@

      Infinite loop

    • Vulnerable module: - google.golang.org/protobuf/internal/encoding/json + google.golang.org/protobuf/encoding/protojson
    • Introduced through: - github.com/argoproj/argo-cd/v2@* and google.golang.org/protobuf/internal/encoding/json@v1.31.0 + github.com/argoproj/argo-cd/v2@* and google.golang.org/protobuf/encoding/protojson@v1.31.0
    @@ -1609,7 +2023,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@* - google.golang.org/protobuf/internal/encoding/json@v1.31.0 + google.golang.org/protobuf/encoding/protojson@v1.31.0 @@ -1621,27 +2035,24 @@

    Detailed paths

    Overview

    -

    Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

    -

    Note:

    -

    This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

    +

    Affected versions of this package are vulnerable to Stack-based Buffer Overflow when processing input that uses pathologically deep nesting.

    Remediation

    -

    Upgrade google.golang.org/protobuf/internal/encoding/json to version 1.33.0 or higher.

    +

    Upgrade google.golang.org/protobuf/encoding/protojson to version 1.32.0 or higher.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    -

    Stack-based Buffer Overflow

    +

    Infinite loop

    @@ -1652,7 +2063,7 @@

    Stack-based Buffer Overflow

    • - Manifest file: quay.io/argoproj/argocd:v2.10.9/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argo-cd/v2 /usr/local/bin/argocd
    • Package Manager: golang @@ -1692,24 +2103,27 @@

      Detailed paths

      Overview

      -

      Affected versions of this package are vulnerable to Stack-based Buffer Overflow when processing input that uses pathologically deep nesting.

      +

      Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

      +

      Note:

      +

      This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

      Remediation

      -

      Upgrade google.golang.org/protobuf/encoding/protojson to version 1.32.0 or higher.

      +

      Upgrade google.golang.org/protobuf/encoding/protojson to version 1.33.0 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    Infinite loop

    +

    Allocation of Resources Without Limits or Throttling

    @@ -1720,7 +2134,7 @@

    Infinite loop

    • - Manifest file: quay.io/argoproj/argocd:v2.10.9/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.7.17/helm/v3 /usr/local/bin/helm
    • Package Manager: golang @@ -1728,12 +2142,12 @@

      Infinite loop

    • Vulnerable module: - google.golang.org/protobuf/encoding/protojson + golang.org/x/net/http2
    • Introduced through: - github.com/argoproj/argo-cd/v2@* and google.golang.org/protobuf/encoding/protojson@v1.31.0 + helm.sh/helm/v3@* and golang.org/x/net/http2@v0.5.0
    @@ -1746,9 +2160,9 @@

    Detailed paths

    • Introduced through: - github.com/argoproj/argo-cd/v2@* + helm.sh/helm/v3@* - google.golang.org/protobuf/encoding/protojson@v1.31.0 + golang.org/x/net/http2@v0.5.0 @@ -1760,22 +2174,23 @@

      Detailed paths

      Overview

      -

      Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

      +

      golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

      +

      Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when MaxConcurrentStreams handler goroutines running. A a handler is started until one of the existing handlers exits.

      Note:

      -

      This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

      +

      This issue is related to CVE-2023-44487

      Remediation

      -

      Upgrade google.golang.org/protobuf/encoding/protojson to version 1.33.0 or higher.

      +

      Upgrade golang.org/x/net/http2 to version 0.17.0 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    @@ -1791,7 +2206,7 @@

    Authentication Bypass by Capture-replay

    @@ -1878,7 +2288,7 @@

    References

    -

    MPL-2.0 license

    +

    Information Exposure

    @@ -1889,20 +2299,20 @@

    MPL-2.0 license

    • - Manifest file: quay.io/argoproj/argocd:v2.10.9/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile
    • - Package Manager: golang + Package Manager: ubuntu:22.04
    • - Module: + Vulnerable module: - github.com/r3labs/diff + gnutls28/libgnutls30
    • Introduced through: - github.com/argoproj/argo-cd/v2@* and github.com/r3labs/diff@v1.1.0 + docker-image|quay.io/argoproj/argocd@v2.7.17 and gnutls28/libgnutls30@3.7.3-4ubuntu1.4
    @@ -1915,69 +2325,74 @@

    Detailed paths

    • Introduced through: - github.com/argoproj/argo-cd/v2@* + docker-image|quay.io/argoproj/argocd@v2.7.17 - github.com/r3labs/diff@v1.1.0 + gnutls28/libgnutls30@3.7.3-4ubuntu1.4
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.10.9/argoproj/argo-cd/v2 /usr/local/bin/argocd -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-version -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-version@v1.2.1 - -
      • -
    +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + apt@2.4.11 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + -
    +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + gnupg2/dirmngr@2.2.27-3ubuntu2.1 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + -

    Detailed paths

    +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + openldap/libldap-2.5-0@2.5.16+dfsg-0ubuntu0.22.04.2 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + -
    • -

    MPL-2.0 license

    +

    Uncaught Exception

    @@ -2009,20 +2437,20 @@

    MPL-2.0 license

    • - Manifest file: quay.io/argoproj/argocd:v2.10.9/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile
    • - Package Manager: golang + Package Manager: ubuntu:22.04
    • - Module: + Vulnerable module: - github.com/hashicorp/go-retryablehttp + gnutls28/libgnutls30
    • Introduced through: - github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-retryablehttp@v0.7.4 + docker-image|quay.io/argoproj/argocd@v2.7.17 and gnutls28/libgnutls30@3.7.3-4ubuntu1.4
    @@ -2035,54 +2463,1105 @@

    Detailed paths

    • Introduced through: - github.com/argoproj/argo-cd/v2@* + docker-image|quay.io/argoproj/argocd@v2.7.17 - github.com/hashicorp/go-retryablehttp@v0.7.4 + gnutls28/libgnutls30@3.7.3-4ubuntu1.4
      • -
    +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + apt@2.4.11 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + gnupg2/dirmngr@2.2.27-3ubuntu2.1 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + openldap/libldap-2.5-0@2.5.16+dfsg-0ubuntu0.22.04.2 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build4 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
    • + + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 gnutls28.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argo-cd/v2 /usr/local/bin/argocd +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/r3labs/diff +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@* and github.com/r3labs/diff@v1.1.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@* + + github.com/r3labs/diff@v1.1.0 + + + +
      • +
    + +
    + +
    + +

    MPL-2.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argo-cd/v2 /usr/local/bin/argocd +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/hashicorp/go-version +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-version@v1.2.1 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@* + + github.com/hashicorp/go-version@v1.2.1 + + + +
      • +
    + +
    + +
    + +

    MPL-2.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argo-cd/v2 /usr/local/bin/argocd +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/hashicorp/go-retryablehttp +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-retryablehttp@v0.7.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@* + + github.com/hashicorp/go-retryablehttp@v0.7.0 + + + +
      • +
    + +
    + +
    + +

    MPL-2.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argo-cd/v2 /usr/local/bin/argocd +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/hashicorp/go-cleanhttp +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-cleanhttp@v0.5.2 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@* + + github.com/hashicorp/go-cleanhttp@v0.5.2 + + + +
      • +
    + +
    + +
    + +

    MPL-2.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argo-cd/v2 /usr/local/bin/argocd +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/gosimple/slug +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@* and github.com/gosimple/slug@v1.13.1 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@* + + github.com/gosimple/slug@v1.13.1 + + + +
      • +
    + +
    + +
    + +

    MPL-2.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Denial of Service (DoS)

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.7.17/helm/v3 /usr/local/bin/helm +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + github.com/docker/distribution/registry/api/v2 +
      • + +
    • Introduced through: + + helm.sh/helm/v3@* and github.com/docker/distribution/registry/api/v2@v2.8.1+incompatible + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + helm.sh/helm/v3@* + + github.com/docker/distribution/registry/api/v2@v2.8.1+incompatible + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Denial of Service (DoS) due to improper validation of the value passed to the n parameter in the /v2/_catalog endpoint. + Exploiting this vulnerability is possible by sending a crafted malicious request to the /v2/_catalog API endpoint, which results in an allocation of a massive string array and excessive use of memory.

    +

    Remediation

    +

    Upgrade github.com/docker/distribution/registry/api/v2 to version 2.8.2-beta.1 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Resource Exhaustion

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + expat/libexpat1 +
      • + +
    • Introduced through: + + + docker-image|quay.io/argoproj/argocd@v2.7.17, git@1:2.34.1-1ubuntu1.10 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + git@1:2.34.1-1ubuntu1.10 + + expat/libexpat1@2.4.7-1ubuntu0.2 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.

    +

    Remediation

    +

    Upgrade Ubuntu:22.04 expat to version 2.4.7-1ubuntu0.3 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    CVE-2024-28757

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + expat/libexpat1 +
      • + +
    • Introduced through: + + + docker-image|quay.io/argoproj/argocd@v2.7.17, git@1:2.34.1-1ubuntu1.10 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + git@1:2.34.1-1ubuntu1.10 + + expat/libexpat1@2.4.7-1ubuntu0.2 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).

    +

    Remediation

    +

    Upgrade Ubuntu:22.04 expat to version 2.4.7-1ubuntu0.3 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Out-of-bounds Write

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + bash +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.7.17 and bash@5.1-6ubuntu1 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + bash@5.1-6ubuntu1 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream bash package and not the bash package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_transform. This issue may lead to memory problems.

    +

    Remediation

    +

    Upgrade Ubuntu:22.04 bash to version 5.1-6ubuntu1.1 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    CVE-2023-7008

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + systemd/libsystemd0 +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.7.17 and systemd/libsystemd0@249.11-0ubuntu3.12 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + systemd/libsystemd0@249.11-0ubuntu3.12 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + apt@2.4.11 + + systemd/libsystemd0@249.11-0ubuntu3.12 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + procps/libprocps8@2:3.3.17-6ubuntu2.1 + + systemd/libsystemd0@249.11-0ubuntu3.12 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + util-linux@2.37.2-4ubuntu3 + + systemd/libsystemd0@249.11-0ubuntu3.12 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + util-linux/bsdutils@1:2.37.2-4ubuntu3 + + systemd/libsystemd0@249.11-0ubuntu3.12 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + apt@2.4.11 + + apt/libapt-pkg6.0@2.4.11 + + systemd/libsystemd0@249.11-0ubuntu3.12 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + systemd/libudev1@249.11-0ubuntu3.12 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + libfido2/libfido2-1@1.10.0-1 + + systemd/libudev1@249.11-0ubuntu3.12 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + util-linux@2.37.2-4ubuntu3 + + systemd/libudev1@249.11-0ubuntu3.12 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + apt@2.4.11 + + apt/libapt-pkg6.0@2.4.11 + + systemd/libudev1@249.11-0ubuntu3.12 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream systemd package and not the systemd package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 systemd.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Arbitrary Code Injection

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + shadow/passwd +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.7.17 and shadow/passwd@1:4.8.1-2ubuntu2.1 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + shadow/passwd@1:4.8.1-2ubuntu2.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + openssh/openssh-client@1:8.9p1-3ubuntu0.6 + + shadow/passwd@1:4.8.1-2ubuntu2.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + shadow/login@1:4.8.1-2ubuntu2.1 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream shadow package and not the shadow package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 shadow.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Improper Authentication

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + shadow/passwd +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.7.17 and shadow/passwd@1:4.8.1-2ubuntu2.1 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + shadow/passwd@1:4.8.1-2ubuntu2.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + openssh/openssh-client@1:8.9p1-3ubuntu0.6 + + shadow/passwd@1:4.8.1-2ubuntu2.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + shadow/login@1:4.8.1-2ubuntu2.1 + + + +
      • +
    -

    MPL-2.0 license

    +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream shadow package and not the shadow package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory.

    +

    Remediation

    +

    Upgrade Ubuntu:22.04 shadow to version 1:4.8.1-2ubuntu2.2 or higher.

    +

    References

    +
    -

    More about this vulnerability

    +

    More about this vulnerability

    -
    -

    MPL-2.0 license

    +
    +

    Uncontrolled Recursion

    -
    - medium severity +
    + low severity
    • - Manifest file: quay.io/argoproj/argocd:v2.10.9/helm/v3 /usr/local/bin/helm + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile
    • - Package Manager: golang + Package Manager: ubuntu:22.04
    • - Module: + Vulnerable module: - github.com/hashicorp/go-multierror + pcre3/libpcre3
    • Introduced through: - helm.sh/helm/v3@* and github.com/hashicorp/go-multierror@v1.1.1 + docker-image|quay.io/argoproj/argocd@v2.7.17 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1
    @@ -2095,9 +3574,20 @@

    Detailed paths

    • Introduced through: - helm.sh/helm/v3@* + docker-image|quay.io/argoproj/argocd@v2.7.17 + + pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 - github.com/hashicorp/go-multierror@v1.1.1 + grep@3.7-1build1 + + pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 @@ -2108,41 +3598,58 @@

      Detailed paths

      -

      MPL-2.0 license

      +

      NVD Description

      +

      Note: Versions mentioned in the description apply only to the upstream pcre3 package and not the pcre3 package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      +

      In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.

      +

      Remediation

      +

      There is no fixed version for Ubuntu:22.04 pcre3.

      +

      References

      +
      -

      More about this vulnerability

      +

      More about this vulnerability

    -
    -

    MPL-2.0 license

    +
    +

    Release of Invalid Pointer or Reference

    -
    - medium severity +
    + low severity
    • - Manifest file: quay.io/argoproj/argocd:v2.10.9/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile
    • - Package Manager: golang + Package Manager: ubuntu:22.04
    • - Module: + Vulnerable module: - github.com/hashicorp/go-cleanhttp + patch
    • Introduced through: - github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-cleanhttp@v0.5.2 + docker-image|quay.io/argoproj/argocd@v2.7.17 and patch@2.7.6-7build2
    @@ -2155,9 +3662,9 @@

    Detailed paths

    • Introduced through: - github.com/argoproj/argo-cd/v2@* + docker-image|quay.io/argoproj/argocd@v2.7.17 - github.com/hashicorp/go-cleanhttp@v0.5.2 + patch@2.7.6-7build2 @@ -2168,41 +3675,51 @@

      Detailed paths

      -

      MPL-2.0 license

      +

      NVD Description

      +

      Note: Versions mentioned in the description apply only to the upstream patch package and not the patch package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      +

      An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.

      +

      Remediation

      +

      There is no fixed version for Ubuntu:22.04 patch.

      +

      References

      +
      -

      More about this vulnerability

      +

      More about this vulnerability

    -
    -

    MPL-2.0 license

    +
    +

    Double Free

    -
    - medium severity +
    + low severity
    • - Manifest file: quay.io/argoproj/argocd:v2.10.9/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile
    • - Package Manager: golang + Package Manager: ubuntu:22.04
    • - Module: + Vulnerable module: - github.com/gosimple/slug + patch
    • Introduced through: - github.com/argoproj/argo-cd/v2@* and github.com/gosimple/slug@v1.13.1 + docker-image|quay.io/argoproj/argocd@v2.7.17 and patch@2.7.6-7build2
    @@ -2215,9 +3732,9 @@

    Detailed paths

    • Introduced through: - github.com/argoproj/argo-cd/v2@* + docker-image|quay.io/argoproj/argocd@v2.7.17 - github.com/gosimple/slug@v1.13.1 + patch@2.7.6-7build2 @@ -2228,41 +3745,56 @@

      Detailed paths

      -

      MPL-2.0 license

      +

      NVD Description

      +

      Note: Versions mentioned in the description apply only to the upstream patch package and not the patch package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      +

      A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.

      +

      Remediation

      +

      There is no fixed version for Ubuntu:22.04 patch.

      +

      References

      +
      -

      More about this vulnerability

      +

      More about this vulnerability

    -
    -

    Improper Handling of Highly Compressed Data (Data Amplification)

    +
    +

    Improper Check for Unusual or Exceptional Conditions

    -
    - medium severity +
    + low severity
    • - Manifest file: quay.io/argoproj/argocd:v2.10.9/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile
    • - Package Manager: golang + Package Manager: ubuntu:22.04
    • Vulnerable module: - github.com/go-jose/go-jose/v3 + openssl/libssl3
    • Introduced through: - github.com/argoproj/argo-cd/v2@* and github.com/go-jose/go-jose/v3@v3.0.1 + docker-image|quay.io/argoproj/argocd@v2.7.17 and openssl/libssl3@3.0.2-0ubuntu1.13
    @@ -2275,9 +3807,113 @@

    Detailed paths

    • Introduced through: - github.com/argoproj/argo-cd/v2@* + docker-image|quay.io/argoproj/argocd@v2.7.17 + + openssl/libssl3@3.0.2-0ubuntu1.13 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 + + openssl/libssl3@3.0.2-0ubuntu1.13 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + libfido2/libfido2-1@1.10.0-1 + + openssl/libssl3@3.0.2-0ubuntu1.13 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + openssh/openssh-client@1:8.9p1-3ubuntu0.6 + + openssl/libssl3@3.0.2-0ubuntu1.13 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + ca-certificates@20230311ubuntu0.22.04.1 + + openssl@3.0.2-0ubuntu1.13 + + openssl/libssl3@3.0.2-0ubuntu1.13 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 + + openssl/libssl3@3.0.2-0ubuntu1.13 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + adduser@3.118ubuntu5 - github.com/go-jose/go-jose/v3@v3.0.1 + shadow/passwd@1:4.8.1-2ubuntu2.1 + + pam/libpam-modules@1.4.0-11ubuntu2.4 + + libnsl/libnsl2@1.3.0-2build2 + + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + krb5/libkrb5-3@1.19.2-2ubuntu0.3 + + openssl/libssl3@3.0.2-0ubuntu1.13 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + openssl@3.0.2-0ubuntu1.13 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + ca-certificates@20230311ubuntu0.22.04.1 + + openssl@3.0.2-0ubuntu1.13 @@ -2288,26 +3924,56 @@

      Detailed paths

      -

      Overview

      -

      Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data (Data Amplification). An attacker could send a JWE containing compressed data that, when decompressed by Decrypt or DecryptMulti, would use large amounts of memory and CPU.

      +

      NVD Description

      +

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      +

      Issue summary: Generating excessively long X9.42 DH keys or checking + excessively long X9.42 DH keys or parameters may be very slow.

      +

      Impact summary: Applications that use the functions DH_generate_key() to + generate an X9.42 DH key may experience long delays. Likewise, applications + that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() + to check an X9.42 DH key or X9.42 DH parameters may experience long delays. + Where the key or parameters that are being checked have been obtained from + an untrusted source this may lead to a Denial of Service.

      +

      While DH_check() performs all the necessary checks (as of CVE-2023-3817), + DH_check_pub_key() doesn't make any of these checks, and is therefore + vulnerable for excessively large P and Q parameters.

      +

      Likewise, while DH_generate_key() performs a check for an excessively large + P, it doesn't check for an excessively large Q.

      +

      An application that calls DH_generate_key() or DH_check_pub_key() and + supplies a key or parameters obtained from an untrusted source could be + vulnerable to a Denial of Service attack.

      +

      DH_generate_key() and DH_check_pub_key() are also called by a number of + other OpenSSL functions. An application calling any of those other + functions may similarly be affected. The other functions affected by this + are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().

      +

      Also vulnerable are the OpenSSL pkey command line application when using the + "-pubcheck" option, as well as the OpenSSL genpkey command line application.

      +

      The OpenSSL SSL/TLS implementation is not affected by this issue.

      +

      The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

      Remediation

      -

      Upgrade github.com/go-jose/go-jose/v3 to version 3.0.3 or higher.

      +

      Upgrade Ubuntu:22.04 openssl to version 3.0.2-0ubuntu1.14 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    CVE-2023-7008

    +

    Out-of-bounds Write

    @@ -2318,7 +3984,7 @@

    CVE-2023-7008

    • - Manifest file: quay.io/argoproj/argocd:v2.10.9/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -2326,12 +3992,12 @@

      CVE-2023-7008

    • Vulnerable module: - systemd/libsystemd0 + openssl/libssl3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 and systemd/libsystemd0@249.11-0ubuntu3.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 and openssl/libssl3@3.0.2-0ubuntu1.13
    @@ -2344,110 +4010,113 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 - systemd/libsystemd0@249.11-0ubuntu3.12 + openssl/libssl3@3.0.2-0ubuntu1.13
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 - apt@2.4.12 + cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - systemd/libsystemd0@249.11-0ubuntu3.12 + openssl/libssl3@3.0.2-0ubuntu1.13
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 - procps/libprocps8@2:3.3.17-6ubuntu2.1 + libfido2/libfido2-1@1.10.0-1 - systemd/libsystemd0@249.11-0ubuntu3.12 + openssl/libssl3@3.0.2-0ubuntu1.13
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 - util-linux@2.37.2-4ubuntu3.4 + openssh/openssh-client@1:8.9p1-3ubuntu0.6 - systemd/libsystemd0@249.11-0ubuntu3.12 + openssl/libssl3@3.0.2-0ubuntu1.13
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 - util-linux/bsdutils@1:2.37.2-4ubuntu3.4 + ca-certificates@20230311ubuntu0.22.04.1 - systemd/libsystemd0@249.11-0ubuntu3.12 + openssl@3.0.2-0ubuntu1.13 + + openssl/libssl3@3.0.2-0ubuntu1.13
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 - apt@2.4.12 + git@1:2.34.1-1ubuntu1.10 - apt/libapt-pkg6.0@2.4.12 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 - systemd/libsystemd0@249.11-0ubuntu3.12 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - systemd/libudev1@249.11-0ubuntu3.12 + openssl/libssl3@3.0.2-0ubuntu1.13
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 - libfido2/libfido2-1@1.10.0-1 + adduser@3.118ubuntu5 - systemd/libudev1@249.11-0ubuntu3.12 + shadow/passwd@1:4.8.1-2ubuntu2.1 + + pam/libpam-modules@1.4.0-11ubuntu2.4 + + libnsl/libnsl2@1.3.0-2build2 + + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + krb5/libkrb5-3@1.19.2-2ubuntu0.3 + + openssl/libssl3@3.0.2-0ubuntu1.13
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 - util-linux@2.37.2-4ubuntu3.4 - - systemd/libudev1@249.11-0ubuntu3.12 + openssl@3.0.2-0ubuntu1.13
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 - apt@2.4.12 + ca-certificates@20230311ubuntu0.22.04.1 - apt/libapt-pkg6.0@2.4.12 - - systemd/libudev1@249.11-0ubuntu3.12 + openssl@3.0.2-0ubuntu1.13 @@ -2459,32 +4128,57 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream systemd package and not the systemd package as distributed by Ubuntu. +

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.

      +

      Issue summary: The POLY1305 MAC (message authentication code) implementation + contains a bug that might corrupt the internal state of applications running + on PowerPC CPU based platforms if the CPU provides vector instructions.

      +

      Impact summary: If an attacker can influence whether the POLY1305 MAC + algorithm is used, the application state might be corrupted with various + application dependent consequences.

      +

      The POLY1305 MAC (message authentication code) implementation in OpenSSL for + PowerPC CPUs restores the contents of vector registers in a different order + than they are saved. Thus the contents of some of these vector registers + are corrupted when returning to the caller. The vulnerable code is used only + on newer PowerPC processors supporting the PowerISA 2.07 instructions.

      +

      The consequences of this kind of internal application state corruption can + be various - from no consequences, if the calling application does not + depend on the contents of non-volatile XMM registers at all, to the worst + consequences, where the attacker could get complete control of the application + process. However unless the compiler uses the vector registers for storing + pointers, the most likely consequence, if any, would be an incorrect result + of some application dependent calculations or a crash leading to a denial of + service.

      +

      The POLY1305 MAC algorithm is most frequently used as part of the + CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) + algorithm. The most common usage of this AEAD cipher is with TLS protocol + versions 1.2 and 1.3. If this cipher is enabled on the server a malicious + client can influence whether this AEAD cipher is used. This implies that + TLS server applications using OpenSSL can be potentially impacted. However + we are currently not aware of any concrete application that would be affected + by this issue therefore we consider this a Low severity security issue.

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 systemd.

      +

      Upgrade Ubuntu:22.04 openssl to version 3.0.2-0ubuntu1.14 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    Arbitrary Code Injection

    +

    CVE-2023-6237

    @@ -2495,7 +4189,7 @@

    Arbitrary Code Injection

    • - Manifest file: quay.io/argoproj/argocd:v2.10.9/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -2503,12 +4197,12 @@

      Arbitrary Code Injection

    • Vulnerable module: - shadow/passwd + openssl/libssl3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 and shadow/passwd@1:4.8.1-2ubuntu2.2 + docker-image|quay.io/argoproj/argocd@v2.7.17 and openssl/libssl3@3.0.2-0ubuntu1.13
    @@ -2521,124 +4215,113 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 - shadow/passwd@1:4.8.1-2ubuntu2.2 + openssl/libssl3@3.0.2-0ubuntu1.13
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 - adduser@3.118ubuntu5 + cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - shadow/passwd@1:4.8.1-2ubuntu2.2 + openssl/libssl3@3.0.2-0ubuntu1.13
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 - openssh/openssh-client@1:8.9p1-3ubuntu0.7 + libfido2/libfido2-1@1.10.0-1 - shadow/passwd@1:4.8.1-2ubuntu2.2 + openssl/libssl3@3.0.2-0ubuntu1.13
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 + + openssh/openssh-client@1:8.9p1-3ubuntu0.6 - shadow/login@1:4.8.1-2ubuntu2.2 + openssl/libssl3@3.0.2-0ubuntu1.13
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream shadow package and not the shadow package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 shadow.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Uncontrolled Recursion

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.10.9/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - pcre3/libpcre3 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.10.9 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 - -
      • -
    - -
    +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + ca-certificates@20230311ubuntu0.22.04.1 + + openssl@3.0.2-0ubuntu1.13 + + openssl/libssl3@3.0.2-0ubuntu1.13 + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 + + openssl/libssl3@3.0.2-0ubuntu1.13 + + -

    Detailed paths

    +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.1 + + pam/libpam-modules@1.4.0-11ubuntu2.4 + + libnsl/libnsl2@1.3.0-2build2 + + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + krb5/libkrb5-3@1.19.2-2ubuntu0.3 + + openssl/libssl3@3.0.2-0ubuntu1.13 + + -
    • -

    Release of Invalid Pointer or Reference

    +

    CVE-2024-0727

    @@ -2687,7 +4360,7 @@

    Release of Invalid Pointer or Reference

    • - Manifest file: quay.io/argoproj/argocd:v2.10.9/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -2695,12 +4368,12 @@

      Release of Invalid Pointer or Reference

    • Vulnerable module: - patch + openssl/libssl3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 and patch@2.7.6-7build2 + docker-image|quay.io/argoproj/argocd@v2.7.17 and openssl/libssl3@3.0.2-0ubuntu1.13
    @@ -2713,79 +4386,113 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 - patch@2.7.6-7build2 + openssl/libssl3@3.0.2-0ubuntu1.13
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream patch package and not the patch package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 patch.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Double Free

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.10.9/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - patch -
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 + + openssl/libssl3@3.0.2-0ubuntu1.13 + + -
    • Introduced through: +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + libfido2/libfido2-1@1.10.0-1 + + openssl/libssl3@3.0.2-0ubuntu1.13 + + - docker-image|quay.io/argoproj/argocd@v2.10.9 and patch@2.7.6-7build2 +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + openssh/openssh-client@1:8.9p1-3ubuntu0.6 + + openssl/libssl3@3.0.2-0ubuntu1.13 + + -
      • -
    + +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + ca-certificates@20230311ubuntu0.22.04.1 + + openssl@3.0.2-0ubuntu1.13 + + openssl/libssl3@3.0.2-0ubuntu1.13 + + -
    +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 + + openssl/libssl3@3.0.2-0ubuntu1.13 + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.1 + + pam/libpam-modules@1.4.0-11ubuntu2.4 + + libnsl/libnsl2@1.3.0-2build2 + + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + krb5/libkrb5-3@1.19.2-2ubuntu0.3 + + openssl/libssl3@3.0.2-0ubuntu1.13 + + -

    Detailed paths

    +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + openssl@3.0.2-0ubuntu1.13 + + -
    • @@ -2832,7 +4555,7 @@

    CVE-2023-50495

    • - Manifest file: quay.io/argoproj/argocd:v2.10.9/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -2845,7 +4568,7 @@

      CVE-2023-50495

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 and ncurses/libtinfo6@6.3-2ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.7.17 and ncurses/libtinfo6@6.3-2ubuntu0.1
    @@ -2858,7 +4581,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -2867,9 +4590,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 - bash@5.1-6ubuntu1.1 + bash@5.1-6ubuntu1 ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -2878,7 +4601,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 ncurses/libncursesw6@6.3-2ubuntu0.1 @@ -2889,9 +4612,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 - less@590-1ubuntu0.22.04.3 + less@590-1ubuntu0.22.04.1 ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -2900,7 +4623,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 libedit/libedit2@3.1-20210910-1build1 @@ -2911,7 +4634,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 ncurses/libncurses6@6.3-2ubuntu0.1 @@ -2922,7 +4645,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 ncurses/ncurses-bin@6.3-2ubuntu0.1 @@ -2933,7 +4656,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 procps@2:3.3.17-6ubuntu2.1 @@ -2944,9 +4667,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 - util-linux@2.37.2-4ubuntu3.4 + util-linux@2.37.2-4ubuntu3 ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -2955,7 +4678,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -2970,7 +4693,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2985,7 +4708,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 ncurses/libncursesw6@6.3-2ubuntu0.1 @@ -2994,7 +4717,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 procps@2:3.3.17-6ubuntu2.1 @@ -3005,7 +4728,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3020,7 +4743,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 ncurses/libncurses6@6.3-2ubuntu0.1 @@ -3029,7 +4752,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 procps@2:3.3.17-6ubuntu2.1 @@ -3040,7 +4763,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 ncurses/ncurses-base@6.3-2ubuntu0.1 @@ -3049,7 +4772,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 ncurses/ncurses-bin@6.3-2ubuntu0.1 @@ -3096,7 +4819,7 @@

      CVE-2023-45918

      • - Manifest file: quay.io/argoproj/argocd:v2.10.9/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile
      • Package Manager: ubuntu:22.04 @@ -3109,7 +4832,7 @@

        CVE-2023-45918

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 and ncurses/libtinfo6@6.3-2ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.7.17 and ncurses/libtinfo6@6.3-2ubuntu0.1
      @@ -3122,7 +4845,7 @@

      Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -3131,9 +4854,9 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 - bash@5.1-6ubuntu1.1 + bash@5.1-6ubuntu1 ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -3142,7 +4865,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 ncurses/libncursesw6@6.3-2ubuntu0.1 @@ -3153,9 +4876,9 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 - less@590-1ubuntu0.22.04.3 + less@590-1ubuntu0.22.04.1 ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -3164,7 +4887,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 libedit/libedit2@3.1-20210910-1build1 @@ -3175,7 +4898,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 ncurses/libncurses6@6.3-2ubuntu0.1 @@ -3186,7 +4909,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 ncurses/ncurses-bin@6.3-2ubuntu0.1 @@ -3197,7 +4920,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 procps@2:3.3.17-6ubuntu2.1 @@ -3208,9 +4931,9 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 - util-linux@2.37.2-4ubuntu3.4 + util-linux@2.37.2-4ubuntu3 ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -3219,7 +4942,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -3234,7 +4957,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3249,7 +4972,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 ncurses/libncursesw6@6.3-2ubuntu0.1 @@ -3258,7 +4981,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 procps@2:3.3.17-6ubuntu2.1 @@ -3269,7 +4992,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3284,7 +5007,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 ncurses/libncurses6@6.3-2ubuntu0.1 @@ -3293,7 +5016,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 procps@2:3.3.17-6ubuntu2.1 @@ -3304,7 +5027,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 ncurses/ncurses-base@6.3-2ubuntu0.1 @@ -3313,7 +5036,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 ncurses/ncurses-bin@6.3-2ubuntu0.1 @@ -3358,7 +5081,7 @@

        Resource Exhaustion

        • - Manifest file: quay.io/argoproj/argocd:v2.10.9/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile
        • Package Manager: ubuntu:22.04 @@ -3371,7 +5094,7 @@

          Resource Exhaustion

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 and libzstd/libzstd1@1.4.8+dfsg-3build1 + docker-image|quay.io/argoproj/argocd@v2.7.17 and libzstd/libzstd1@1.4.8+dfsg-3build1
        @@ -3384,7 +5107,7 @@

        Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 libzstd/libzstd1@1.4.8+dfsg-3build1 @@ -3405,15 +5128,15 @@

          Remediation

          There is no fixed version for Ubuntu:22.04 libzstd.

          References

          @@ -3435,7 +5158,7 @@

          Integer Overflow or Wraparound

          • - Manifest file: quay.io/argoproj/argocd:v2.10.9/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile
          • Package Manager: ubuntu:22.04 @@ -3448,7 +5171,7 @@

            Integer Overflow or Wraparound

          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 + docker-image|quay.io/argoproj/argocd@v2.7.17 and krb5/libk5crypto3@1.19.2-2ubuntu0.3
          @@ -3461,7 +5184,7 @@

          Detailed paths

          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 krb5/libk5crypto3@1.19.2-2ubuntu0.3 @@ -3470,11 +5193,11 @@

            Detailed paths

          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 adduser@3.118ubuntu5 - shadow/passwd@1:4.8.1-2ubuntu2.2 + shadow/passwd@1:4.8.1-2ubuntu2.1 pam/libpam-modules@1.4.0-11ubuntu2.4 @@ -3491,11 +5214,11 @@

            Detailed paths

          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 adduser@3.118ubuntu5 - shadow/passwd@1:4.8.1-2ubuntu2.2 + shadow/passwd@1:4.8.1-2ubuntu2.1 pam/libpam-modules@1.4.0-11ubuntu2.4 @@ -3514,7 +5237,7 @@

            Detailed paths

          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 krb5/libkrb5-3@1.19.2-2ubuntu0.3 @@ -3523,11 +5246,11 @@

            Detailed paths

          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 adduser@3.118ubuntu5 - shadow/passwd@1:4.8.1-2ubuntu2.2 + shadow/passwd@1:4.8.1-2ubuntu2.1 pam/libpam-modules@1.4.0-11ubuntu2.4 @@ -3544,7 +5267,7 @@

            Detailed paths

          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -3553,9 +5276,9 @@

            Detailed paths

          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 - openssh/openssh-client@1:8.9p1-3ubuntu0.7 + openssh/openssh-client@1:8.9p1-3ubuntu0.6 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -3564,11 +5287,11 @@

            Detailed paths

          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -3577,11 +5300,11 @@

            Detailed paths

          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 @@ -3592,11 +5315,11 @@

            Detailed paths

          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 adduser@3.118ubuntu5 - shadow/passwd@1:4.8.1-2ubuntu2.2 + shadow/passwd@1:4.8.1-2ubuntu2.1 pam/libpam-modules@1.4.0-11ubuntu2.4 @@ -3611,7 +5334,7 @@

            Detailed paths

          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 krb5/libkrb5support0@1.19.2-2ubuntu0.3 @@ -3659,7 +5382,7 @@

            Out-of-bounds Write

            • - Manifest file: quay.io/argoproj/argocd:v2.10.9/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile
            • Package Manager: ubuntu:22.04 @@ -3672,7 +5395,7 @@

              Out-of-bounds Write

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 and gnupg2/gpgv@2.2.27-3ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.7.17 and gnupg2/gpgv@2.2.27-3ubuntu2.1
            @@ -3685,7 +5408,7 @@

            Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -3694,9 +5417,9 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 - apt@2.4.12 + apt@2.4.11 gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -3705,7 +5428,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3716,7 +5439,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -3727,7 +5450,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -3738,7 +5461,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3751,7 +5474,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3764,7 +5487,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -3773,7 +5496,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3784,7 +5507,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3797,7 +5520,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1 @@ -3806,7 +5529,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3817,7 +5540,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 @@ -3826,7 +5549,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3837,7 +5560,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -3846,7 +5569,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3857,7 +5580,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3870,7 +5593,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3883,7 +5606,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gpg-agent@2.2.27-3ubuntu2.1 @@ -3892,7 +5615,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3903,7 +5626,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3916,7 +5639,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3929,7 +5652,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 @@ -3938,7 +5661,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3949,7 +5672,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 @@ -3958,7 +5681,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3969,7 +5692,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gpgsm@2.2.27-3ubuntu2.1 @@ -3978,7 +5701,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3989,7 +5712,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4010,13 +5733,13 @@

              Remediation

              There is no fixed version for Ubuntu:22.04 gnupg2.

              References

              @@ -4038,7 +5761,7 @@

              Allocation of Resources Without Limits or Throttling

            • - Manifest file: quay.io/argoproj/argocd:v2.10.9/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile
            • Package Manager: ubuntu:22.04 @@ -4051,7 +5774,7 @@

              Allocation of Resources Without Limits or Throttling

              Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 and glibc/libc-bin@2.35-0ubuntu3.7 + docker-image|quay.io/argoproj/argocd@v2.7.17 and glibc/libc-bin@2.35-0ubuntu3.6
            @@ -4064,18 +5787,18 @@

            Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 - glibc/libc-bin@2.35-0ubuntu3.7 + glibc/libc-bin@2.35-0ubuntu3.6
            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 - glibc/libc6@2.35-0ubuntu3.7 + glibc/libc6@2.35-0ubuntu3.6 @@ -4094,10 +5817,10 @@

              Remediation

              There is no fixed version for Ubuntu:22.04 glibc.

              References

              @@ -4119,7 +5842,7 @@

              Improper Input Validation

              • - Manifest file: quay.io/argoproj/argocd:v2.10.9/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile
              • Package Manager: ubuntu:22.04 @@ -4133,7 +5856,7 @@

                Improper Input Validation

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9, git@1:2.34.1-1ubuntu1.10 and others + docker-image|quay.io/argoproj/argocd@v2.7.17, git@1:2.34.1-1ubuntu1.10 and others
              @@ -4145,7 +5868,7 @@

              Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 git@1:2.34.1-1ubuntu1.10 @@ -4156,7 +5879,7 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 git@1:2.34.1-1ubuntu1.10 @@ -4165,7 +5888,7 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 git-lfs@3.0.2-1ubuntu0.2 @@ -4188,8 +5911,8 @@

                Remediation

                There is no fixed version for Ubuntu:22.04 git.

                References

                @@ -4212,7 +5935,7 @@

                Uncontrolled Recursion

                • - Manifest file: quay.io/argoproj/argocd:v2.10.9/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile
                • Package Manager: ubuntu:22.04 @@ -4225,7 +5948,7 @@

                  Uncontrolled Recursion

                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 and gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 + docker-image|quay.io/argoproj/argocd@v2.7.17 and gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04
                @@ -4238,7 +5961,7 @@

                Detailed paths

                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 @@ -4247,9 +5970,9 @@

                  Detailed paths

                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 - apt@2.4.12 + apt@2.4.11 gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 @@ -4258,11 +5981,11 @@

                  Detailed paths

                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 - apt@2.4.12 + apt@2.4.11 - apt/libapt-pkg6.0@2.4.12 + apt/libapt-pkg6.0@2.4.11 gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 @@ -4271,7 +5994,7 @@

                  Detailed paths

                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gcc-12/gcc-12-base@12.3.0-1ubuntu1~22.04 @@ -4280,7 +6003,7 @@

                  Detailed paths

                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gcc-12/libgcc-s1@12.3.0-1ubuntu1~22.04 @@ -4327,7 +6050,7 @@

                  Improper Input Validation

                  • - Manifest file: quay.io/argoproj/argocd:v2.10.9/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile
                  • Package Manager: ubuntu:22.04 @@ -4340,7 +6063,7 @@

                    Improper Input Validation

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 and coreutils@8.32-4.1ubuntu1.2 + docker-image|quay.io/argoproj/argocd@v2.7.17 and coreutils@8.32-4.1ubuntu1
                  @@ -4353,9 +6076,9 @@

                  Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 - coreutils@8.32-4.1ubuntu1.2 + coreutils@8.32-4.1ubuntu1 @@ -4374,12 +6097,12 @@

                    Remediation

                    There is no fixed version for Ubuntu:22.04 coreutils.

                    References

                    diff --git a/docs/snyk/v2.7.17/redis_7.0.14-alpine.html b/docs/snyk/v2.7.17/redis_7.0.14-alpine.html new file mode 100644 index 0000000000000..ea9cd5f9152fd --- /dev/null +++ b/docs/snyk/v2.7.17/redis_7.0.14-alpine.html @@ -0,0 +1,993 @@ + + + + + + + + + Snyk test report + + + + + + + + + +
                    +
                    +
                    +
                    + + + Snyk - Open Source Security + + + + + + + +
                    +

                    Snyk test report

                    + +

                    March 24th 2024, 12:22:21 am (UTC+00:00)

                    +
                    +
                    + Scanned the following paths: +
                      +
                    • redis:7.0.14-alpine (apk)
                      • +
                    • redis:7.0.14-alpine/tianon/gosu//usr/local/bin/gosu (gomodules)
                      • +
                    +
                    + +
                    +
                    3 known vulnerabilities
                    +
                    27 vulnerable dependency paths
                    +
                    19 dependencies
                    +
                    +
                    +
                    +
                    + +
                    +
                    +
                    +

                    Out-of-bounds Write

                    +
                    + +
                    + medium severity +
                    + +
                    + +
                      +
                    • + Package Manager: alpine:3.19 +
                      • +
                    • + Vulnerable module: + + openssl/libcrypto3 +
                      • + +
                    • Introduced through: + + docker-image|redis@7.0.14-alpine and openssl/libcrypto3@3.1.4-r2 + +
                      • +
                    + +
                    + + +

                    Detailed paths

                    + +
                      +
                    • + Introduced through: + docker-image|redis@7.0.14-alpine + + openssl/libcrypto3@3.1.4-r2 + + + +
                      • +
                    • + Introduced through: + docker-image|redis@7.0.14-alpine + + .redis-rundeps@20231208.201137 + + openssl/libcrypto3@3.1.4-r2 + + + +
                      • +
                    • + Introduced through: + docker-image|redis@7.0.14-alpine + + apk-tools/apk-tools@2.14.0-r5 + + openssl/libcrypto3@3.1.4-r2 + + + +
                      • +
                    • + Introduced through: + docker-image|redis@7.0.14-alpine + + busybox/ssl_client@1.36.1-r15 + + openssl/libcrypto3@3.1.4-r2 + + + +
                      • +
                    • + Introduced through: + docker-image|redis@7.0.14-alpine + + .redis-rundeps@20231208.201137 + + openssl/libssl3@3.1.4-r2 + + openssl/libcrypto3@3.1.4-r2 + + + +
                      • +
                    • + Introduced through: + docker-image|redis@7.0.14-alpine + + openssl/libssl3@3.1.4-r2 + + + +
                      • +
                    • + Introduced through: + docker-image|redis@7.0.14-alpine + + .redis-rundeps@20231208.201137 + + openssl/libssl3@3.1.4-r2 + + + +
                      • +
                    • + Introduced through: + docker-image|redis@7.0.14-alpine + + apk-tools/apk-tools@2.14.0-r5 + + openssl/libssl3@3.1.4-r2 + + + +
                      • +
                    • + Introduced through: + docker-image|redis@7.0.14-alpine + + busybox/ssl_client@1.36.1-r15 + + openssl/libssl3@3.1.4-r2 + + + +
                      • +
                    + +
                    + +
                    + +

                    NVD Description

                    +

                    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.19 relevant fixed versions and status.

                    +

                    Issue summary: The POLY1305 MAC (message authentication code) implementation + contains a bug that might corrupt the internal state of applications running + on PowerPC CPU based platforms if the CPU provides vector instructions.

                    +

                    Impact summary: If an attacker can influence whether the POLY1305 MAC + algorithm is used, the application state might be corrupted with various + application dependent consequences.

                    +

                    The POLY1305 MAC (message authentication code) implementation in OpenSSL for + PowerPC CPUs restores the contents of vector registers in a different order + than they are saved. Thus the contents of some of these vector registers + are corrupted when returning to the caller. The vulnerable code is used only + on newer PowerPC processors supporting the PowerISA 2.07 instructions.

                    +

                    The consequences of this kind of internal application state corruption can + be various - from no consequences, if the calling application does not + depend on the contents of non-volatile XMM registers at all, to the worst + consequences, where the attacker could get complete control of the application + process. However unless the compiler uses the vector registers for storing + pointers, the most likely consequence, if any, would be an incorrect result + of some application dependent calculations or a crash leading to a denial of + service.

                    +

                    The POLY1305 MAC algorithm is most frequently used as part of the + CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) + algorithm. The most common usage of this AEAD cipher is with TLS protocol + versions 1.2 and 1.3. If this cipher is enabled on the server a malicious + client can influence whether this AEAD cipher is used. This implies that + TLS server applications using OpenSSL can be potentially impacted. However + we are currently not aware of any concrete application that would be affected + by this issue therefore we consider this a Low severity security issue.

                    +

                    Remediation

                    +

                    Upgrade Alpine:3.19 openssl to version 3.1.4-r3 or higher.

                    +

                    References

                    + + +
                    + +
                    +

                    More about this vulnerability

                    +
                    + +
                    +
                    +

                    CVE-2024-0727

                    +
                    + +
                    + medium severity +
                    + +
                    + +
                      +
                    • + Package Manager: alpine:3.19 +
                      • +
                    • + Vulnerable module: + + openssl/libcrypto3 +
                      • + +
                    • Introduced through: + + docker-image|redis@7.0.14-alpine and openssl/libcrypto3@3.1.4-r2 + +
                      • +
                    + +
                    + + +

                    Detailed paths

                    + +
                      +
                    • + Introduced through: + docker-image|redis@7.0.14-alpine + + openssl/libcrypto3@3.1.4-r2 + + + +
                      • +
                    • + Introduced through: + docker-image|redis@7.0.14-alpine + + .redis-rundeps@20231208.201137 + + openssl/libcrypto3@3.1.4-r2 + + + +
                      • +
                    • + Introduced through: + docker-image|redis@7.0.14-alpine + + apk-tools/apk-tools@2.14.0-r5 + + openssl/libcrypto3@3.1.4-r2 + + + +
                      • +
                    • + Introduced through: + docker-image|redis@7.0.14-alpine + + busybox/ssl_client@1.36.1-r15 + + openssl/libcrypto3@3.1.4-r2 + + + +
                      • +
                    • + Introduced through: + docker-image|redis@7.0.14-alpine + + .redis-rundeps@20231208.201137 + + openssl/libssl3@3.1.4-r2 + + openssl/libcrypto3@3.1.4-r2 + + + +
                      • +
                    • + Introduced through: + docker-image|redis@7.0.14-alpine + + openssl/libssl3@3.1.4-r2 + + + +
                      • +
                    • + Introduced through: + docker-image|redis@7.0.14-alpine + + .redis-rundeps@20231208.201137 + + openssl/libssl3@3.1.4-r2 + + + +
                      • +
                    • + Introduced through: + docker-image|redis@7.0.14-alpine + + apk-tools/apk-tools@2.14.0-r5 + + openssl/libssl3@3.1.4-r2 + + + +
                      • +
                    • + Introduced through: + docker-image|redis@7.0.14-alpine + + busybox/ssl_client@1.36.1-r15 + + openssl/libssl3@3.1.4-r2 + + + +
                      • +
                    + +
                    + +
                    + +

                    NVD Description

                    +

                    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.19 relevant fixed versions and status.

                    +

                    Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL + to crash leading to a potential Denial of Service attack

                    +

                    Impact summary: Applications loading files in the PKCS12 format from untrusted + sources might terminate abruptly.

                    +

                    A file in PKCS12 format can contain certificates and keys and may come from an + untrusted source. The PKCS12 specification allows certain fields to be NULL, but + OpenSSL does not correctly check for this case. This can lead to a NULL pointer + dereference that results in OpenSSL crashing. If an application processes PKCS12 + files from an untrusted source using the OpenSSL APIs then that application will + be vulnerable to this issue.

                    +

                    OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), + PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() + and PKCS12_newpass().

                    +

                    We have also fixed a similar issue in SMIME_write_PKCS7(). However since this + function is related to writing data we do not consider it security significant.

                    +

                    The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.

                    +

                    Remediation

                    +

                    Upgrade Alpine:3.19 openssl to version 3.1.4-r5 or higher.

                    +

                    References

                    + + +
                    + +
                    +

                    More about this vulnerability

                    +
                    + +
                    +
                    +

                    CVE-2023-6237

                    +
                    + +
                    + low severity +
                    + +
                    + +
                      +
                    • + Package Manager: alpine:3.19 +
                      • +
                    • + Vulnerable module: + + openssl/libcrypto3 +
                      • + +
                    • Introduced through: + + docker-image|redis@7.0.14-alpine and openssl/libcrypto3@3.1.4-r2 + +
                      • +
                    + +
                    + + +

                    Detailed paths

                    + +
                      +
                    • + Introduced through: + docker-image|redis@7.0.14-alpine + + openssl/libcrypto3@3.1.4-r2 + + + +
                      • +
                    • + Introduced through: + docker-image|redis@7.0.14-alpine + + .redis-rundeps@20231208.201137 + + openssl/libcrypto3@3.1.4-r2 + + + +
                      • +
                    • + Introduced through: + docker-image|redis@7.0.14-alpine + + apk-tools/apk-tools@2.14.0-r5 + + openssl/libcrypto3@3.1.4-r2 + + + +
                      • +
                    • + Introduced through: + docker-image|redis@7.0.14-alpine + + busybox/ssl_client@1.36.1-r15 + + openssl/libcrypto3@3.1.4-r2 + + + +
                      • +
                    • + Introduced through: + docker-image|redis@7.0.14-alpine + + .redis-rundeps@20231208.201137 + + openssl/libssl3@3.1.4-r2 + + openssl/libcrypto3@3.1.4-r2 + + + +
                      • +
                    • + Introduced through: + docker-image|redis@7.0.14-alpine + + openssl/libssl3@3.1.4-r2 + + + +
                      • +
                    • + Introduced through: + docker-image|redis@7.0.14-alpine + + .redis-rundeps@20231208.201137 + + openssl/libssl3@3.1.4-r2 + + + +
                      • +
                    • + Introduced through: + docker-image|redis@7.0.14-alpine + + apk-tools/apk-tools@2.14.0-r5 + + openssl/libssl3@3.1.4-r2 + + + +
                      • +
                    • + Introduced through: + docker-image|redis@7.0.14-alpine + + busybox/ssl_client@1.36.1-r15 + + openssl/libssl3@3.1.4-r2 + + + +
                      • +
                    + +
                    + +
                    + +

                    NVD Description

                    +

                    This vulnerability has not been analyzed by NVD yet.

                    +

                    Remediation

                    +

                    Upgrade Alpine:3.19 openssl to version 3.1.4-r4 or higher.

                    + +
                    + +
                    +

                    More about this vulnerability

                    +
                    + +
                    +
                    +
                    +
                    + + + diff --git a/docs/snyk/v2.8.18/argocd-iac-install.html b/docs/snyk/v2.8.13/argocd-iac-install.html similarity index 98% rename from docs/snyk/v2.8.18/argocd-iac-install.html rename to docs/snyk/v2.8.13/argocd-iac-install.html index fc5b4388a1a3b..8e0c8abdd40c3 100644 --- a/docs/snyk/v2.8.18/argocd-iac-install.html +++ b/docs/snyk/v2.8.13/argocd-iac-install.html @@ -456,7 +456,7 @@

                    Snyk test report

                    -

                    May 5th 2024, 12:27:04 am (UTC+00:00)

                    +

                    March 24th 2024, 12:21:30 am (UTC+00:00)

                    Scanned the following path: @@ -507,7 +507,7 @@

                    Role or ClusterRole with dangerous permissions

                  • - Line number: 18460 + Line number: 18466
                  @@ -553,7 +553,7 @@

                  Role or ClusterRole with dangerous permissions

                • - Line number: 18537 + Line number: 18543
                @@ -599,7 +599,7 @@

                Role or ClusterRole with dangerous permissions

              • - Line number: 18565 + Line number: 18571
              @@ -645,7 +645,7 @@

              Role or ClusterRole with dangerous permissions

            • - Line number: 18595 + Line number: 18601
            @@ -691,7 +691,7 @@

            Role or ClusterRole with dangerous permissions

          • - Line number: 18613 + Line number: 18619
          @@ -737,7 +737,7 @@

          Role or ClusterRole with dangerous permissions

        • - Line number: 18629 + Line number: 18635
        @@ -789,7 +789,7 @@

        Container could be running with outdated image

      • - Line number: 19755 + Line number: 19761
      @@ -847,7 +847,7 @@

      Container has no CPU limit

    • - Line number: 19112 + Line number: 19118
    @@ -905,7 +905,7 @@

    Container has no CPU limit

  • - Line number: 19345 + Line number: 19351
    • @@ -963,7 +963,7 @@

    Container has no CPU limit

  • - Line number: 19311 + Line number: 19317
    • @@ -1021,7 +1021,7 @@

    Container has no CPU limit

  • - Line number: 19405 + Line number: 19411
    • @@ -1079,7 +1079,7 @@

    Container has no CPU limit

  • - Line number: 19498 + Line number: 19504
    • @@ -1137,7 +1137,7 @@

    Container has no CPU limit

  • - Line number: 19755 + Line number: 19761
    • @@ -1195,7 +1195,7 @@

    Container has no CPU limit

  • - Line number: 19555 + Line number: 19561
    • @@ -1253,7 +1253,7 @@

    Container has no CPU limit

  • - Line number: 19840 + Line number: 19846
    • @@ -1311,7 +1311,7 @@

    Container has no CPU limit

  • - Line number: 20162 + Line number: 20168
    • @@ -1363,7 +1363,7 @@

    Container is running with multiple open ports

  • - Line number: 19325 + Line number: 19331
    • @@ -1415,7 +1415,7 @@

    Container is running without liveness probe

  • - Line number: 19112 + Line number: 19118
    • @@ -1467,7 +1467,7 @@

    Container is running without liveness probe

  • - Line number: 19311 + Line number: 19317
    • @@ -1519,7 +1519,7 @@

    Container is running without liveness probe

  • - Line number: 19498 + Line number: 19504
    • @@ -1577,7 +1577,7 @@

    Container is running without memory limit

  • - Line number: 19112 + Line number: 19118
    • @@ -1635,7 +1635,7 @@

    Container is running without memory limit

  • - Line number: 19311 + Line number: 19317
    • @@ -1693,7 +1693,7 @@

    Container is running without memory limit

  • - Line number: 19345 + Line number: 19351
    • @@ -1751,7 +1751,7 @@

    Container is running without memory limit

  • - Line number: 19405 + Line number: 19411
    • @@ -1809,7 +1809,7 @@

    Container is running without memory limit

  • - Line number: 19498 + Line number: 19504
    • @@ -1867,7 +1867,7 @@

    Container is running without memory limit

  • - Line number: 19755 + Line number: 19761
    • @@ -1925,7 +1925,7 @@

    Container is running without memory limit

  • - Line number: 19555 + Line number: 19561
    • @@ -1983,7 +1983,7 @@

    Container is running without memory limit

  • - Line number: 19840 + Line number: 19846
    • @@ -2041,7 +2041,7 @@

    Container is running without memory limit

  • - Line number: 20162 + Line number: 20168
    • @@ -2097,7 +2097,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 19235 + Line number: 19241
    • @@ -2153,7 +2153,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 19353 + Line number: 19359
    • @@ -2209,7 +2209,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 19328 + Line number: 19334
    • @@ -2265,7 +2265,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 19432 + Line number: 19438
    • @@ -2321,7 +2321,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 19508 + Line number: 19514
    • @@ -2377,7 +2377,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 19762 + Line number: 19768
    • @@ -2433,7 +2433,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 19728 + Line number: 19734
    • @@ -2489,7 +2489,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 20072 + Line number: 20078
    • diff --git a/docs/snyk/v2.8.18/argocd-iac-namespace-install.html b/docs/snyk/v2.8.13/argocd-iac-namespace-install.html similarity index 99% rename from docs/snyk/v2.8.18/argocd-iac-namespace-install.html rename to docs/snyk/v2.8.13/argocd-iac-namespace-install.html index d177cdcf0a0a9..17296cd003c37 100644 --- a/docs/snyk/v2.8.18/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.8.13/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    May 5th 2024, 12:27:13 am (UTC+00:00)

    +

    March 24th 2024, 12:21:38 am (UTC+00:00)

    Scanned the following path: @@ -2545,7 +2545,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 1828 + Line number: 1822
    • diff --git a/docs/snyk/v2.8.13/argocd-test.html b/docs/snyk/v2.8.13/argocd-test.html new file mode 100644 index 0000000000000..8f02f01423f2f --- /dev/null +++ b/docs/snyk/v2.8.13/argocd-test.html @@ -0,0 +1,3027 @@ + + + + + + + + + Snyk test report + + + + + + + + + +
    +
    +
    +
    + + + Snyk - Open Source Security + + + + + + + +
    +

    Snyk test report

    + +

    March 24th 2024, 12:19:50 am (UTC+00:00)

    +
    +
    + Scanned the following paths: +
      +
    • /argo-cd/argoproj/argo-cd/v2/go.mod (gomodules)
      • +
    • /argo-cd/ui/yarn.lock (yarn)
      • +
    +
    + +
    +
    12 known vulnerabilities
    +
    108 vulnerable dependency paths
    +
    1856 dependencies
    +
    +
    +
    +
    + +
    +
    +
    +

    Denial of Service (DoS)

    +
    + +
    + high severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + github.com/go-jose/go-jose/v3 +
      • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, github.com/coreos/go-oidc/v3/oidc@3.6.0 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/coreos/go-oidc/v3/oidc@3.6.0 + + github.com/go-jose/go-jose/v3@3.0.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Denial of Service (DoS) when decrypting JWE inputs. An attacker can cause a denial-of-service by providing a PBES2 encrypted JWE blob with a very large p2c value.

    +

    Details

    +

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    +

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    +

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    +

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    +

    Two common types of DoS vulnerabilities:

    +
      +

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      +
      • +

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      +
      • +
    +

    Remediation

    +

    Upgrade github.com/go-jose/go-jose/v3 to version 3.0.1 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    LGPL-3.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + gopkg.in/retry.v1 +
      • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, github.com/Azure/kubelogin/pkg/token@0.0.20 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/Azure/kubelogin/pkg/token@0.0.20 + + gopkg.in/retry.v1@1.0.3 + + + +
      • +
    + +
    + +
    + +

    LGPL-3.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Infinite loop

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + google.golang.org/protobuf/internal/encoding/json +
      • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/pkg/grpc/http@#d56162821bd1 + + github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/reflection@1.58.3 + + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health@1.58.3 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

    +

    Note:

    +

    This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

    +

    Remediation

    +

    Upgrade google.golang.org/protobuf/internal/encoding/json to version 1.33.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Stack-based Buffer Overflow

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + google.golang.org/protobuf/encoding/protojson +
      • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/pkg/grpc/http@#d56162821bd1 + + github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 + + go.opentelemetry.io/proto/otlp/collector/trace/v1@0.19.0 + + github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.7.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/reflection@1.58.3 + + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health@1.58.3 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/reflection@1.58.3 + + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health@1.58.3 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Stack-based Buffer Overflow when processing input that uses pathologically deep nesting.

    +

    Remediation

    +

    Upgrade google.golang.org/protobuf/encoding/protojson to version 1.32.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Infinite loop

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + google.golang.org/protobuf/encoding/protojson +
      • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/pkg/grpc/http@#d56162821bd1 + + github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 + + go.opentelemetry.io/proto/otlp/collector/trace/v1@0.19.0 + + github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.7.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/reflection@1.58.3 + + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health@1.58.3 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/reflection@1.58.3 + + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health@1.58.3 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

    +

    Note:

    +

    This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

    +

    Remediation

    +

    Upgrade google.golang.org/protobuf/encoding/protojson to version 1.33.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Authentication Bypass by Capture-replay

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + golang.org/x/crypto/ssh +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@0.0.0 and golang.org/x/crypto/ssh@0.16.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + golang.org/x/crypto/ssh/knownhosts@0.16.0 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + github.com/skeema/knownhosts@1.2.1 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + github.com/skeema/knownhosts@1.2.1 + + golang.org/x/crypto/ssh/knownhosts@0.16.0 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + github.com/skeema/knownhosts@1.2.1 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + github.com/xanzy/ssh-agent@0.3.3 + + golang.org/x/crypto/ssh/agent@0.16.0 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + github.com/skeema/knownhosts@1.2.1 + + golang.org/x/crypto/ssh/knownhosts@0.16.0 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + github.com/skeema/knownhosts@1.2.1 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + github.com/xanzy/ssh-agent@0.3.3 + + golang.org/x/crypto/ssh/agent@0.16.0 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + github.com/skeema/knownhosts@1.2.1 + + golang.org/x/crypto/ssh/knownhosts@0.16.0 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + github.com/xanzy/ssh-agent@0.3.3 + + golang.org/x/crypto/ssh/agent@0.16.0 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    golang.org/x/crypto/ssh is a SSH client and server

    +

    Affected versions of this package are vulnerable to Authentication Bypass by Capture-replay during the establishment of the secure channel. An attacker can manipulate handshake sequence numbers to delete messages sent immediately after the channel is established.

    +

    Note:

    +
      +

    1. Sequence numbers are only validated once the channel is established and arbitrary messages are allowed during the handshake, allowing them to manipulate the sequence numbers.

      +
      2. +

    2. The potential consequences of the general Terrapin attack are dependent on the messages exchanged after the handshake concludes. If you are using a custom SSH service and do not resort to the authentication protocol, you should check that dropping the first few messages of a connection does not yield security risks.

      +
      3. +
    +

    Impact:

    +

    While cryptographically novel, there is no discernable impact on the integrity of SSH traffic beyond giving the attacker the ability to delete the message that enables some features related to keystroke timing obfuscation. To successfully carry out the exploitation, the connection needs to be protected using either the ChaCha20-Poly1305 or CBC with Encrypt-then-MAC encryption methods. The attacker must also be able to intercept and modify the connection's traffic.

    +

    Workaround

    +

    Temporarily disable the affected chacha20-poly1305@openssh.com encryption and *-etm@openssh.com MAC algorithms in the affected configuration, and use unaffected algorithms like AES-GCM instead.

    +

    Remediation

    +

    Upgrade golang.org/x/crypto/ssh to version 0.17.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/r3labs/diff +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@0.0.0 and github.com/r3labs/diff@1.1.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/r3labs/diff@1.1.0 + + + +
      • +
    + +
    + +
    + +

    MPL-2.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/hashicorp/go-version +
      • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, code.gitea.io/sdk/gitea@0.15.1 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + code.gitea.io/sdk/gitea@0.15.1 + + github.com/hashicorp/go-version@1.2.1 + + + +
      • +
    + +
    + +
    + +

    MPL-2.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/hashicorp/go-retryablehttp +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@0.0.0 and github.com/hashicorp/go-retryablehttp@0.7.4 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/hashicorp/go-retryablehttp@0.7.4 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/xanzy/go-gitlab@0.86.0 + + github.com/hashicorp/go-retryablehttp@0.7.4 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 + + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + + github.com/hashicorp/go-retryablehttp@0.7.4 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/cmd@#3446d4ae8520 + + github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 + + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + + github.com/hashicorp/go-retryablehttp@0.7.4 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#3446d4ae8520 + + github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 + + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + + github.com/hashicorp/go-retryablehttp@0.7.4 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/api@#3446d4ae8520 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#3446d4ae8520 + + github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 + + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + + github.com/hashicorp/go-retryablehttp@0.7.4 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/controller@#3446d4ae8520 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#3446d4ae8520 + + github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 + + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + + github.com/hashicorp/go-retryablehttp@0.7.4 + + + +
      • +
    + +
    + +
    + +

    MPL-2.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/hashicorp/go-cleanhttp +
      • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, github.com/hashicorp/go-retryablehttp@0.7.4 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/hashicorp/go-retryablehttp@0.7.4 + + github.com/hashicorp/go-cleanhttp@0.5.2 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/xanzy/go-gitlab@0.86.0 + + github.com/hashicorp/go-cleanhttp@0.5.2 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/xanzy/go-gitlab@0.86.0 + + github.com/hashicorp/go-retryablehttp@0.7.4 + + github.com/hashicorp/go-cleanhttp@0.5.2 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 + + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + + github.com/hashicorp/go-retryablehttp@0.7.4 + + github.com/hashicorp/go-cleanhttp@0.5.2 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/cmd@#3446d4ae8520 + + github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 + + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + + github.com/hashicorp/go-retryablehttp@0.7.4 + + github.com/hashicorp/go-cleanhttp@0.5.2 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#3446d4ae8520 + + github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 + + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + + github.com/hashicorp/go-retryablehttp@0.7.4 + + github.com/hashicorp/go-cleanhttp@0.5.2 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/api@#3446d4ae8520 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#3446d4ae8520 + + github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 + + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + + github.com/hashicorp/go-retryablehttp@0.7.4 + + github.com/hashicorp/go-cleanhttp@0.5.2 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/controller@#3446d4ae8520 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#3446d4ae8520 + + github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 + + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + + github.com/hashicorp/go-retryablehttp@0.7.4 + + github.com/hashicorp/go-cleanhttp@0.5.2 + + + +
      • +
    + +
    + +
    + +

    MPL-2.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/gosimple/slug +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@0.0.0 and github.com/gosimple/slug@1.13.1 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/gosimple/slug@1.13.1 + + + +
      • +
    + +
    + +
    + +

    MPL-2.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Improper Handling of Highly Compressed Data (Data Amplification)

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + github.com/go-jose/go-jose/v3 +
      • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, github.com/coreos/go-oidc/v3/oidc@3.6.0 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/coreos/go-oidc/v3/oidc@3.6.0 + + github.com/go-jose/go-jose/v3@3.0.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data (Data Amplification). An attacker could send a JWE containing compressed data that, when decompressed by Decrypt or DecryptMulti, would use large amounts of memory and CPU.

    +

    Remediation

    +

    Upgrade github.com/go-jose/go-jose/v3 to version 3.0.3 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +
    +
    + + + diff --git a/docs/snyk/v2.10.9/ghcr.io_dexidp_dex_v2.37.0.html b/docs/snyk/v2.8.13/ghcr.io_dexidp_dex_v2.37.0.html similarity index 89% rename from docs/snyk/v2.10.9/ghcr.io_dexidp_dex_v2.37.0.html rename to docs/snyk/v2.8.13/ghcr.io_dexidp_dex_v2.37.0.html index f388b196b9e93..24a737a6ba12f 100644 --- a/docs/snyk/v2.10.9/ghcr.io_dexidp_dex_v2.37.0.html +++ b/docs/snyk/v2.8.13/ghcr.io_dexidp_dex_v2.37.0.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    May 5th 2024, 12:20:48 am (UTC+00:00)

    +

    March 24th 2024, 12:19:56 am (UTC+00:00)

    Scanned the following paths: @@ -469,8 +469,8 @@

    Snyk test report

    -
    44 known vulnerabilities
    -
    130 vulnerable dependency paths
    +
    42 known vulnerabilities
    +
    121 vulnerable dependency paths
    786 dependencies

    @@ -655,7 +655,7 @@

    Remediation

    Upgrade Alpine:3.18 busybox to version 1.36.1-r1 or higher.

    References

    @@ -818,14 +818,14 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r0 or higher.

    References

    @@ -904,7 +904,6 @@

    References

    -
    -
    -

    Allocation of Resources Without Limits or Throttling

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/net/http2 -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and golang.org/x/net/http2@v0.7.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - golang.org/x/net/http2@v0.7.0 - - - -
      • -
    • - Introduced through: - github.com/dexidp/dex@* - - golang.org/x/net/http2@v0.11.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    -

    Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when reading header data from CONTINUATION frames. As part of the HPACK flow, all incoming HEADERS and CONTINUATION frames are read even if their payloads exceed MaxHeaderBytes and will be discarded. An attacker can send excessive data over a connection to render it unresponsive.

    -

    Remediation

    -

    Upgrade golang.org/x/net/http2 to version 0.23.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    -

    Heap-based Buffer Overflow

    @@ -1236,7 +1154,6 @@

    Remediation

    Upgrade github.com/go-jose/go-jose/v3 to version 3.0.1 or higher.

    References

    @@ -1386,13 +1303,13 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.1-r2 or higher.

    References

    @@ -1545,18 +1462,18 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.1-r3 or higher.

    References

    @@ -1707,20 +1624,20 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.2-r0 or higher.

    References

    @@ -1875,14 +1792,13 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r1 or higher.

    References

    @@ -2046,10 +1962,6 @@

    References

  • https://www.openssl.org/news/secadv/20240109.txt
  • http://www.openwall.com/lists/oss-security/2024/01/09/1
  • https://security.netapp.com/advisory/ntap-20240216-0009/
    • -
  • https://security.netapp.com/advisory/ntap-20240426-0008/
    • -
  • https://security.netapp.com/advisory/ntap-20240426-0013/
    • -
  • http://www.openwall.com/lists/oss-security/2024/03/11/1
    • -
  • https://security.netapp.com/advisory/ntap-20240503-0011/
    • @@ -2196,14 +2108,13 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r5 or higher.

    References

    @@ -2734,18 +2645,13 @@

    References

  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
    • -
  • GitHub Commit
    • -
  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
  • GitHub Issue
  • GitHub Issue
    • -
  • GitHub PR
  • Go Forum
  • Google Groups Forum
    • -
  • Jenkins Advisory
  • Security Release
    • -
  • Nuclei Templates
    • @@ -4412,38 +4318,9 @@

    Detailed paths

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Checking excessively long invalid RSA public keys may take - a long time.

    -

    Impact summary: Applications that use the function EVP_PKEY_public_check() - to check RSA public keys may experience long delays. Where the key that - is being checked has been obtained from an untrusted source this may lead - to a Denial of Service.

    -

    When function EVP_PKEY_public_check() is called on RSA public keys, - a computation is done to confirm that the RSA modulus, n, is composite. - For valid RSA keys, n is a product of two or more large primes and this - computation completes quickly. However, if n is an overly large prime, - then this computation would take a long time.

    -

    An application that calls EVP_PKEY_public_check() and supplies an RSA key - obtained from an untrusted source could be vulnerable to a Denial of Service - attack.

    -

    The function EVP_PKEY_public_check() is not called from other OpenSSL - functions however it is called from the OpenSSL pkey command line - application. For that reason that application is also vulnerable if used - with the '-pubin' and '-check' options on untrusted data.

    -

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    -

    The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

    +

    This vulnerability has not been analyzed by NVD yet.

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r4 or higher.

    -

    References

    -
    @@ -4452,158 +4329,6 @@

    References

    -
    -

    CVE-2024-2511

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Some non-default TLS server configurations can cause unbounded - memory growth when processing TLSv1.3 sessions

    -

    Impact summary: An attacker may exploit certain server configurations to trigger - unbounded memory growth that would lead to a Denial of Service

    -

    This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is - being used (but not if early_data support is also configured and the default - anti-replay protection is in use). In this case, under certain conditions, the - session cache can get into an incorrect state and it will fail to flush properly - as it fills. The session cache will continue to grow in an unbounded manner. A - malicious client could deliberately create the scenario for this failure to - force a Denial of Service. It may also happen by accident in normal operation.

    -

    This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS - clients.

    -

    The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL - 1.0.2 is also not affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.4-r6 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    diff --git a/docs/snyk/v2.9.14/haproxy_2.6.14-alpine.html b/docs/snyk/v2.8.13/haproxy_2.6.14-alpine.html similarity index 78% rename from docs/snyk/v2.9.14/haproxy_2.6.14-alpine.html rename to docs/snyk/v2.8.13/haproxy_2.6.14-alpine.html index 0cc87f18067b9..b2b3a76ed356e 100644 --- a/docs/snyk/v2.9.14/haproxy_2.6.14-alpine.html +++ b/docs/snyk/v2.8.13/haproxy_2.6.14-alpine.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    May 5th 2024, 12:23:15 am (UTC+00:00)

    +

    March 24th 2024, 12:20:01 am (UTC+00:00)

    Scanned the following path: @@ -466,8 +466,8 @@

    Snyk test report

    -
    6 known vulnerabilities
    -
    54 vulnerable dependency paths
    +
    5 known vulnerabilities
    +
    45 vulnerable dependency paths
    18 dependencies
    @@ -660,14 +660,14 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r0 or higher.

    References

    @@ -844,14 +844,13 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r1 or higher.

    References

    @@ -1037,10 +1036,6 @@

    References

  • https://www.openssl.org/news/secadv/20240109.txt
  • http://www.openwall.com/lists/oss-security/2024/01/09/1
  • https://security.netapp.com/advisory/ntap-20240216-0009/
    • -
  • https://security.netapp.com/advisory/ntap-20240426-0008/
    • -
  • https://security.netapp.com/advisory/ntap-20240426-0013/
    • -
  • http://www.openwall.com/lists/oss-security/2024/03/11/1
    • -
  • https://security.netapp.com/advisory/ntap-20240503-0011/
    • @@ -1209,14 +1204,13 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r5 or higher.

    References

    @@ -1363,38 +1357,9 @@

    Detailed paths

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Checking excessively long invalid RSA public keys may take - a long time.

    -

    Impact summary: Applications that use the function EVP_PKEY_public_check() - to check RSA public keys may experience long delays. Where the key that - is being checked has been obtained from an untrusted source this may lead - to a Denial of Service.

    -

    When function EVP_PKEY_public_check() is called on RSA public keys, - a computation is done to confirm that the RSA modulus, n, is composite. - For valid RSA keys, n is a product of two or more large primes and this - computation completes quickly. However, if n is an overly large prime, - then this computation would take a long time.

    -

    An application that calls EVP_PKEY_public_check() and supplies an RSA key - obtained from an untrusted source could be vulnerable to a Denial of Service - attack.

    -

    The function EVP_PKEY_public_check() is not called from other OpenSSL - functions however it is called from the OpenSSL pkey command line - application. For that reason that application is also vulnerable if used - with the '-pubin' and '-check' options on untrusted data.

    -

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    -

    The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

    +

    This vulnerability has not been analyzed by NVD yet.

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r4 or higher.

    -

    References

    -
    @@ -1403,180 +1368,6 @@

    References

    -
    -

    CVE-2024-2511

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Some non-default TLS server configurations can cause unbounded - memory growth when processing TLSv1.3 sessions

    -

    Impact summary: An attacker may exploit certain server configurations to trigger - unbounded memory growth that would lead to a Denial of Service

    -

    This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is - being used (but not if early_data support is also configured and the default - anti-replay protection is in use). In this case, under certain conditions, the - session cache can get into an incorrect state and it will fail to flush properly - as it fills. The session cache will continue to grow in an unbounded manner. A - malicious client could deliberately create the scenario for this failure to - force a Denial of Service. It may also happen by accident in normal operation.

    -

    This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS - clients.

    -

    The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL - 1.0.2 is also not affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.4-r6 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    diff --git a/docs/snyk/v2.9.14/quay.io_argoproj_argocd_v2.9.14.html b/docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html similarity index 83% rename from docs/snyk/v2.9.14/quay.io_argoproj_argocd_v2.9.14.html rename to docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html index 0ed72b091a090..01078e7e7a861 100644 --- a/docs/snyk/v2.9.14/quay.io_argoproj_argocd_v2.9.14.html +++ b/docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,23 +456,23 @@

    Snyk test report

    -

    May 5th 2024, 12:23:35 am (UTC+00:00)

    +

    March 24th 2024, 12:20:18 am (UTC+00:00)

    Scanned the following paths:
      -
    • quay.io/argoproj/argocd:v2.9.14/argoproj/argocd/Dockerfile (deb)
      • -
    • quay.io/argoproj/argocd:v2.9.14/argoproj/argo-cd/v2//usr/local/bin/argocd (gomodules)
      • -
    • quay.io/argoproj/argocd:v2.9.14//usr/local/bin/kustomize (gomodules)
      • -
    • quay.io/argoproj/argocd:v2.9.14/helm/v3//usr/local/bin/helm (gomodules)
      • -
    • quay.io/argoproj/argocd:v2.9.14/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.8.13/argoproj/argocd/Dockerfile (deb)
      • +
    • quay.io/argoproj/argocd:v2.8.13/argoproj/argo-cd/v2//usr/local/bin/argocd (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.8.13/kustomize/kustomize/v5//usr/local/bin/kustomize (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.8.13/helm/v3//usr/local/bin/helm (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.8.13/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)
    -
    33 known vulnerabilities
    -
    167 vulnerable dependency paths
    -
    2189 dependencies
    +
    39 known vulnerabilities
    +
    182 vulnerable dependency paths
    +
    2120 dependencies
    @@ -492,7 +492,7 @@

    Denial of Service (DoS)

    • - Manifest file: quay.io/argoproj/argocd:v2.9.14/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.8.13/helm/v3 /usr/local/bin/helm
    • Package Manager: golang @@ -500,12 +500,12 @@

      Denial of Service (DoS)

    • Vulnerable module: - google.golang.org/grpc + golang.org/x/net/http2
    • Introduced through: - github.com/argoproj/argo-cd/v2@* and google.golang.org/grpc@v1.56.2 + helm.sh/helm/v3@* and golang.org/x/net/http2@v0.8.0
    @@ -518,9 +518,9 @@

    Detailed paths

    • Introduced through: - github.com/argoproj/argo-cd/v2@* + helm.sh/helm/v3@* - google.golang.org/grpc@v1.56.2 + golang.org/x/net/http2@v0.8.0 @@ -532,15 +532,14 @@

      Detailed paths

      Overview

      -

      google.golang.org/grpc is a Go implementation of gRPC

      +

      golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

      Affected versions of this package are vulnerable to Denial of Service (DoS) in the implementation of the HTTP/2 protocol. An attacker can cause a denial of service (including via DDoS) by rapidly resetting many streams through request cancellation.

      Remediation

      -

      Upgrade google.golang.org/grpc to version 1.56.3, 1.57.1, 1.58.3 or higher.

      +

      Upgrade golang.org/x/net/http2 to version 0.17.0 or higher.

      References

    -

    Allocation of Resources Without Limits or Throttling

    +

    Denial of Service (DoS)

    @@ -574,7 +573,7 @@

    Allocation of Resources Without Limits or Throttling

  • - Manifest file: quay.io/argoproj/argocd:v2.9.14/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argo-cd/v2 /usr/local/bin/argocd
  • Package Manager: golang @@ -582,12 +581,12 @@

    Allocation of Resources Without Limits or Throttling

    Vulnerable module: - golang.org/x/net/http2 + github.com/go-jose/go-jose/v3
  • Introduced through: - github.com/argoproj/argo-cd/v2@* and golang.org/x/net/http2@v0.19.0 + github.com/argoproj/argo-cd/v2@* and github.com/go-jose/go-jose/v3@v3.0.0
    • @@ -602,16 +601,87 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@* - golang.org/x/net/http2@v0.19.0 + github.com/go-jose/go-jose/v3@v3.0.0 + + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Denial of Service (DoS) when decrypting JWE inputs. An attacker can cause a denial-of-service by providing a PBES2 encrypted JWE blob with a very large p2c value.

    +

    Details

    +

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    +

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    +

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    +

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    +

    Two common types of DoS vulnerabilities:

    +
      +

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      +
      • +

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      +
      • +
    +

    Remediation

    +

    Upgrade github.com/go-jose/go-jose/v3 to version 3.0.1 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Directory Traversal

    +
    + +
    + high severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.8.13/helm/v3 /usr/local/bin/helm +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + github.com/cyphar/filepath-securejoin +
      • + +
    • Introduced through: + + helm.sh/helm/v3@* and github.com/cyphar/filepath-securejoin@v0.2.3 + +
      • +
    + +
    + + +

    Detailed paths

    + +
    • Introduced through: helm.sh/helm/v3@* - golang.org/x/net/http2@v0.17.0 + github.com/cyphar/filepath-securejoin@v0.2.3 @@ -623,22 +693,41 @@

      Detailed paths

      Overview

      -

      golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

      -

      Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when reading header data from CONTINUATION frames. As part of the HPACK flow, all incoming HEADERS and CONTINUATION frames are read even if their payloads exceed MaxHeaderBytes and will be discarded. An attacker can send excessive data over a connection to render it unresponsive.

      +

      Affected versions of this package are vulnerable to Directory Traversal via the filepath.FromSlash() function, allwoing attackers to generate paths that were outside of the provided rootfs.

      +

      Note: + This vulnerability is only exploitable on Windows OS.

      +

      Details

      +

      A Directory Traversal attack (also known as path traversal) aims to access files and directories that are stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and its variations, or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system, including application source code, configuration, and other critical system files.

      +

      Directory Traversal vulnerabilities can be generally divided into two types:

      +
        +
      • Information Disclosure: Allows the attacker to gain information about the folder structure or read the contents of sensitive files on the system.
        • +
      +

      st is a module for serving static files on web pages, and contains a vulnerability of this type. In our example, we will serve files from the public route.

      +

      If an attacker requests the following URL from our server, it will in turn leak the sensitive private key of the root user.

      + 
      curl http://localhost:8080/public/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/root/.ssh/id_rsa
+
      +

      Note %2e is the URL encoded version of . (dot).

      +
        +
      • Writing arbitrary files: Allows the attacker to create or replace existing files. This type of vulnerability is also known as Zip-Slip.
        • +
      +

      One way to achieve this is by using a malicious zip archive that holds path traversal filenames. When each filename in the zip archive gets concatenated to the target extraction folder, without validation, the final path ends up outside of the target folder. If an executable or a configuration file is overwritten with a file containing malicious code, the problem can turn into an arbitrary code execution issue quite easily.

      +

      The following is an example of a zip archive with one benign file and one malicious file. Extracting the malicious file will result in traversing out of the target folder, ending up in /root/.ssh/ overwriting the authorized_keys file:

      + 
      2018-04-15 22:04:29 .....           19           19  good.txt
+        2018-04-15 22:04:42 .....           20           20  ../../../../../../root/.ssh/authorized_keys
+

      Remediation

      -

      Upgrade golang.org/x/net/http2 to version 0.23.0 or higher.

      +

      Upgrade github.com/cyphar/filepath-securejoin to version 0.2.4 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    @@ -654,7 +743,7 @@

    CVE-2020-22916

    • - Manifest file: quay.io/argoproj/argocd:v2.9.14/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -667,7 +756,7 @@

      CVE-2020-22916

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 and xz-utils/liblzma5@5.2.5-2ubuntu1 + docker-image|quay.io/argoproj/argocd@v2.8.13 and xz-utils/liblzma5@5.2.5-2ubuntu1
    @@ -680,7 +769,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 xz-utils/liblzma5@5.2.5-2ubuntu1 @@ -717,6 +806,82 @@

      References

      More about this vulnerability

    +
    +
    +

    CVE-2023-51767

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + openssh/openssh-client +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.8.13 and openssh/openssh-client@1:8.9p1-3ubuntu0.6 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.13 + + openssh/openssh-client@1:8.9p1-3ubuntu0.6 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 openssh.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    Information Exposure

    @@ -730,7 +895,7 @@

    Information Exposure

    • - Manifest file: quay.io/argoproj/argocd:v2.9.14/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -743,7 +908,7 @@

      Information Exposure

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 and libgcrypt20@1.9.4-3ubuntu3 + docker-image|quay.io/argoproj/argocd@v2.8.13 and libgcrypt20@1.9.4-3ubuntu3
    @@ -756,7 +921,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 libgcrypt20@1.9.4-3ubuntu3 @@ -765,7 +930,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -776,7 +941,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -787,11 +952,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 - apt@2.4.12 + apt@2.4.11 - apt/libapt-pkg6.0@2.4.12 + apt/libapt-pkg6.0@2.4.11 libgcrypt20@1.9.4-3ubuntu3 @@ -800,9 +965,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 - apt@2.4.12 + apt@2.4.11 gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -813,7 +978,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -826,7 +991,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -839,7 +1004,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -852,7 +1017,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -865,7 +1030,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -878,7 +1043,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -891,11 +1056,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 - apt@2.4.12 + apt@2.4.11 - apt/libapt-pkg6.0@2.4.12 + apt/libapt-pkg6.0@2.4.11 systemd/libsystemd0@249.11-0ubuntu3.12 @@ -921,7 +1086,6 @@

      References

    • http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-2236
    • https://access.redhat.com/security/cve/CVE-2024-2236
    • https://bugzilla.redhat.com/show_bug.cgi?id=2268268
      • -
    • https://bugzilla.redhat.com/show_bug.cgi?id=2245218
    @@ -943,7 +1107,7 @@

    CVE-2024-26461

    • - Manifest file: quay.io/argoproj/argocd:v2.9.14/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -956,7 +1120,7 @@

      CVE-2024-26461

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 + docker-image|quay.io/argoproj/argocd@v2.8.13 and krb5/libk5crypto3@1.19.2-2ubuntu0.3
    @@ -969,7 +1133,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 krb5/libk5crypto3@1.19.2-2ubuntu0.3 @@ -978,7 +1142,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 adduser@3.118ubuntu5 @@ -999,7 +1163,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 adduser@3.118ubuntu5 @@ -1022,7 +1186,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 krb5/libkrb5-3@1.19.2-2ubuntu0.3 @@ -1031,7 +1195,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 adduser@3.118ubuntu5 @@ -1052,7 +1216,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1061,9 +1225,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 - openssh/openssh-client@1:8.9p1-3ubuntu0.7 + openssh/openssh-client@1:8.9p1-3ubuntu0.6 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1072,11 +1236,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1085,11 +1249,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 @@ -1100,7 +1264,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 adduser@3.118ubuntu5 @@ -1119,7 +1283,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 krb5/libkrb5support0@1.19.2-2ubuntu0.3 @@ -1163,7 +1327,7 @@

      CVE-2024-26462

      • - Manifest file: quay.io/argoproj/argocd:v2.9.14/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd Dockerfile
      • Package Manager: ubuntu:22.04 @@ -1176,7 +1340,7 @@

        CVE-2024-26462

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 + docker-image|quay.io/argoproj/argocd@v2.8.13 and krb5/libk5crypto3@1.19.2-2ubuntu0.3
      @@ -1189,7 +1353,7 @@

      Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 krb5/libk5crypto3@1.19.2-2ubuntu0.3 @@ -1198,7 +1362,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 adduser@3.118ubuntu5 @@ -1219,7 +1383,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 adduser@3.118ubuntu5 @@ -1242,7 +1406,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 krb5/libkrb5-3@1.19.2-2ubuntu0.3 @@ -1251,7 +1415,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 adduser@3.118ubuntu5 @@ -1272,7 +1436,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1281,9 +1445,9 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 - openssh/openssh-client@1:8.9p1-3ubuntu0.7 + openssh/openssh-client@1:8.9p1-3ubuntu0.6 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1292,11 +1456,11 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1305,11 +1469,11 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 @@ -1320,7 +1484,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 adduser@3.118ubuntu5 @@ -1339,7 +1503,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 krb5/libkrb5support0@1.19.2-2ubuntu0.3 @@ -1383,7 +1547,7 @@

        CVE-2024-26458

        • - Manifest file: quay.io/argoproj/argocd:v2.9.14/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd Dockerfile
        • Package Manager: ubuntu:22.04 @@ -1396,7 +1560,7 @@

          CVE-2024-26458

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 + docker-image|quay.io/argoproj/argocd@v2.8.13 and krb5/libk5crypto3@1.19.2-2ubuntu0.3
        @@ -1409,7 +1573,7 @@

        Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 krb5/libk5crypto3@1.19.2-2ubuntu0.3 @@ -1418,7 +1582,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 adduser@3.118ubuntu5 @@ -1439,7 +1603,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 adduser@3.118ubuntu5 @@ -1462,7 +1626,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 krb5/libkrb5-3@1.19.2-2ubuntu0.3 @@ -1471,7 +1635,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 adduser@3.118ubuntu5 @@ -1492,7 +1656,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1501,9 +1665,9 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 - openssh/openssh-client@1:8.9p1-3ubuntu0.7 + openssh/openssh-client@1:8.9p1-3ubuntu0.6 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1512,11 +1676,11 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1525,11 +1689,11 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 @@ -1540,7 +1704,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 adduser@3.118ubuntu5 @@ -1559,7 +1723,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 krb5/libkrb5support0@1.19.2-2ubuntu0.3 @@ -1603,7 +1767,7 @@

          LGPL-3.0 license

          • - Manifest file: quay.io/argoproj/argocd:v2.9.14/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argo-cd/v2 /usr/local/bin/argocd
          • Package Manager: golang @@ -1663,7 +1827,7 @@

            Infinite loop

            • - Manifest file: quay.io/argoproj/argocd:v2.9.14/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argo-cd/v2 /usr/local/bin/argocd
            • Package Manager: golang @@ -1734,7 +1898,7 @@

              Stack-based Buffer Overflow

              • - Manifest file: quay.io/argoproj/argocd:v2.9.14/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argo-cd/v2 /usr/local/bin/argocd
              • Package Manager: golang @@ -1802,7 +1966,7 @@

                Infinite loop

                • - Manifest file: quay.io/argoproj/argocd:v2.9.14/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argo-cd/v2 /usr/local/bin/argocd
                • Package Manager: golang @@ -1860,6 +2024,78 @@

                  References

                  More about this vulnerability

    +
    +
    +

    Allocation of Resources Without Limits or Throttling

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.8.13/helm/v3 /usr/local/bin/helm +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + golang.org/x/net/http2 +
      • + +
    • Introduced through: + + helm.sh/helm/v3@* and golang.org/x/net/http2@v0.8.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + helm.sh/helm/v3@* + + golang.org/x/net/http2@v0.8.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    +

    Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when MaxConcurrentStreams handler goroutines running. A a handler is started until one of the existing handlers exits.

    +

    Note:

    +

    This issue is related to CVE-2023-44487

    +

    Remediation

    +

    Upgrade golang.org/x/net/http2 to version 0.17.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    Authentication Bypass by Capture-replay

    @@ -1873,7 +2109,7 @@

    Authentication Bypass by Capture-replay

    @@ -1958,6 +2189,281 @@

    References

    More about this vulnerability

    +
    +
    +

    Information Exposure

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + gnutls28/libgnutls30 +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.8.13 and gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.13 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.13 + + apt@2.4.11 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.13 + + gnupg2/dirmngr@2.2.27-3ubuntu2.1 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.13 + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.13 + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + openldap/libldap-2.5-0@2.5.17+dfsg-0ubuntu0.22.04.1 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.13 + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build4 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 gnutls28.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Uncaught Exception

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + gnutls28/libgnutls30 +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.8.13 and gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.13 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.13 + + apt@2.4.11 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.13 + + gnupg2/dirmngr@2.2.27-3ubuntu2.1 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.13 + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.13 + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + openldap/libldap-2.5-0@2.5.17+dfsg-0ubuntu0.22.04.1 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.13 + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build4 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 gnutls28.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    MPL-2.0 license

    @@ -1971,7 +2477,7 @@

    MPL-2.0 license

    • - Manifest file: quay.io/argoproj/argocd:v2.9.14/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argo-cd/v2 /usr/local/bin/argocd
    • Package Manager: golang @@ -2031,7 +2537,7 @@

      MPL-2.0 license

      • - Manifest file: quay.io/argoproj/argocd:v2.9.14/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argo-cd/v2 /usr/local/bin/argocd
      • Package Manager: golang @@ -2091,7 +2597,7 @@

        MPL-2.0 license

        • - Manifest file: quay.io/argoproj/argocd:v2.9.14/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argo-cd/v2 /usr/local/bin/argocd
        • Package Manager: golang @@ -2151,7 +2657,7 @@

          MPL-2.0 license

          • - Manifest file: quay.io/argoproj/argocd:v2.9.14/helm/v3 /usr/local/bin/helm + Manifest file: quay.io/argoproj/argocd:v2.8.13/helm/v3 /usr/local/bin/helm
          • Package Manager: golang @@ -2211,7 +2717,7 @@

            MPL-2.0 license

            • - Manifest file: quay.io/argoproj/argocd:v2.9.14/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argo-cd/v2 /usr/local/bin/argocd
            • Package Manager: golang @@ -2271,7 +2777,7 @@

              MPL-2.0 license

              • - Manifest file: quay.io/argoproj/argocd:v2.9.14/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argo-cd/v2 /usr/local/bin/argocd
              • Package Manager: golang @@ -2331,7 +2837,7 @@

                Improper Handling of Highly Compressed Data (Data Amplif
                • - Manifest file: quay.io/argoproj/argocd:v2.9.14/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argo-cd/v2 /usr/local/bin/argocd
                • Package Manager: golang @@ -2344,7 +2850,7 @@

                  Improper Handling of Highly Compressed Data (Data Amplif
                • Introduced through: - github.com/argoproj/argo-cd/v2@* and github.com/go-jose/go-jose/v3@v3.0.1 + github.com/argoproj/argo-cd/v2@* and github.com/go-jose/go-jose/v3@v3.0.0

                @@ -2359,7 +2865,7 @@

                Detailed paths

                Introduced through: github.com/argoproj/argo-cd/v2@* - github.com/go-jose/go-jose/v3@v3.0.1 + github.com/go-jose/go-jose/v3@v3.0.0 @@ -2387,6 +2893,76 @@

                References

                More about this vulnerability

    +
    +
    +

    Out-of-bounds Write

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + bash +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.8.13 and bash@5.1-6ubuntu1 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.13 + + bash@5.1-6ubuntu1 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream bash package and not the bash package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_transform. This issue may lead to memory problems.

    +

    Remediation

    +

    Upgrade Ubuntu:22.04 bash to version 5.1-6ubuntu1.1 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    CVE-2023-7008

    @@ -2400,7 +2976,7 @@

    CVE-2023-7008

    • - Manifest file: quay.io/argoproj/argocd:v2.9.14/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -2413,7 +2989,7 @@

      CVE-2023-7008

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 and systemd/libsystemd0@249.11-0ubuntu3.12 + docker-image|quay.io/argoproj/argocd@v2.8.13 and systemd/libsystemd0@249.11-0ubuntu3.12
    @@ -2426,7 +3002,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 systemd/libsystemd0@249.11-0ubuntu3.12 @@ -2435,9 +3011,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 - apt@2.4.12 + apt@2.4.11 systemd/libsystemd0@249.11-0ubuntu3.12 @@ -2446,7 +3022,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 procps/libprocps8@2:3.3.17-6ubuntu2.1 @@ -2457,9 +3033,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 - util-linux@2.37.2-4ubuntu3.4 + util-linux@2.37.2-4ubuntu3 systemd/libsystemd0@249.11-0ubuntu3.12 @@ -2468,9 +3044,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 - util-linux/bsdutils@1:2.37.2-4ubuntu3.4 + util-linux/bsdutils@1:2.37.2-4ubuntu3 systemd/libsystemd0@249.11-0ubuntu3.12 @@ -2479,11 +3055,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 - apt@2.4.12 + apt@2.4.11 - apt/libapt-pkg6.0@2.4.12 + apt/libapt-pkg6.0@2.4.11 systemd/libsystemd0@249.11-0ubuntu3.12 @@ -2492,7 +3068,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 systemd/libudev1@249.11-0ubuntu3.12 @@ -2501,7 +3077,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 libfido2/libfido2-1@1.10.0-1 @@ -2512,9 +3088,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 - util-linux@2.37.2-4ubuntu3.4 + util-linux@2.37.2-4ubuntu3 systemd/libudev1@249.11-0ubuntu3.12 @@ -2523,11 +3099,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 - apt@2.4.12 + apt@2.4.11 - apt/libapt-pkg6.0@2.4.12 + apt/libapt-pkg6.0@2.4.11 systemd/libudev1@249.11-0ubuntu3.12 @@ -2555,7 +3131,6 @@

      References

    • https://github.com/systemd/systemd/issues/25676
    • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QHNBXGKJWISJETTTDTZKTBFIBJUOSLKL/
    • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4GMDEG5PKONWNHOEYSUDRT6JEOISRMN2/
      • -
    • https://access.redhat.com/errata/RHSA-2024:2463
    @@ -2577,7 +3152,7 @@

    Arbitrary Code Injection

    • - Manifest file: quay.io/argoproj/argocd:v2.9.14/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -2590,7 +3165,7 @@

      Arbitrary Code Injection

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 and shadow/passwd@1:4.8.1-2ubuntu2.2 + docker-image|quay.io/argoproj/argocd@v2.8.13 and shadow/passwd@1:4.8.1-2ubuntu2.2
    @@ -2603,7 +3178,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 shadow/passwd@1:4.8.1-2ubuntu2.2 @@ -2612,7 +3187,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 adduser@3.118ubuntu5 @@ -2623,9 +3198,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 - openssh/openssh-client@1:8.9p1-3ubuntu0.7 + openssh/openssh-client@1:8.9p1-3ubuntu0.6 shadow/passwd@1:4.8.1-2ubuntu2.2 @@ -2634,7 +3209,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 shadow/login@1:4.8.1-2ubuntu2.2 @@ -2681,7 +3256,7 @@

      Uncontrolled Recursion

      • - Manifest file: quay.io/argoproj/argocd:v2.9.14/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd Dockerfile
      • Package Manager: ubuntu:22.04 @@ -2694,7 +3269,7 @@

        Uncontrolled Recursion

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 + docker-image|quay.io/argoproj/argocd@v2.8.13 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1
      @@ -2707,7 +3282,7 @@

      Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 @@ -2716,7 +3291,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 grep@3.7-1build1 @@ -2739,15 +3314,15 @@

        Remediation

        There is no fixed version for Ubuntu:22.04 pcre3.

        References

        @@ -2769,7 +3344,7 @@

        Release of Invalid Pointer or Reference

        • - Manifest file: quay.io/argoproj/argocd:v2.9.14/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd Dockerfile
        • Package Manager: ubuntu:22.04 @@ -2782,7 +3357,7 @@

          Release of Invalid Pointer or Reference

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 and patch@2.7.6-7build2 + docker-image|quay.io/argoproj/argocd@v2.8.13 and patch@2.7.6-7build2
        @@ -2795,7 +3370,7 @@

        Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 patch@2.7.6-7build2 @@ -2839,7 +3414,7 @@

          Double Free

          • - Manifest file: quay.io/argoproj/argocd:v2.9.14/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd Dockerfile
          • Package Manager: ubuntu:22.04 @@ -2852,7 +3427,7 @@

            Double Free

          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 and patch@2.7.6-7build2 + docker-image|quay.io/argoproj/argocd@v2.8.13 and patch@2.7.6-7build2
          @@ -2865,7 +3440,7 @@

          Detailed paths

          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 patch@2.7.6-7build2 @@ -2886,13 +3461,13 @@

            Remediation

            There is no fixed version for Ubuntu:22.04 patch.

            References

            @@ -2914,7 +3489,7 @@

            CVE-2023-50495

            • - Manifest file: quay.io/argoproj/argocd:v2.9.14/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd Dockerfile
            • Package Manager: ubuntu:22.04 @@ -2927,7 +3502,7 @@

              CVE-2023-50495

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 and ncurses/libtinfo6@6.3-2ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.8.13 and ncurses/libtinfo6@6.3-2ubuntu0.1
            @@ -2940,7 +3515,7 @@

            Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -2949,9 +3524,9 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 - bash@5.1-6ubuntu1.1 + bash@5.1-6ubuntu1 ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -2960,7 +3535,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 ncurses/libncursesw6@6.3-2ubuntu0.1 @@ -2971,9 +3546,9 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 - less@590-1ubuntu0.22.04.3 + less@590-1ubuntu0.22.04.2 ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -2982,7 +3557,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 libedit/libedit2@3.1-20210910-1build1 @@ -2993,7 +3568,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 ncurses/libncurses6@6.3-2ubuntu0.1 @@ -3004,7 +3579,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 ncurses/ncurses-bin@6.3-2ubuntu0.1 @@ -3015,7 +3590,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 procps@2:3.3.17-6ubuntu2.1 @@ -3026,9 +3601,9 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 - util-linux@2.37.2-4ubuntu3.4 + util-linux@2.37.2-4ubuntu3 ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -3037,7 +3612,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -3052,7 +3627,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3067,7 +3642,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 ncurses/libncursesw6@6.3-2ubuntu0.1 @@ -3076,7 +3651,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 procps@2:3.3.17-6ubuntu2.1 @@ -3087,7 +3662,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3102,7 +3677,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 ncurses/libncurses6@6.3-2ubuntu0.1 @@ -3111,7 +3686,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 procps@2:3.3.17-6ubuntu2.1 @@ -3122,7 +3697,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 ncurses/ncurses-base@6.3-2ubuntu0.1 @@ -3131,7 +3706,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 ncurses/ncurses-bin@6.3-2ubuntu0.1 @@ -3178,7 +3753,7 @@

              CVE-2023-45918

              • - Manifest file: quay.io/argoproj/argocd:v2.9.14/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd Dockerfile
              • Package Manager: ubuntu:22.04 @@ -3191,7 +3766,7 @@

                CVE-2023-45918

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 and ncurses/libtinfo6@6.3-2ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.8.13 and ncurses/libtinfo6@6.3-2ubuntu0.1
              @@ -3204,7 +3779,7 @@

              Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -3213,9 +3788,9 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 - bash@5.1-6ubuntu1.1 + bash@5.1-6ubuntu1 ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -3224,7 +3799,7 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 ncurses/libncursesw6@6.3-2ubuntu0.1 @@ -3235,9 +3810,9 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 - less@590-1ubuntu0.22.04.3 + less@590-1ubuntu0.22.04.2 ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -3246,7 +3821,7 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 libedit/libedit2@3.1-20210910-1build1 @@ -3257,7 +3832,7 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 ncurses/libncurses6@6.3-2ubuntu0.1 @@ -3268,7 +3843,7 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 ncurses/ncurses-bin@6.3-2ubuntu0.1 @@ -3279,7 +3854,7 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 procps@2:3.3.17-6ubuntu2.1 @@ -3290,9 +3865,9 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 - util-linux@2.37.2-4ubuntu3.4 + util-linux@2.37.2-4ubuntu3 ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -3301,7 +3876,7 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -3316,7 +3891,7 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3331,7 +3906,7 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 ncurses/libncursesw6@6.3-2ubuntu0.1 @@ -3340,7 +3915,7 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 procps@2:3.3.17-6ubuntu2.1 @@ -3351,7 +3926,7 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3366,7 +3941,7 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 ncurses/libncurses6@6.3-2ubuntu0.1 @@ -3375,7 +3950,7 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 procps@2:3.3.17-6ubuntu2.1 @@ -3386,7 +3961,7 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 ncurses/ncurses-base@6.3-2ubuntu0.1 @@ -3395,7 +3970,7 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 ncurses/ncurses-bin@6.3-2ubuntu0.1 @@ -3440,7 +4015,7 @@

                Resource Exhaustion

                • - Manifest file: quay.io/argoproj/argocd:v2.9.14/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd Dockerfile
                • Package Manager: ubuntu:22.04 @@ -3453,7 +4028,7 @@

                  Resource Exhaustion

                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 and libzstd/libzstd1@1.4.8+dfsg-3build1 + docker-image|quay.io/argoproj/argocd@v2.8.13 and libzstd/libzstd1@1.4.8+dfsg-3build1
                @@ -3466,7 +4041,7 @@

                Detailed paths

                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 libzstd/libzstd1@1.4.8+dfsg-3build1 @@ -3487,15 +4062,15 @@

                  Remediation

                  There is no fixed version for Ubuntu:22.04 libzstd.

                  References

                  @@ -3517,7 +4092,7 @@

                  Integer Overflow or Wraparound

                  • - Manifest file: quay.io/argoproj/argocd:v2.9.14/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd Dockerfile
                  • Package Manager: ubuntu:22.04 @@ -3530,7 +4105,7 @@

                    Integer Overflow or Wraparound

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 + docker-image|quay.io/argoproj/argocd@v2.8.13 and krb5/libk5crypto3@1.19.2-2ubuntu0.3
                  @@ -3543,7 +4118,7 @@

                  Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 krb5/libk5crypto3@1.19.2-2ubuntu0.3 @@ -3552,7 +4127,7 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 adduser@3.118ubuntu5 @@ -3573,7 +4148,7 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 adduser@3.118ubuntu5 @@ -3596,7 +4171,7 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 krb5/libkrb5-3@1.19.2-2ubuntu0.3 @@ -3605,7 +4180,7 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 adduser@3.118ubuntu5 @@ -3626,7 +4201,7 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -3635,9 +4210,9 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 - openssh/openssh-client@1:8.9p1-3ubuntu0.7 + openssh/openssh-client@1:8.9p1-3ubuntu0.6 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -3646,11 +4221,11 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -3659,11 +4234,11 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 @@ -3674,7 +4249,7 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 adduser@3.118ubuntu5 @@ -3693,7 +4268,7 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 krb5/libkrb5support0@1.19.2-2ubuntu0.3 @@ -3741,7 +4316,7 @@

                    Out-of-bounds Write

                    • - Manifest file: quay.io/argoproj/argocd:v2.9.14/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd Dockerfile
                    • Package Manager: ubuntu:22.04 @@ -3754,7 +4329,7 @@

                      Out-of-bounds Write

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 and gnupg2/gpgv@2.2.27-3ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.8.13 and gnupg2/gpgv@2.2.27-3ubuntu2.1
                    @@ -3767,7 +4342,7 @@

                    Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -3776,9 +4351,9 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 - apt@2.4.12 + apt@2.4.11 gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -3787,7 +4362,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3798,7 +4373,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -3809,7 +4384,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -3820,7 +4395,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3833,7 +4408,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3846,7 +4421,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -3855,7 +4430,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3866,7 +4441,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3879,7 +4454,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1 @@ -3888,7 +4463,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3899,7 +4474,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 @@ -3908,7 +4483,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3919,7 +4494,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -3928,7 +4503,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3939,7 +4514,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3952,7 +4527,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3965,7 +4540,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gpg-agent@2.2.27-3ubuntu2.1 @@ -3974,7 +4549,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3985,7 +4560,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3998,7 +4573,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4011,7 +4586,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 @@ -4020,7 +4595,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4031,7 +4606,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 @@ -4040,7 +4615,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4051,7 +4626,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gpgsm@2.2.27-3ubuntu2.1 @@ -4060,7 +4635,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4071,7 +4646,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4092,13 +4667,13 @@

                      Remediation

                      There is no fixed version for Ubuntu:22.04 gnupg2.

                      References

                      @@ -4120,7 +4695,7 @@

                      Allocation of Resources Without Limits or Throttling

                    • - Manifest file: quay.io/argoproj/argocd:v2.9.14/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd Dockerfile
                    • Package Manager: ubuntu:22.04 @@ -4133,7 +4708,7 @@

                      Allocation of Resources Without Limits or Throttling

                      Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 and glibc/libc-bin@2.35-0ubuntu3.7 + docker-image|quay.io/argoproj/argocd@v2.8.13 and glibc/libc-bin@2.35-0ubuntu3.6
                    @@ -4146,18 +4721,18 @@

                    Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 - glibc/libc-bin@2.35-0ubuntu3.7 + glibc/libc-bin@2.35-0ubuntu3.6
                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 - glibc/libc6@2.35-0ubuntu3.7 + glibc/libc6@2.35-0ubuntu3.6 @@ -4176,10 +4751,10 @@

                      Remediation

                      There is no fixed version for Ubuntu:22.04 glibc.

                      References

                      @@ -4201,7 +4776,7 @@

                      Improper Input Validation

                      • - Manifest file: quay.io/argoproj/argocd:v2.9.14/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd Dockerfile
                      • Package Manager: ubuntu:22.04 @@ -4215,7 +4790,7 @@

                        Improper Input Validation

                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14, git@1:2.34.1-1ubuntu1.10 and others + docker-image|quay.io/argoproj/argocd@v2.8.13, git@1:2.34.1-1ubuntu1.10 and others
                      @@ -4227,7 +4802,7 @@

                      Detailed paths

                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 git@1:2.34.1-1ubuntu1.10 @@ -4238,7 +4813,7 @@

                        Detailed paths

                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 git@1:2.34.1-1ubuntu1.10 @@ -4247,7 +4822,7 @@

                        Detailed paths

                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 git-lfs@3.0.2-1ubuntu0.2 @@ -4270,8 +4845,8 @@

                        Remediation

                        There is no fixed version for Ubuntu:22.04 git.

                        References

                        @@ -4294,7 +4869,7 @@

                        Uncontrolled Recursion

                        • - Manifest file: quay.io/argoproj/argocd:v2.9.14/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd Dockerfile
                        • Package Manager: ubuntu:22.04 @@ -4307,7 +4882,7 @@

                          Uncontrolled Recursion

                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 and gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 + docker-image|quay.io/argoproj/argocd@v2.8.13 and gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04
                        @@ -4320,7 +4895,7 @@

                        Detailed paths

                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 @@ -4329,9 +4904,9 @@

                          Detailed paths

                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 - apt@2.4.12 + apt@2.4.11 gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 @@ -4340,11 +4915,11 @@

                          Detailed paths

                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 - apt@2.4.12 + apt@2.4.11 - apt/libapt-pkg6.0@2.4.12 + apt/libapt-pkg6.0@2.4.11 gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 @@ -4353,7 +4928,7 @@

                          Detailed paths

                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gcc-12/gcc-12-base@12.3.0-1ubuntu1~22.04 @@ -4362,7 +4937,7 @@

                          Detailed paths

                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gcc-12/libgcc-s1@12.3.0-1ubuntu1~22.04 @@ -4409,7 +4984,7 @@

                          Improper Input Validation

                          • - Manifest file: quay.io/argoproj/argocd:v2.9.14/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd Dockerfile
                          • Package Manager: ubuntu:22.04 @@ -4422,7 +4997,7 @@

                            Improper Input Validation

                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 and coreutils@8.32-4.1ubuntu1.2 + docker-image|quay.io/argoproj/argocd@v2.8.13 and coreutils@8.32-4.1ubuntu1.1
                          @@ -4435,9 +5010,9 @@

                          Detailed paths

    @@ -476,8 +476,8 @@

    Snyk test report

    - - + + @@ -485,6 +485,114 @@

    Snyk test report

    +
    +

    Out-of-bounds Write

    +
    + +
    + critical severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.18 +
      • +
    • + Vulnerable module: + + busybox/busybox +
      • + +
    • Introduced through: + + docker-image|redis@7.0.11-alpine and busybox/busybox@1.36.1-r0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/busybox@1.36.1-r0 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + alpine-baselayout/alpine-baselayout@3.4.3-r1 + + busybox/busybox-binsh@1.36.1-r0 + + busybox/busybox@1.36.1-r0 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/busybox-binsh@1.36.1-r0 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + alpine-baselayout/alpine-baselayout@3.4.3-r1 + + busybox/busybox-binsh@1.36.1-r0 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution.

    +

    Remediation

    +

    Upgrade Alpine:3.18 busybox to version 1.36.1-r1 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +

    CVE-2023-5363

    @@ -507,7 +615,7 @@

    CVE-2023-5363

  • Introduced through: - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 + docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1
    • @@ -520,97 +628,97 @@

    Detailed paths

    -

    Improper Check for Unusual or Exceptional Conditions

    +

    Improper Authentication

    @@ -699,7 +807,7 @@

    Improper Check for Unusual or Exceptional Conditions

    Introduced through: - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 + docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 @@ -712,97 +820,97 @@

    Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - .haproxy-rundeps@20230809.001942 + .redis-rundeps@20230614.215749 - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine apk-tools/apk-tools@2.14.0-r2 - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - busybox/ssl_client@1.36.1-r2 + busybox/ssl_client@1.36.1-r0 - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - .haproxy-rundeps@20230809.001942 + .redis-rundeps@20230614.215749 - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1 - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - .haproxy-rundeps@20230809.001942 + .redis-rundeps@20230614.215749 - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine apk-tools/apk-tools@2.14.0-r2 - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - busybox/ssl_client@1.36.1-r2 + busybox/ssl_client@1.36.1-r0 - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1 @@ -816,53 +924,45 @@

      Detailed paths

      NVD Description

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. See How to fix? for Alpine:3.18 relevant fixed versions and status.

      -

      Issue summary: Generating excessively long X9.42 DH keys or checking - excessively long X9.42 DH keys or parameters may be very slow.

      -

      Impact summary: Applications that use the functions DH_generate_key() to - generate an X9.42 DH key may experience long delays. Likewise, applications - that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() - to check an X9.42 DH key or X9.42 DH parameters may experience long delays. - Where the key or parameters that are being checked have been obtained from - an untrusted source this may lead to a Denial of Service.

      -

      While DH_check() performs all the necessary checks (as of CVE-2023-3817), - DH_check_pub_key() doesn't make any of these checks, and is therefore - vulnerable for excessively large P and Q parameters.

      -

      Likewise, while DH_generate_key() performs a check for an excessively large - P, it doesn't check for an excessively large Q.

      -

      An application that calls DH_generate_key() or DH_check_pub_key() and - supplies a key or parameters obtained from an untrusted source could be - vulnerable to a Denial of Service attack.

      -

      DH_generate_key() and DH_check_pub_key() are also called by a number of - other OpenSSL functions. An application calling any of those other - functions may similarly be affected. The other functions affected by this - are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().

      -

      Also vulnerable are the OpenSSL pkey command line application when using the - "-pubcheck" option, as well as the OpenSSL genpkey command line application.

      -

      The OpenSSL SSL/TLS implementation is not affected by this issue.

      -

      The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

      +

      Issue summary: The AES-SIV cipher implementation contains a bug that causes + it to ignore empty associated data entries which are unauthenticated as + a consequence.

      +

      Impact summary: Applications that use the AES-SIV algorithm and want to + authenticate empty data entries as associated data can be mislead by removing + adding or reordering such empty entries as these are ignored by the OpenSSL + implementation. We are currently unaware of any such applications.

      +

      The AES-SIV algorithm allows for authentication of multiple associated + data entries along with the encryption. To authenticate empty data the + application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with + NULL pointer as the output buffer and 0 as the input buffer length. + The AES-SIV implementation in OpenSSL just returns success for such a call + instead of performing the associated data authentication operation. + The empty data thus will not be authenticated.

      +

      As this issue does not affect non-empty associated data authentication and + we expect it to be rare for an application to use empty associated data + entries this is qualified as Low severity issue.

      Remediation

      -

      Upgrade Alpine:3.18 openssl to version 3.1.4-r1 or higher.

      +

      Upgrade Alpine:3.18 openssl to version 3.1.1-r2 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    Out-of-bounds Write

    +

    Inefficient Regular Expression Complexity

    @@ -883,7 +983,7 @@

    Out-of-bounds Write

  • Introduced through: - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 + docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1
    • @@ -896,97 +996,97 @@

    Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - .haproxy-rundeps@20230809.001942 + .redis-rundeps@20230614.215749 - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine apk-tools/apk-tools@2.14.0-r2 - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - busybox/ssl_client@1.36.1-r2 + busybox/ssl_client@1.36.1-r0 - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - .haproxy-rundeps@20230809.001942 + .redis-rundeps@20230614.215749 - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1 - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - .haproxy-rundeps@20230809.001942 + .redis-rundeps@20230614.215749 - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine apk-tools/apk-tools@2.14.0-r2 - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - busybox/ssl_client@1.36.1-r2 + busybox/ssl_client@1.36.1-r0 - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1 @@ -1000,58 +1100,55 @@

      Detailed paths

      NVD Description

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. See How to fix? for Alpine:3.18 relevant fixed versions and status.

      -

      Issue summary: The POLY1305 MAC (message authentication code) implementation - contains a bug that might corrupt the internal state of applications running - on PowerPC CPU based platforms if the CPU provides vector instructions.

      -

      Impact summary: If an attacker can influence whether the POLY1305 MAC - algorithm is used, the application state might be corrupted with various - application dependent consequences.

      -

      The POLY1305 MAC (message authentication code) implementation in OpenSSL for - PowerPC CPUs restores the contents of vector registers in a different order - than they are saved. Thus the contents of some of these vector registers - are corrupted when returning to the caller. The vulnerable code is used only - on newer PowerPC processors supporting the PowerISA 2.07 instructions.

      -

      The consequences of this kind of internal application state corruption can - be various - from no consequences, if the calling application does not - depend on the contents of non-volatile XMM registers at all, to the worst - consequences, where the attacker could get complete control of the application - process. However unless the compiler uses the vector registers for storing - pointers, the most likely consequence, if any, would be an incorrect result - of some application dependent calculations or a crash leading to a denial of - service.

      -

      The POLY1305 MAC algorithm is most frequently used as part of the - CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) - algorithm. The most common usage of this AEAD cipher is with TLS protocol - versions 1.2 and 1.3. If this cipher is enabled on the server a malicious - client can influence whether this AEAD cipher is used. This implies that - TLS server applications using OpenSSL can be potentially impacted. However - we are currently not aware of any concrete application that would be affected - by this issue therefore we consider this a Low severity security issue.

      +

      Issue summary: Checking excessively long DH keys or parameters may be very slow.

      +

      Impact summary: Applications that use the functions DH_check(), DH_check_ex() + or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long + delays. Where the key or parameters that are being checked have been obtained + from an untrusted source this may lead to a Denial of Service.

      +

      The function DH_check() performs various checks on DH parameters. One of those + checks confirms that the modulus ('p' parameter) is not too large. Trying to use + a very large modulus is slow and OpenSSL will not normally use a modulus which + is over 10,000 bits in length.

      +

      However the DH_check() function checks numerous aspects of the key or parameters + that have been supplied. Some of those checks use the supplied modulus value + even if it has already been found to be too large.

      +

      An application that calls DH_check() and supplies a key or parameters obtained + from an untrusted source could be vulernable to a Denial of Service attack.

      +

      The function DH_check() is itself called by a number of other OpenSSL functions. + An application calling any of those other functions may similarly be affected. + The other functions affected by this are DH_check_ex() and + EVP_PKEY_param_check().

      +

      Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications + when using the '-check' option.

      +

      The OpenSSL SSL/TLS implementation is not affected by this issue. + The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

      Remediation

      -

      Upgrade Alpine:3.18 openssl to version 3.1.4-r3 or higher.

      +

      Upgrade Alpine:3.18 openssl to version 3.1.1-r3 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    CVE-2024-0727

    +

    Excessive Iteration

    @@ -1072,7 +1169,7 @@

    CVE-2024-0727

  • Introduced through: - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 + docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1
    • @@ -1085,97 +1182,97 @@

    Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - .haproxy-rundeps@20230809.001942 + .redis-rundeps@20230614.215749 - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine apk-tools/apk-tools@2.14.0-r2 - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - busybox/ssl_client@1.36.1-r2 + busybox/ssl_client@1.36.1-r0 - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - .haproxy-rundeps@20230809.001942 + .redis-rundeps@20230614.215749 - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1 - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - .haproxy-rundeps@20230809.001942 + .redis-rundeps@20230614.215749 - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine apk-tools/apk-tools@2.14.0-r2 - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - busybox/ssl_client@1.36.1-r2 + busybox/ssl_client@1.36.1-r0 - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1 @@ -1189,49 +1286,59 @@

      Detailed paths

      NVD Description

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. See How to fix? for Alpine:3.18 relevant fixed versions and status.

      -

      Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL - to crash leading to a potential Denial of Service attack

      -

      Impact summary: Applications loading files in the PKCS12 format from untrusted - sources might terminate abruptly.

      -

      A file in PKCS12 format can contain certificates and keys and may come from an - untrusted source. The PKCS12 specification allows certain fields to be NULL, but - OpenSSL does not correctly check for this case. This can lead to a NULL pointer - dereference that results in OpenSSL crashing. If an application processes PKCS12 - files from an untrusted source using the OpenSSL APIs then that application will - be vulnerable to this issue.

      -

      OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), - PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() - and PKCS12_newpass().

      -

      We have also fixed a similar issue in SMIME_write_PKCS7(). However since this - function is related to writing data we do not consider it security significant.

      -

      The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.

      +

      Issue summary: Checking excessively long DH keys or parameters may be very slow.

      +

      Impact summary: Applications that use the functions DH_check(), DH_check_ex() + or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long + delays. Where the key or parameters that are being checked have been obtained + from an untrusted source this may lead to a Denial of Service.

      +

      The function DH_check() performs various checks on DH parameters. After fixing + CVE-2023-3446 it was discovered that a large q parameter value can also trigger + an overly long computation during some of these checks. A correct q value, + if present, cannot be larger than the modulus p parameter, thus it is + unnecessary to perform these checks if q is larger than p.

      +

      An application that calls DH_check() and supplies a key or parameters obtained + from an untrusted source could be vulnerable to a Denial of Service attack.

      +

      The function DH_check() is itself called by a number of other OpenSSL functions. + An application calling any of those other functions may similarly be affected. + The other functions affected by this are DH_check_ex() and + EVP_PKEY_param_check().

      +

      Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications + when using the "-check" option.

      +

      The OpenSSL SSL/TLS implementation is not affected by this issue.

      +

      The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

      Remediation

      -

      Upgrade Alpine:3.18 openssl to version 3.1.4-r5 or higher.

      +

      Upgrade Alpine:3.18 openssl to version 3.1.2-r0 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -
    -

    CVE-2023-6237

    +
    +

    Improper Check for Unusual or Exceptional Conditions

    -
    - low severity +
    + medium severity
    @@ -1248,7 +1355,7 @@

    CVE-2023-6237

  • Introduced through: - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 + docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1
    • @@ -1261,97 +1368,97 @@

    Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - .haproxy-rundeps@20230809.001942 + .redis-rundeps@20230614.215749 - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine apk-tools/apk-tools@2.14.0-r2 - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - busybox/ssl_client@1.36.1-r2 + busybox/ssl_client@1.36.1-r0 - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - .haproxy-rundeps@20230809.001942 + .redis-rundeps@20230614.215749 - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1 - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - .haproxy-rundeps@20230809.001942 + .redis-rundeps@20230614.215749 - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine apk-tools/apk-tools@2.14.0-r2 - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - busybox/ssl_client@1.36.1-r2 + busybox/ssl_client@1.36.1-r0 - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1 @@ -1365,50 +1472,56 @@

      Detailed paths

      NVD Description

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. See How to fix? for Alpine:3.18 relevant fixed versions and status.

      -

      Issue summary: Checking excessively long invalid RSA public keys may take - a long time.

      -

      Impact summary: Applications that use the function EVP_PKEY_public_check() - to check RSA public keys may experience long delays. Where the key that - is being checked has been obtained from an untrusted source this may lead - to a Denial of Service.

      -

      When function EVP_PKEY_public_check() is called on RSA public keys, - a computation is done to confirm that the RSA modulus, n, is composite. - For valid RSA keys, n is a product of two or more large primes and this - computation completes quickly. However, if n is an overly large prime, - then this computation would take a long time.

      -

      An application that calls EVP_PKEY_public_check() and supplies an RSA key - obtained from an untrusted source could be vulnerable to a Denial of Service - attack.

      -

      The function EVP_PKEY_public_check() is not called from other OpenSSL - functions however it is called from the OpenSSL pkey command line - application. For that reason that application is also vulnerable if used - with the '-pubin' and '-check' options on untrusted data.

      +

      Issue summary: Generating excessively long X9.42 DH keys or checking + excessively long X9.42 DH keys or parameters may be very slow.

      +

      Impact summary: Applications that use the functions DH_generate_key() to + generate an X9.42 DH key may experience long delays. Likewise, applications + that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() + to check an X9.42 DH key or X9.42 DH parameters may experience long delays. + Where the key or parameters that are being checked have been obtained from + an untrusted source this may lead to a Denial of Service.

      +

      While DH_check() performs all the necessary checks (as of CVE-2023-3817), + DH_check_pub_key() doesn't make any of these checks, and is therefore + vulnerable for excessively large P and Q parameters.

      +

      Likewise, while DH_generate_key() performs a check for an excessively large + P, it doesn't check for an excessively large Q.

      +

      An application that calls DH_generate_key() or DH_check_pub_key() and + supplies a key or parameters obtained from an untrusted source could be + vulnerable to a Denial of Service attack.

      +

      DH_generate_key() and DH_check_pub_key() are also called by a number of + other OpenSSL functions. An application calling any of those other + functions may similarly be affected. The other functions affected by this + are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().

      +

      Also vulnerable are the OpenSSL pkey command line application when using the + "-pubcheck" option, as well as the OpenSSL genpkey command line application.

      The OpenSSL SSL/TLS implementation is not affected by this issue.

      -

      The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

      +

      The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

      Remediation

      -

      Upgrade Alpine:3.18 openssl to version 3.1.4-r4 or higher.

      +

      Upgrade Alpine:3.18 openssl to version 3.1.4-r1 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -
    -

    CVE-2024-2511

    +
    +

    Out-of-bounds Write

    -
    - low severity +
    + medium severity
    @@ -1425,7 +1538,7 @@

    CVE-2024-2511

  • Introduced through: - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 + docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1
    • @@ -1438,97 +1551,97 @@

    Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - .haproxy-rundeps@20230809.001942 + .redis-rundeps@20230614.215749 - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine apk-tools/apk-tools@2.14.0-r2 - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - busybox/ssl_client@1.36.1-r2 + busybox/ssl_client@1.36.1-r0 - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - .haproxy-rundeps@20230809.001942 + .redis-rundeps@20230614.215749 - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1 - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - .haproxy-rundeps@20230809.001942 + .redis-rundeps@20230614.215749 - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine apk-tools/apk-tools@2.14.0-r2 - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - busybox/ssl_client@1.36.1-r2 + busybox/ssl_client@1.36.1-r0 - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1 @@ -1542,38 +1655,372 @@

      Detailed paths

      NVD Description

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. See How to fix? for Alpine:3.18 relevant fixed versions and status.

      -

      Issue summary: Some non-default TLS server configurations can cause unbounded - memory growth when processing TLSv1.3 sessions

      -

      Impact summary: An attacker may exploit certain server configurations to trigger - unbounded memory growth that would lead to a Denial of Service

      -

      This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is - being used (but not if early_data support is also configured and the default - anti-replay protection is in use). In this case, under certain conditions, the - session cache can get into an incorrect state and it will fail to flush properly - as it fills. The session cache will continue to grow in an unbounded manner. A - malicious client could deliberately create the scenario for this failure to - force a Denial of Service. It may also happen by accident in normal operation.

      -

      This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS - clients.

      -

      The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL - 1.0.2 is also not affected by this issue.

      +

      Issue summary: The POLY1305 MAC (message authentication code) implementation + contains a bug that might corrupt the internal state of applications running + on PowerPC CPU based platforms if the CPU provides vector instructions.

      +

      Impact summary: If an attacker can influence whether the POLY1305 MAC + algorithm is used, the application state might be corrupted with various + application dependent consequences.

      +

      The POLY1305 MAC (message authentication code) implementation in OpenSSL for + PowerPC CPUs restores the contents of vector registers in a different order + than they are saved. Thus the contents of some of these vector registers + are corrupted when returning to the caller. The vulnerable code is used only + on newer PowerPC processors supporting the PowerISA 2.07 instructions.

      +

      The consequences of this kind of internal application state corruption can + be various - from no consequences, if the calling application does not + depend on the contents of non-volatile XMM registers at all, to the worst + consequences, where the attacker could get complete control of the application + process. However unless the compiler uses the vector registers for storing + pointers, the most likely consequence, if any, would be an incorrect result + of some application dependent calculations or a crash leading to a denial of + service.

      +

      The POLY1305 MAC algorithm is most frequently used as part of the + CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) + algorithm. The most common usage of this AEAD cipher is with TLS protocol + versions 1.2 and 1.3. If this cipher is enabled on the server a malicious + client can influence whether this AEAD cipher is used. This implies that + TLS server applications using OpenSSL can be potentially impacted. However + we are currently not aware of any concrete application that would be affected + by this issue therefore we consider this a Low severity security issue.

      Remediation

      -

      Upgrade Alpine:3.18 openssl to version 3.1.4-r6 or higher.

      +

      Upgrade Alpine:3.18 openssl to version 3.1.4-r3 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

      +
      + +
    +
    +

    CVE-2024-0727

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.18 +
      • +
    • + Vulnerable module: + + openssl/libcrypto3 +
      • + +
    • Introduced through: + + docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libssl3@3.1.1-r1 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL + to crash leading to a potential Denial of Service attack

    +

    Impact summary: Applications loading files in the PKCS12 format from untrusted + sources might terminate abruptly.

    +

    A file in PKCS12 format can contain certificates and keys and may come from an + untrusted source. The PKCS12 specification allows certain fields to be NULL, but + OpenSSL does not correctly check for this case. This can lead to a NULL pointer + dereference that results in OpenSSL crashing. If an application processes PKCS12 + files from an untrusted source using the OpenSSL APIs then that application will + be vulnerable to this issue.

    +

    OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), + PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() + and PKCS12_newpass().

    +

    We have also fixed a similar issue in SMIME_write_PKCS7(). However since this + function is related to writing data we do not consider it security significant.

    +

    The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.

    +

    Remediation

    +

    Upgrade Alpine:3.18 openssl to version 3.1.4-r5 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    CVE-2023-6237

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.18 +
      • +
    • + Vulnerable module: + + openssl/libcrypto3 +
      • + +
    • Introduced through: + + docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libssl3@3.1.1-r1 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    This vulnerability has not been analyzed by NVD yet.

    +

    Remediation

    +

    Upgrade Alpine:3.18 openssl to version 3.1.4-r4 or higher.

    + +
    + +
    +

    More about this vulnerability

    diff --git a/docs/snyk/v2.8.18/redis_7.0.15-alpine.html b/docs/snyk/v2.8.18/redis_7.0.15-alpine.html deleted file mode 100644 index 5f9f1d3fd98ec..0000000000000 --- a/docs/snyk/v2.8.18/redis_7.0.15-alpine.html +++ /dev/null @@ -1,659 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    May 5th 2024, 12:25:56 am (UTC+00:00)

    -
    -
    - Scanned the following paths: -
      -
    • redis:7.0.15-alpine (apk)
      • -
    • redis:7.0.15-alpine/tianon/gosu//usr/local/bin/gosu (gomodules)
      • -
    -
    - -
    -
    1 known vulnerabilities
    -
    9 vulnerable dependency paths
    -
    19 dependencies
    -
    -
    -
    -
    - -
    -
    -
    -

    CVE-2024-2511

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.19 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|redis@7.0.15-alpine and openssl/libcrypto3@3.1.4-r5 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - openssl/libcrypto3@3.1.4-r5 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - .redis-rundeps@20240315.235535 - - openssl/libcrypto3@3.1.4-r5 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libcrypto3@3.1.4-r5 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - busybox/ssl_client@1.36.1-r15 - - openssl/libcrypto3@3.1.4-r5 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - .redis-rundeps@20240315.235535 - - openssl/libssl3@3.1.4-r5 - - openssl/libcrypto3@3.1.4-r5 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - openssl/libssl3@3.1.4-r5 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - .redis-rundeps@20240315.235535 - - openssl/libssl3@3.1.4-r5 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r5 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - busybox/ssl_client@1.36.1-r15 - - openssl/libssl3@3.1.4-r5 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

    -

    Issue summary: Some non-default TLS server configurations can cause unbounded - memory growth when processing TLSv1.3 sessions

    -

    Impact summary: An attacker may exploit certain server configurations to trigger - unbounded memory growth that would lead to a Denial of Service

    -

    This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is - being used (but not if early_data support is also configured and the default - anti-replay protection is in use). In this case, under certain conditions, the - session cache can get into an incorrect state and it will fail to flush properly - as it fills. The session cache will continue to grow in an unbounded manner. A - malicious client could deliberately create the scenario for this failure to - force a Denial of Service. It may also happen by accident in normal operation.

    -

    This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS - clients.

    -

    The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL - 1.0.2 is also not affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.19 openssl to version 3.1.4-r6 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -
    -
    - - - diff --git a/docs/snyk/v2.9.14/argocd-test.html b/docs/snyk/v2.9.14/argocd-test.html deleted file mode 100644 index 2019a17649901..0000000000000 --- a/docs/snyk/v2.9.14/argocd-test.html +++ /dev/null @@ -1,6049 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    May 5th 2024, 12:23:06 am (UTC+00:00)

    -
    -
    - Scanned the following paths: -
      -
    • /argo-cd/argoproj/argo-cd/v2/go.mod (gomodules)
      • -
    • /argo-cd/ui/yarn.lock (yarn)
      • -
    -
    - -
    -
    15 known vulnerabilities
    -
    266 vulnerable dependency paths
    -
    1917 dependencies
    -
    -
    -
    -
    - -
    -
    -
    -

    Denial of Service (DoS)

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - google.golang.org/grpc -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and google.golang.org/grpc@1.56.2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc@1.56.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.56.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - - google.golang.org/grpc@1.56.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - google.golang.org/grpc@1.56.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health@1.56.2 - - google.golang.org/grpc@1.56.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/reflection@1.56.2 - - google.golang.org/grpc@1.56.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - - google.golang.org/grpc@1.56.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - - google.golang.org/grpc@1.56.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - - google.golang.org/grpc@1.56.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - - google.golang.org/grpc@1.56.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - - google.golang.org/grpc@1.56.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - - google.golang.org/grpc@1.56.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.56.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal/otlpconfig@1.16.0 - - google.golang.org/grpc@1.56.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - - go.opentelemetry.io/proto/otlp/collector/trace/v1@0.19.0 - - google.golang.org/grpc@1.56.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - - google.golang.org/grpc@1.56.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/reflection@1.56.2 - - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.56.2 - - google.golang.org/grpc@1.56.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health@1.56.2 - - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - - google.golang.org/grpc@1.56.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - - google.golang.org/grpc@1.56.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - - google.golang.org/grpc@1.56.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.56.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - - go.opentelemetry.io/proto/otlp/collector/trace/v1@0.19.0 - - github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.11.3 - - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - - google.golang.org/grpc@1.56.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.56.2 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    google.golang.org/grpc is a Go implementation of gRPC

    -

    Affected versions of this package are vulnerable to Denial of Service (DoS) in the implementation of the HTTP/2 protocol. An attacker can cause a denial of service (including via DDoS) by rapidly resetting many streams through request cancellation.

    -

    Remediation

    -

    Upgrade google.golang.org/grpc to version 1.56.3, 1.57.1, 1.58.3 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Allocation of Resources Without Limits or Throttling

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/net/http2 -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, k8s.io/apimachinery/pkg/util/net@0.24.17 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/soheilhy/cmux@0.1.5 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/discovery@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/transport/spdy@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/pkg/kubeclientmetrics@#d56162821bd1 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/testing@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/dynamic@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/cache@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/azure@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/gcp@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/oidc@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/record@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/rest@0.24.17 - - k8s.io/client-go/transport@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/openapi@0.24.17 - - k8s.io/client-go/discovery@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/clientcmd@0.24.17 - - k8s.io/client-go/tools/auth@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#9dcecdc3eebf - - k8s.io/client-go/tools/cache@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/discovery/fake@0.24.17 - - k8s.io/client-go/testing@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes/fake@0.24.17 - - k8s.io/client-go/testing@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - k8s.io/client-go/dynamic@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers/apps/v1@0.24.17 - - k8s.io/client-go/tools/cache@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers@0.24.17 - - k8s.io/client-go/tools/cache@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/listers/core/v1@0.24.17 - - k8s.io/client-go/tools/cache@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/remotecommand@0.24.17 - - k8s.io/client-go/transport/spdy@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/api/rbac/v1@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/api/core/v1@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/api/errors@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/common@#b0fffe419a0f - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/api/equality@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/transport/spdy@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - k8s.io/client-go/transport@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/pkg/kubeclientmetrics@#d56162821bd1 - - k8s.io/client-go/rest@0.24.17 - - k8s.io/client-go/transport@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/testing@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - k8s.io/client-go/transport@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/azure@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - k8s.io/client-go/transport@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/gcp@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - k8s.io/client-go/transport@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/oidc@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - k8s.io/client-go/transport@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/reflection@1.56.2 - - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.56.2 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health@1.56.2 - - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/cache@#b0fffe419a0f - - k8s.io/kubectl/pkg/util/openapi@0.24.17 - - k8s.io/client-go/discovery@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync@#b0fffe419a0f - - k8s.io/kubectl/pkg/util/openapi@0.24.17 - - k8s.io/client-go/discovery@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/utils/kube@#b0fffe419a0f - - k8s.io/kubectl/pkg/util/openapi@0.24.17 - - k8s.io/client-go/discovery@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#9dcecdc3eebf - - k8s.io/client-go/listers/core/v1@0.24.17 - - k8s.io/client-go/tools/cache@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#9dcecdc3eebf - - k8s.io/client-go/tools/clientcmd@0.24.17 - - k8s.io/client-go/tools/auth@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - k8s.io/client-go/dynamic@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers/core/v1@0.24.17 - - k8s.io/client-go/listers/core/v1@0.24.17 - - k8s.io/client-go/tools/cache@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/cache@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/cache/internal@0.11.0 - - k8s.io/client-go/tools/cache@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/term@0.24.17 - - k8s.io/client-go/tools/remotecommand@0.24.17 - - k8s.io/client-go/transport/spdy@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/Azure/kubelogin/pkg/token@0.0.20 - - k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/util/managedfields@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/resource@#b0fffe419a0f - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/dynamic@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/ignore@#b0fffe419a0f - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#b0fffe419a0f - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/utils/testing@#b0fffe419a0f - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/util/strategicpatch@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/scheme@0.11.0 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/listers/core/v1@0.24.17 - - k8s.io/api/core/v1@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/resource@0.24.17 - - k8s.io/api/core/v1@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/health@#b0fffe419a0f - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/util/retry@0.24.17 - - k8s.io/apimachinery/pkg/api/errors@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/cache@0.24.17 - - k8s.io/client-go/tools/pager@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/portforward@0.24.17 - - k8s.io/api/core/v1@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1@0.24.17 - - k8s.io/apimachinery/pkg/api/equality@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/api/validation@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1/validation@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/discovery/fake@0.24.17 - - k8s.io/client-go/testing@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - k8s.io/client-go/transport@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes/fake@0.24.17 - - k8s.io/client-go/testing@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - k8s.io/client-go/transport@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/remotecommand@0.24.17 - - k8s.io/client-go/transport/spdy@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - k8s.io/client-go/transport@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/health@#b0fffe419a0f - - github.com/argoproj/gitops-engine/pkg/utils/kube@#b0fffe419a0f - - k8s.io/kubectl/pkg/util/openapi@0.24.17 - - k8s.io/client-go/discovery@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/common@#b0fffe419a0f - - github.com/argoproj/gitops-engine/pkg/utils/kube@#b0fffe419a0f - - k8s.io/kubectl/pkg/util/openapi@0.24.17 - - k8s.io/client-go/discovery@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 - - k8s.io/client-go/restmapper@0.24.17 - - k8s.io/client-go/discovery@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - k8s.io/client-go/dynamic@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/envtest@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/internal/testing/controlplane@0.11.0 - - k8s.io/client-go/tools/clientcmd@0.24.17 - - k8s.io/client-go/tools/auth@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/diff@#b0fffe419a0f - - k8s.io/apimachinery/pkg/util/strategicpatch@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/hook@#b0fffe419a0f - - github.com/argoproj/gitops-engine/pkg/sync/resource@#b0fffe419a0f - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/runtime/serializer@0.24.17 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes/scheme@0.24.17 - - k8s.io/api/storage/v1beta1@0.24.17 - - k8s.io/api/core/v1@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers/core/v1@0.24.17 - - k8s.io/client-go/listers/core/v1@0.24.17 - - k8s.io/api/core/v1@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/record@0.24.17 - - k8s.io/client-go/tools/reference@0.24.17 - - k8s.io/api/core/v1@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#9dcecdc3eebf - - k8s.io/client-go/tools/cache@0.24.17 - - k8s.io/client-go/tools/pager@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers/apps/v1@0.24.17 - - k8s.io/client-go/tools/cache@0.24.17 - - k8s.io/client-go/tools/pager@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers@0.24.17 - - k8s.io/client-go/tools/cache@0.24.17 - - k8s.io/client-go/tools/pager@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#9dcecdc3eebf - - k8s.io/client-go/listers/core/v1@0.24.17 - - k8s.io/api/core/v1@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - k8s.io/client-go/dynamic@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/term@0.24.17 - - k8s.io/client-go/tools/remotecommand@0.24.17 - - k8s.io/client-go/transport/spdy@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - k8s.io/client-go/transport@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/handler@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/cache@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/cache/internal@0.11.0 - - k8s.io/client-go/tools/cache@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes@0.24.17 - - k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.24.17 - - k8s.io/client-go/applyconfigurations/storage/v1beta1@0.24.17 - - k8s.io/client-go/applyconfigurations/meta/v1@0.24.17 - - k8s.io/client-go/discovery@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/builder@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/webhook/admission@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/metrics@0.11.0 - - k8s.io/client-go/tools/cache@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/clientcmd@0.24.17 - - k8s.io/client-go/tools/clientcmd/api/latest@0.24.17 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/discovery@0.24.17 - - k8s.io/client-go/kubernetes/scheme@0.24.17 - - k8s.io/api/storage/v1beta1@0.24.17 - - k8s.io/api/core/v1@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - k8s.io/client-go/dynamic@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/cache@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/cache/internal@0.11.0 - - k8s.io/client-go/tools/cache@0.24.17 - - k8s.io/client-go/tools/pager@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/hook@#b0fffe419a0f - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#b0fffe419a0f - - github.com/argoproj/gitops-engine/pkg/sync/common@#b0fffe419a0f - - github.com/argoproj/gitops-engine/pkg/utils/kube@#b0fffe419a0f - - k8s.io/kubectl/pkg/util/openapi@0.24.17 - - k8s.io/client-go/discovery@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#b0fffe419a0f - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#b0fffe419a0f - - github.com/argoproj/gitops-engine/pkg/sync/common@#b0fffe419a0f - - github.com/argoproj/gitops-engine/pkg/utils/kube@#b0fffe419a0f - - k8s.io/kubectl/pkg/util/openapi@0.24.17 - - k8s.io/client-go/discovery@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/manager@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/webhook@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/metrics@0.11.0 - - k8s.io/client-go/tools/cache@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/source@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/source/internal@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - k8s.io/client-go/dynamic@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/builder@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/webhook/conversion@0.11.0 - - k8s.io/apimachinery/pkg/runtime/serializer@0.24.17 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/envtest@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/webhook/conversion@0.11.0 - - k8s.io/apimachinery/pkg/runtime/serializer@0.24.17 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#9dcecdc3eebf - - k8s.io/client-go/tools/clientcmd@0.24.17 - - k8s.io/client-go/tools/clientcmd/api/latest@0.24.17 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/openapi@0.24.17 - - k8s.io/client-go/discovery@0.24.17 - - k8s.io/client-go/kubernetes/scheme@0.24.17 - - k8s.io/api/storage/v1beta1@0.24.17 - - k8s.io/api/core/v1@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes@0.24.17 - - k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.24.17 - - k8s.io/client-go/kubernetes/scheme@0.24.17 - - k8s.io/api/storage/v1beta1@0.24.17 - - k8s.io/api/core/v1@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#b0fffe419a0f - - k8s.io/kubernetes/pkg/apis/storage/install@1.24.17 - - k8s.io/kubernetes/pkg/apis/storage/v1alpha1@1.24.17 - - k8s.io/api/storage/v1alpha1@0.24.17 - - k8s.io/api/core/v1@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - k8s.io/client-go/dynamic@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/ignore@#b0fffe419a0f - - github.com/argoproj/gitops-engine/pkg/sync/hook@#b0fffe419a0f - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#b0fffe419a0f - - github.com/argoproj/gitops-engine/pkg/sync/common@#b0fffe419a0f - - github.com/argoproj/gitops-engine/pkg/utils/kube@#b0fffe419a0f - - k8s.io/kubectl/pkg/util/openapi@0.24.17 - - k8s.io/client-go/discovery@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/controller@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/source@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/source/internal@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - k8s.io/client-go/dynamic@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/cache@#b0fffe419a0f - - k8s.io/kubectl/pkg/util/openapi@0.24.17 - - k8s.io/client-go/discovery@0.24.17 - - k8s.io/client-go/kubernetes/scheme@0.24.17 - - k8s.io/api/storage/v1beta1@0.24.17 - - k8s.io/api/core/v1@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync@#b0fffe419a0f - - k8s.io/kubectl/pkg/util/openapi@0.24.17 - - k8s.io/client-go/discovery@0.24.17 - - k8s.io/client-go/kubernetes/scheme@0.24.17 - - k8s.io/api/storage/v1beta1@0.24.17 - - k8s.io/api/core/v1@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/utils/kube@#b0fffe419a0f - - k8s.io/kubectl/pkg/util/openapi@0.24.17 - - k8s.io/client-go/discovery@0.24.17 - - k8s.io/client-go/kubernetes/scheme@0.24.17 - - k8s.io/api/storage/v1beta1@0.24.17 - - k8s.io/api/core/v1@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/handler@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/cache@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/cache/internal@0.11.0 - - k8s.io/client-go/tools/cache@0.24.17 - - k8s.io/client-go/tools/pager@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 - - k8s.io/client-go/restmapper@0.24.17 - - k8s.io/client-go/discovery@0.24.17 - - k8s.io/client-go/kubernetes/scheme@0.24.17 - - k8s.io/api/storage/v1beta1@0.24.17 - - k8s.io/api/core/v1@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/source@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/source/internal@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - k8s.io/client-go/dynamic@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/controller@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/source@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/source/internal@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - k8s.io/client-go/dynamic@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    -

    Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when reading header data from CONTINUATION frames. As part of the HPACK flow, all incoming HEADERS and CONTINUATION frames are read even if their payloads exceed MaxHeaderBytes and will be discarded. An attacker can send excessive data over a connection to render it unresponsive.

    -

    Remediation

    -

    Upgrade golang.org/x/net/http2 to version 0.23.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    LGPL-3.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - gopkg.in/retry.v1 -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/Azure/kubelogin/pkg/token@0.0.20 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/Azure/kubelogin/pkg/token@0.0.20 - - gopkg.in/retry.v1@1.0.3 - - - -
      • -
    - -
    - -
    - -

    LGPL-3.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Infinite loop

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - google.golang.org/protobuf/internal/encoding/json -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/pkg/grpc/http@#d56162821bd1 - - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/reflection@1.56.2 - - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.56.2 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health@1.56.2 - - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

    -

    Note:

    -

    This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

    -

    Remediation

    -

    Upgrade google.golang.org/protobuf/internal/encoding/json to version 1.33.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Stack-based Buffer Overflow

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - google.golang.org/protobuf/encoding/protojson -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/pkg/grpc/http@#d56162821bd1 - - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - - go.opentelemetry.io/proto/otlp/collector/trace/v1@0.19.0 - - github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.11.3 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - - go.opentelemetry.io/proto/otlp/collector/trace/v1@0.19.0 - - github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.11.3 - - google.golang.org/protobuf/types/known/structpb@1.31.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/reflection@1.56.2 - - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.56.2 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health@1.56.2 - - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/reflection@1.56.2 - - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.56.2 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health@1.56.2 - - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Stack-based Buffer Overflow when processing input that uses pathologically deep nesting.

    -

    Remediation

    -

    Upgrade google.golang.org/protobuf/encoding/protojson to version 1.32.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Infinite loop

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - google.golang.org/protobuf/encoding/protojson -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/pkg/grpc/http@#d56162821bd1 - - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - - go.opentelemetry.io/proto/otlp/collector/trace/v1@0.19.0 - - github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.11.3 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - - go.opentelemetry.io/proto/otlp/collector/trace/v1@0.19.0 - - github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.11.3 - - google.golang.org/protobuf/types/known/structpb@1.31.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/reflection@1.56.2 - - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.56.2 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health@1.56.2 - - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/reflection@1.56.2 - - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.56.2 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health@1.56.2 - - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

    -

    Note:

    -

    This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

    -

    Remediation

    -

    Upgrade google.golang.org/protobuf/encoding/protojson to version 1.33.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Authentication Bypass by Capture-replay

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/crypto/ssh -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and golang.org/x/crypto/ssh@0.16.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - golang.org/x/crypto/ssh@0.16.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - golang.org/x/crypto/ssh/knownhosts@0.16.0 - - golang.org/x/crypto/ssh@0.16.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - golang.org/x/crypto/ssh@0.16.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - github.com/skeema/knownhosts@1.2.2 - - golang.org/x/crypto/ssh@0.16.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - golang.org/x/crypto/ssh@0.16.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - github.com/skeema/knownhosts@1.2.2 - - golang.org/x/crypto/ssh/knownhosts@0.16.0 - - golang.org/x/crypto/ssh@0.16.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - github.com/skeema/knownhosts@1.2.2 - - golang.org/x/crypto/ssh@0.16.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - github.com/xanzy/ssh-agent@0.3.3 - - golang.org/x/crypto/ssh/agent@0.16.0 - - golang.org/x/crypto/ssh@0.16.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-git/go-git/v5@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - golang.org/x/crypto/ssh@0.16.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - github.com/skeema/knownhosts@1.2.2 - - golang.org/x/crypto/ssh/knownhosts@0.16.0 - - golang.org/x/crypto/ssh@0.16.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-git/go-git/v5@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - github.com/skeema/knownhosts@1.2.2 - - golang.org/x/crypto/ssh@0.16.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - github.com/xanzy/ssh-agent@0.3.3 - - golang.org/x/crypto/ssh/agent@0.16.0 - - golang.org/x/crypto/ssh@0.16.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-git/go-git/v5@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - github.com/skeema/knownhosts@1.2.2 - - golang.org/x/crypto/ssh/knownhosts@0.16.0 - - golang.org/x/crypto/ssh@0.16.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-git/go-git/v5@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - github.com/xanzy/ssh-agent@0.3.3 - - golang.org/x/crypto/ssh/agent@0.16.0 - - golang.org/x/crypto/ssh@0.16.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    golang.org/x/crypto/ssh is a SSH client and server

    -

    Affected versions of this package are vulnerable to Authentication Bypass by Capture-replay during the establishment of the secure channel. An attacker can manipulate handshake sequence numbers to delete messages sent immediately after the channel is established.

    -

    Note:

    -
      -

    1. Sequence numbers are only validated once the channel is established and arbitrary messages are allowed during the handshake, allowing them to manipulate the sequence numbers.

      -
      2. -

    2. The potential consequences of the general Terrapin attack are dependent on the messages exchanged after the handshake concludes. If you are using a custom SSH service and do not resort to the authentication protocol, you should check that dropping the first few messages of a connection does not yield security risks.

      -
      3. -
    -

    Impact:

    -

    While cryptographically novel, there is no discernable impact on the integrity of SSH traffic beyond giving the attacker the ability to delete the message that enables some features related to keystroke timing obfuscation. To successfully carry out the exploitation, the connection needs to be protected using either the ChaCha20-Poly1305 or CBC with Encrypt-then-MAC encryption methods. The attacker must also be able to intercept and modify the connection's traffic.

    -

    Workaround

    -

    Temporarily disable the affected chacha20-poly1305@openssh.com encryption and *-etm@openssh.com MAC algorithms in the affected configuration, and use unaffected algorithms like AES-GCM instead.

    -

    Remediation

    -

    Upgrade golang.org/x/crypto/ssh to version 0.17.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Regular Expression Denial of Service (ReDoS)

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - github.com/whilp/git-urls -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/whilp/git-urls@1.0.2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/whilp/git-urls@1.0.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf - - github.com/whilp/git-urls@1.0.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#9dcecdc3eebf - - github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf - - github.com/whilp/git-urls@1.0.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#9dcecdc3eebf - - github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf - - github.com/whilp/git-urls@1.0.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#9dcecdc3eebf - - github.com/argoproj/notifications-engine/pkg/subscriptions@#9dcecdc3eebf - - github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf - - github.com/whilp/git-urls@1.0.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#9dcecdc3eebf - - github.com/argoproj/notifications-engine/pkg/subscriptions@#9dcecdc3eebf - - github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf - - github.com/whilp/git-urls@1.0.2 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    github.com/whilp/git-urls is a Git URLs parser

    -

    Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression in scpSyntax. Exploiting this vulnerability is possible when a long input is provided inside the directory path of the git URL.

    -

    Note: - This vulnerability has existed since commit 4a18977c6eecbf4ce0ca1e486e9ba77072ba4395.

    -

    PoC

    - 
    
-        var payload = strings.Repeat("////", 19000000) //payload used, the number can be tweaked to cause 7 second delay
-        malicious_url := "6en6ar@-:0////" + payload + "\"
-        begin := time.Now()
-        //u, err := giturls.ParseScp("remote_username@10.10.0.2:/remote/directory")// normal git url
-        _, err := giturls.ParseScp(malicious_url)
-        if err != nil {
-        fmt.Errorf("[ - ] Error ->" + err.Error())
-        }
-        //fmt.Println("[ + ] Url --> " + u.Host)
-        elapse := time.Since(begin)
-        fmt.Printf("Function took %s", elapse)
-
    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.

    -

    The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.

    -

    Let’s take the following regular expression as an example:

    - 
    regex = /A(B|C+)+D/
-
    -

    This regular expression accomplishes the following:

    -
      -
    • A The string must start with the letter 'A'
      • -
    • (B|C+)+ The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the + matches one or more times). The + at the end of this section states that we can look for one or more matches of this section.
      • -
    • D Finally, we ensure this section of the string ends with a 'D'
      • -
    -

    The expression would match inputs such as ABBD, ABCCCCD, ABCBCCCD and ACCCCCD

    -

    It most cases, it doesn't take very long for a regex engine to find a match:

    - 
    $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD")'
-        0.04s user 0.01s system 95% cpu 0.052 total
-        
-        $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX")'
-        1.79s user 0.02s system 99% cpu 1.812 total
-
    -

    The entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.

    -

    Most Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as catastrophic backtracking.

    -

    Let's look at how our expression runs into this problem, using a shorter string: "ACCCX". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:

    -
      -
    1. CCC
      2. -
    2. CC+C
      3. -
    3. C+CC
      4. -
    4. C+C+C.
      5. -
    -

    The engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use RegEx 101 debugger to see the engine has to take a total of 38 steps before it can determine the string doesn't match.

    -

    From there, the number of steps the engine must use to validate a string just continues to grow.

    -
    Project docker-image|haproxy
    Path haproxy:2.6.14-alpine
    Project docker-image|redis
    Path redis:7.0.11-alpine
    Package Manager apk
    - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    StringNumber of C'sNumber of steps
    ACCCX338
    ACCCCX471
    ACCCCCX5136
    ACCCCCCCCCCCCCCX1465,553
    -

    By the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.

    -

    Remediation

    -

    There is no fixed version for github.com/whilp/git-urls.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/r3labs/diff -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/r3labs/diff@1.1.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/r3labs/diff@1.1.0 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-version -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, code.gitea.io/sdk/gitea@0.15.1 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - code.gitea.io/sdk/gitea@0.15.1 - - github.com/hashicorp/go-version@1.2.1 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-retryablehttp -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/hashicorp/go-retryablehttp@0.7.4 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/xanzy/go-gitlab@0.91.1 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#9dcecdc3eebf - - github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#9dcecdc3eebf - - github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#9dcecdc3eebf - - github.com/argoproj/notifications-engine/pkg/subscriptions@#9dcecdc3eebf - - github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#9dcecdc3eebf - - github.com/argoproj/notifications-engine/pkg/subscriptions@#9dcecdc3eebf - - github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-cleanhttp -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/hashicorp/go-retryablehttp@0.7.4 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/xanzy/go-gitlab@0.91.1 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/xanzy/go-gitlab@0.91.1 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#9dcecdc3eebf - - github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#9dcecdc3eebf - - github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#9dcecdc3eebf - - github.com/argoproj/notifications-engine/pkg/subscriptions@#9dcecdc3eebf - - github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#9dcecdc3eebf - - github.com/argoproj/notifications-engine/pkg/subscriptions@#9dcecdc3eebf - - github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/gosimple/slug -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/gosimple/slug@1.13.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/gosimple/slug@1.13.1 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Handling of Highly Compressed Data (Data Amplification)

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - github.com/go-jose/go-jose/v3 -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/go-jose/go-jose/v3@3.0.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-jose/go-jose/v3@3.0.1 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/coreos/go-oidc/v3/oidc@3.6.0 - - github.com/go-jose/go-jose/v3@3.0.1 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data (Data Amplification). An attacker could send a JWE containing compressed data that, when decompressed by Decrypt or DecryptMulti, would use large amounts of memory and CPU.

    -

    Remediation

    -

    Upgrade github.com/go-jose/go-jose/v3 to version 3.0.3 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Template Injection

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd ui/yarn.lock -
      • -
    • - Package Manager: npm -
      • -
    • - Vulnerable module: - - dompurify -
      • - -
    • Introduced through: - - - argo-cd-ui@1.0.0, redoc@2.0.0-rc.64 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - argo-cd-ui@1.0.0 - - redoc@2.0.0-rc.64 - - dompurify@2.3.6 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG.

    -

    Affected versions of this package are vulnerable to Template Injection in purify.js, due to inconsistencies in the parsing of XML and HTML tags. Executable code can be injected in HTML inside XML CDATA blocks.

    -

    PoC

    - 
    <![CDATA[ ><img src onerror=alert(1)> ]]>
-
    -

    Remediation

    -

    Upgrade dompurify to version 2.4.9, 3.0.11 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -
    - - - - diff --git a/docs/snyk/v2.9.14/redis_7.0.15-alpine.html b/docs/snyk/v2.9.14/redis_7.0.15-alpine.html deleted file mode 100644 index 7eb5001b6c239..0000000000000 --- a/docs/snyk/v2.9.14/redis_7.0.15-alpine.html +++ /dev/null @@ -1,659 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    May 5th 2024, 12:23:39 am (UTC+00:00)

    -
    -
    - Scanned the following paths: -
      -
    • redis:7.0.15-alpine (apk)
      • -
    • redis:7.0.15-alpine/tianon/gosu//usr/local/bin/gosu (gomodules)
      • -
    -
    - -
    -
    1 known vulnerabilities
    -
    9 vulnerable dependency paths
    -
    19 dependencies
    -
    -
    -
    -
    - -
    -
    -
    -

    CVE-2024-2511

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.19 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|redis@7.0.15-alpine and openssl/libcrypto3@3.1.4-r5 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - openssl/libcrypto3@3.1.4-r5 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - .redis-rundeps@20240315.235535 - - openssl/libcrypto3@3.1.4-r5 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libcrypto3@3.1.4-r5 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - busybox/ssl_client@1.36.1-r15 - - openssl/libcrypto3@3.1.4-r5 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - .redis-rundeps@20240315.235535 - - openssl/libssl3@3.1.4-r5 - - openssl/libcrypto3@3.1.4-r5 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - openssl/libssl3@3.1.4-r5 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - .redis-rundeps@20240315.235535 - - openssl/libssl3@3.1.4-r5 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r5 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - busybox/ssl_client@1.36.1-r15 - - openssl/libssl3@3.1.4-r5 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

    -

    Issue summary: Some non-default TLS server configurations can cause unbounded - memory growth when processing TLSv1.3 sessions

    -

    Impact summary: An attacker may exploit certain server configurations to trigger - unbounded memory growth that would lead to a Denial of Service

    -

    This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is - being used (but not if early_data support is also configured and the default - anti-replay protection is in use). In this case, under certain conditions, the - session cache can get into an incorrect state and it will fail to flush properly - as it fills. The session cache will continue to grow in an unbounded manner. A - malicious client could deliberately create the scenario for this failure to - force a Denial of Service. It may also happen by accident in normal operation.

    -

    This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS - clients.

    -

    The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL - 1.0.2 is also not affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.19 openssl to version 3.1.4-r6 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -
    -
    - - - diff --git a/docs/snyk/v2.9.14/argocd-iac-install.html b/docs/snyk/v2.9.9/argocd-iac-install.html similarity index 99% rename from docs/snyk/v2.9.14/argocd-iac-install.html rename to docs/snyk/v2.9.9/argocd-iac-install.html index 3201c23eb7665..e25fc886459cb 100644 --- a/docs/snyk/v2.9.14/argocd-iac-install.html +++ b/docs/snyk/v2.9.9/argocd-iac-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    May 5th 2024, 12:24:52 am (UTC+00:00)

    +

    March 24th 2024, 12:19:27 am (UTC+00:00)

    Scanned the following path: @@ -2545,7 +2545,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 22194 + Line number: 22188
    • diff --git a/docs/snyk/v2.9.14/argocd-iac-namespace-install.html b/docs/snyk/v2.9.9/argocd-iac-namespace-install.html similarity index 99% rename from docs/snyk/v2.9.14/argocd-iac-namespace-install.html rename to docs/snyk/v2.9.9/argocd-iac-namespace-install.html index 54300b5572051..5fd494538c87c 100644 --- a/docs/snyk/v2.9.14/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.9.9/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    May 5th 2024, 12:25:02 am (UTC+00:00)

    +

    March 24th 2024, 12:19:35 am (UTC+00:00)

    Scanned the following path: @@ -2545,7 +2545,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 1849 + Line number: 1843
    • diff --git a/docs/snyk/v2.8.18/argocd-test.html b/docs/snyk/v2.9.9/argocd-test.html similarity index 51% rename from docs/snyk/v2.8.18/argocd-test.html rename to docs/snyk/v2.9.9/argocd-test.html index 3ba42bf8a64e0..c4894f56b168a 100644 --- a/docs/snyk/v2.8.18/argocd-test.html +++ b/docs/snyk/v2.9.9/argocd-test.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    May 5th 2024, 12:25:21 am (UTC+00:00)

    +

    March 24th 2024, 12:17:43 am (UTC+00:00)

    Scanned the following paths: @@ -467,9 +467,9 @@

    Snyk test report

    -
    15 known vulnerabilities
    -
    237 vulnerable dependency paths
    -
    1856 dependencies
    +
    12 known vulnerabilities
    +
    133 vulnerable dependency paths
    +
    1917 dependencies

    @@ -478,7 +478,7 @@

    Snyk test report

    -

    Allocation of Resources Without Limits or Throttling

    +

    Denial of Service (DoS)

    @@ -497,13 +497,13 @@

    Allocation of Resources Without Limits or Throttling

    Vulnerable module: - golang.org/x/net/http2 + google.golang.org/grpc
  • Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 and google.golang.org/grpc@1.56.2 - github.com/argoproj/argo-cd/v2@0.0.0, k8s.io/apimachinery/pkg/util/net@0.24.2 and others
    • @@ -517,9 +517,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 + google.golang.org/grpc@1.56.2 @@ -528,9 +526,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/soheilhy/cmux@0.1.5 + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - golang.org/x/net/http2@0.19.0 + google.golang.org/grpc@1.56.2 @@ -539,9 +537,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/rest@0.24.2 + google.golang.org/grpc/health/grpc_health_v1@1.56.2 - golang.org/x/net/http2@0.19.0 + google.golang.org/grpc@1.56.2 @@ -552,193 +550,7 @@

    Detailed paths

    github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - golang.org/x/net/http2@0.19.0 - - - - -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc@1.58.3 - - google.golang.org/grpc/internal/transport@1.58.3 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/discovery@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/cache@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/transport/spdy@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/pkg/kubeclientmetrics@#d56162821bd1 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/testing@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/dynamic@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/azure@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/gcp@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/oidc@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/record@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/rest@0.24.2 - - k8s.io/client-go/transport@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 + google.golang.org/grpc@1.56.2 @@ -747,13 +559,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.58.3 - - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/health@1.56.2 - golang.org/x/net/http2@0.19.0 + google.golang.org/grpc@1.56.2 @@ -762,13 +570,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - google.golang.org/grpc/health/grpc_health_v1@1.58.3 + google.golang.org/grpc/reflection@1.56.2 - google.golang.org/grpc@1.58.3 - - google.golang.org/grpc/internal/transport@1.58.3 - - golang.org/x/net/http2@0.19.0 + google.golang.org/grpc@1.56.2 @@ -779,11 +583,7 @@

    Detailed paths

    github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - google.golang.org/grpc@1.58.3 - - google.golang.org/grpc/internal/transport@1.58.3 - - golang.org/x/net/http2@0.19.0 + google.golang.org/grpc@1.56.2 @@ -794,11 +594,7 @@

    Detailed paths

    github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - google.golang.org/grpc@1.58.3 - - google.golang.org/grpc/internal/transport@1.58.3 - - golang.org/x/net/http2@0.19.0 + google.golang.org/grpc@1.56.2 @@ -809,11 +605,7 @@

    Detailed paths

    github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - google.golang.org/grpc@1.58.3 - - google.golang.org/grpc/internal/transport@1.58.3 - - golang.org/x/net/http2@0.19.0 + google.golang.org/grpc@1.56.2 @@ -824,11 +616,7 @@

    Detailed paths

    go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - google.golang.org/grpc@1.58.3 - - google.golang.org/grpc/internal/transport@1.58.3 - - golang.org/x/net/http2@0.19.0 + google.golang.org/grpc@1.56.2 @@ -839,11 +627,7 @@

    Detailed paths

    github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - google.golang.org/grpc@1.58.3 - - google.golang.org/grpc/internal/transport@1.58.3 - - golang.org/x/net/http2@0.19.0 + google.golang.org/grpc@1.56.2 @@ -854,101 +638,7 @@

    Detailed paths

    go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - google.golang.org/grpc@1.58.3 - - google.golang.org/grpc/internal/transport@1.58.3 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/openapi@0.24.2 - - k8s.io/client-go/discovery@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/listers/core/v1@0.24.2 - - k8s.io/client-go/tools/cache@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers@0.24.2 - - k8s.io/client-go/tools/cache@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/clientcmd@0.24.2 - - k8s.io/client-go/tools/auth@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#3446d4ae8520 - - k8s.io/client-go/tools/cache@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/discovery/fake@0.24.2 - - k8s.io/client-go/testing@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 + google.golang.org/grpc@1.56.2 @@ -957,13 +647,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/kubernetes/fake@0.24.2 - - k8s.io/client-go/testing@0.24.2 + github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - k8s.io/client-go/rest@0.24.2 + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - golang.org/x/net/http2@0.19.0 + google.golang.org/grpc@1.56.2 @@ -972,13 +660,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - k8s.io/client-go/dynamic@0.24.2 + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - k8s.io/client-go/rest@0.24.2 + go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal/otlpconfig@1.16.0 - golang.org/x/net/http2@0.19.0 + google.golang.org/grpc@1.56.2 @@ -987,13 +673,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/tools/remotecommand@0.24.2 - - k8s.io/client-go/transport/spdy@0.24.2 + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - k8s.io/client-go/rest@0.24.2 + go.opentelemetry.io/proto/otlp/collector/trace/v1@0.19.0 - golang.org/x/net/http2@0.19.0 + google.golang.org/grpc@1.56.2 @@ -1002,15 +686,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 + github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - k8s.io/apimachinery/pkg/util/net@0.24.2 + google.golang.org/grpc/health/grpc_health_v1@1.56.2 - golang.org/x/net/http2@0.19.0 + google.golang.org/grpc@1.56.2 @@ -1019,15 +699,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + google.golang.org/grpc/reflection@1.56.2 - k8s.io/apimachinery/pkg/watch@0.24.2 + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.56.2 - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 + google.golang.org/grpc@1.56.2 @@ -1036,15 +712,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/api/rbac/v1@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + google.golang.org/grpc/health@1.56.2 - k8s.io/apimachinery/pkg/watch@0.24.2 + google.golang.org/grpc/health/grpc_health_v1@1.56.2 - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 + google.golang.org/grpc@1.56.2 @@ -1053,15 +725,13 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/api/core/v1@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - k8s.io/apimachinery/pkg/watch@0.24.2 + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - k8s.io/apimachinery/pkg/util/net@0.24.2 + github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - golang.org/x/net/http2@0.19.0 + google.golang.org/grpc@1.56.2 @@ -1070,1786 +740,64 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/apimachinery/pkg/api/errors@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 + github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - k8s.io/apimachinery/pkg/util/net@0.24.2 + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/common@#425d65e07695 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/api/equality@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/transport/spdy@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - k8s.io/client-go/transport@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/pkg/kubeclientmetrics@#d56162821bd1 - - k8s.io/client-go/rest@0.24.2 - - k8s.io/client-go/transport@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/testing@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - k8s.io/client-go/transport@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/azure@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - k8s.io/client-go/transport@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/gcp@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - k8s.io/client-go/transport@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/oidc@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - k8s.io/client-go/transport@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - google.golang.org/grpc/health/grpc_health_v1@1.58.3 - - google.golang.org/grpc@1.58.3 - - google.golang.org/grpc/internal/transport@1.58.3 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/reflection@1.58.3 - - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.58.3 - - google.golang.org/grpc@1.58.3 - - google.golang.org/grpc/internal/transport@1.58.3 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health@1.58.3 - - google.golang.org/grpc/health/grpc_health_v1@1.58.3 - - google.golang.org/grpc@1.58.3 - - google.golang.org/grpc/internal/transport@1.58.3 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/cache@#425d65e07695 - - k8s.io/kubectl/pkg/util/openapi@0.24.2 - - k8s.io/client-go/discovery@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync@#425d65e07695 - - k8s.io/kubectl/pkg/util/openapi@0.24.2 - - k8s.io/client-go/discovery@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/utils/kube@#425d65e07695 - - k8s.io/kubectl/pkg/util/openapi@0.24.2 - - k8s.io/client-go/discovery@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#3446d4ae8520 - - k8s.io/client-go/listers/core/v1@0.24.2 - - k8s.io/client-go/tools/cache@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers/core/v1@0.24.2 - - k8s.io/client-go/listers/core/v1@0.24.2 - - k8s.io/client-go/tools/cache@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#3446d4ae8520 - - k8s.io/client-go/tools/clientcmd@0.24.2 - - k8s.io/client-go/tools/auth@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - k8s.io/client-go/dynamic@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/term@0.24.2 - - k8s.io/client-go/tools/remotecommand@0.24.2 - - k8s.io/client-go/transport/spdy@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/Azure/kubelogin/pkg/token@0.0.20 - - k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/resource@#425d65e07695 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/dynamic@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/ignore@#425d65e07695 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#425d65e07695 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/utils/testing@#425d65e07695 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/util/managedfields@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/util/strategicpatch@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/cache@0.24.2 - - k8s.io/client-go/tools/pager@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/scheme@0.11.0 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/resource@0.24.2 - - k8s.io/api/core/v1@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/health@#425d65e07695 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/util/retry@0.24.2 - - k8s.io/apimachinery/pkg/api/errors@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/portforward@0.24.2 - - k8s.io/api/core/v1@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1@0.24.2 - - k8s.io/apimachinery/pkg/api/equality@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/api/validation@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1/validation@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/discovery/fake@0.24.2 - - k8s.io/client-go/testing@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - k8s.io/client-go/transport@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes/fake@0.24.2 - - k8s.io/client-go/testing@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - k8s.io/client-go/transport@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/remotecommand@0.24.2 - - k8s.io/client-go/transport/spdy@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - k8s.io/client-go/transport@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/health@#425d65e07695 - - github.com/argoproj/gitops-engine/pkg/utils/kube@#425d65e07695 - - k8s.io/kubectl/pkg/util/openapi@0.24.2 - - k8s.io/client-go/discovery@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/common@#425d65e07695 - - github.com/argoproj/gitops-engine/pkg/utils/kube@#425d65e07695 - - k8s.io/kubectl/pkg/util/openapi@0.24.2 - - k8s.io/client-go/discovery@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 - - k8s.io/client-go/restmapper@0.24.2 - - k8s.io/client-go/discovery@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - k8s.io/client-go/dynamic@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/envtest@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/internal/testing/controlplane@0.11.0 - - k8s.io/client-go/tools/clientcmd@0.24.2 - - k8s.io/client-go/tools/auth@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/diff@#425d65e07695 - - k8s.io/apimachinery/pkg/util/strategicpatch@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/hook@#425d65e07695 - - github.com/argoproj/gitops-engine/pkg/sync/resource@#425d65e07695 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/runtime/serializer@0.24.2 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/listers/core/v1@0.24.2 - - k8s.io/client-go/tools/cache@0.24.2 - - k8s.io/client-go/tools/pager@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers@0.24.2 - - k8s.io/client-go/tools/cache@0.24.2 - - k8s.io/client-go/tools/pager@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#3446d4ae8520 - - k8s.io/client-go/tools/cache@0.24.2 - - k8s.io/client-go/tools/pager@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes/scheme@0.24.2 - - k8s.io/api/storage/v1beta1@0.24.2 - - k8s.io/api/core/v1@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/record@0.24.2 - - k8s.io/client-go/tools/reference@0.24.2 - - k8s.io/api/core/v1@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#425d65e07695 - - k8s.io/apimachinery/pkg/util/managedfields@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - k8s.io/client-go/dynamic@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/term@0.24.2 - - k8s.io/client-go/tools/remotecommand@0.24.2 - - k8s.io/client-go/transport/spdy@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - k8s.io/client-go/transport@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.58.3 - - google.golang.org/grpc/internal/transport@1.58.3 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/handler@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/cache@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/cache/internal@0.11.0 - - k8s.io/client-go/tools/cache@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes@0.24.2 - - k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.24.2 - - k8s.io/client-go/applyconfigurations/storage/v1beta1@0.24.2 - - k8s.io/client-go/applyconfigurations/meta/v1@0.24.2 - - k8s.io/client-go/discovery@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/builder@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/webhook/admission@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/metrics@0.11.0 - - k8s.io/client-go/tools/cache@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/clientcmd@0.24.2 - - k8s.io/client-go/tools/clientcmd/api/latest@0.24.2 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#3446d4ae8520 - - k8s.io/client-go/listers/core/v1@0.24.2 - - k8s.io/client-go/tools/cache@0.24.2 - - k8s.io/client-go/tools/pager@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers/core/v1@0.24.2 - - k8s.io/client-go/listers/core/v1@0.24.2 - - k8s.io/client-go/tools/cache@0.24.2 - - k8s.io/client-go/tools/pager@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/discovery@0.24.2 - - k8s.io/client-go/kubernetes/scheme@0.24.2 - - k8s.io/api/storage/v1beta1@0.24.2 - - k8s.io/api/core/v1@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - k8s.io/client-go/dynamic@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/hook@#425d65e07695 - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#425d65e07695 - - github.com/argoproj/gitops-engine/pkg/sync/common@#425d65e07695 - - github.com/argoproj/gitops-engine/pkg/utils/kube@#425d65e07695 - - k8s.io/kubectl/pkg/util/openapi@0.24.2 - - k8s.io/client-go/discovery@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#425d65e07695 - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#425d65e07695 - - github.com/argoproj/gitops-engine/pkg/sync/common@#425d65e07695 - - github.com/argoproj/gitops-engine/pkg/utils/kube@#425d65e07695 - - k8s.io/kubectl/pkg/util/openapi@0.24.2 - - k8s.io/client-go/discovery@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/manager@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/webhook@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/metrics@0.11.0 - - k8s.io/client-go/tools/cache@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/source@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/source/internal@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - k8s.io/client-go/dynamic@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/builder@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/webhook/conversion@0.11.0 - - k8s.io/apimachinery/pkg/runtime/serializer@0.24.2 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/envtest@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/webhook/conversion@0.11.0 - - k8s.io/apimachinery/pkg/runtime/serializer@0.24.2 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#3446d4ae8520 - - k8s.io/client-go/tools/clientcmd@0.24.2 - - k8s.io/client-go/tools/clientcmd/api/latest@0.24.2 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/openapi@0.24.2 - - k8s.io/client-go/discovery@0.24.2 - - k8s.io/client-go/kubernetes/scheme@0.24.2 - - k8s.io/api/storage/v1beta1@0.24.2 - - k8s.io/api/core/v1@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes@0.24.2 - - k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.24.2 - - k8s.io/client-go/kubernetes/scheme@0.24.2 - - k8s.io/api/storage/v1beta1@0.24.2 - - k8s.io/api/core/v1@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - k8s.io/client-go/dynamic@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/ignore@#425d65e07695 - - github.com/argoproj/gitops-engine/pkg/sync/hook@#425d65e07695 - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#425d65e07695 - - github.com/argoproj/gitops-engine/pkg/sync/common@#425d65e07695 - - github.com/argoproj/gitops-engine/pkg/utils/kube@#425d65e07695 - - k8s.io/kubectl/pkg/util/openapi@0.24.2 - - k8s.io/client-go/discovery@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/controller@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/source@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/source/internal@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - k8s.io/client-go/dynamic@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/cache@#425d65e07695 - - k8s.io/kubectl/pkg/util/openapi@0.24.2 - - k8s.io/client-go/discovery@0.24.2 - - k8s.io/client-go/kubernetes/scheme@0.24.2 - - k8s.io/api/storage/v1beta1@0.24.2 - - k8s.io/api/core/v1@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync@#425d65e07695 - - k8s.io/kubectl/pkg/util/openapi@0.24.2 - - k8s.io/client-go/discovery@0.24.2 - - k8s.io/client-go/kubernetes/scheme@0.24.2 - - k8s.io/api/storage/v1beta1@0.24.2 - - k8s.io/api/core/v1@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/utils/kube@#425d65e07695 - - k8s.io/kubectl/pkg/util/openapi@0.24.2 - - k8s.io/client-go/discovery@0.24.2 - - k8s.io/client-go/kubernetes/scheme@0.24.2 - - k8s.io/api/storage/v1beta1@0.24.2 - - k8s.io/api/core/v1@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/handler@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/cache@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/cache/internal@0.11.0 - - k8s.io/client-go/tools/cache@0.24.2 - - k8s.io/client-go/tools/pager@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 - - k8s.io/client-go/restmapper@0.24.2 - - k8s.io/client-go/discovery@0.24.2 - - k8s.io/client-go/kubernetes/scheme@0.24.2 - - k8s.io/api/storage/v1beta1@0.24.2 - - k8s.io/api/core/v1@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/source@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/source/internal@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - k8s.io/client-go/dynamic@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/controller@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/source@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/source/internal@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - k8s.io/client-go/dynamic@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • - - -
    - -
    - -

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    -

    Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when reading header data from CONTINUATION frames. As part of the HPACK flow, all incoming HEADERS and CONTINUATION frames are read even if their payloads exceed MaxHeaderBytes and will be discarded. An attacker can send excessive data over a connection to render it unresponsive.

    -

    Remediation

    -

    Upgrade golang.org/x/net/http2 to version 0.23.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Denial of Service (DoS)

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - github.com/go-jose/go-jose/v3 -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/coreos/go-oidc/v3/oidc@3.6.0 and others -
      • -
    - -
    + github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 + + google.golang.org/grpc@1.56.2 + + + +
  • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + + google.golang.org/grpc@1.56.2 + + -

    Detailed paths

    +
    • +
  • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 + + go.opentelemetry.io/proto/otlp/collector/trace/v1@0.19.0 + + github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.11.3 + + google.golang.org/grpc/health/grpc_health_v1@1.56.2 + + google.golang.org/grpc@1.56.2 + + -
      +
    • Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/coreos/go-oidc/v3/oidc@3.6.0 + github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - github.com/go-jose/go-jose/v3@3.0.0 + google.golang.org/grpc@1.56.2 @@ -2861,32 +809,32 @@

      Detailed paths

      Overview

      -

      Affected versions of this package are vulnerable to Denial of Service (DoS) when decrypting JWE inputs. An attacker can cause a denial-of-service by providing a PBES2 encrypted JWE blob with a very large p2c value.

      -

      Details

      -

      Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

      -

      Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

      -

      One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

      -

      When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

      -

      Two common types of DoS vulnerabilities:

      -
        -

      • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

        -
        • -

      • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

        -
        • -
      +

      google.golang.org/grpc is a Go implementation of gRPC

      +

      Affected versions of this package are vulnerable to Denial of Service (DoS) in the implementation of the HTTP/2 protocol. An attacker can cause a denial of service (including via DDoS) by rapidly resetting many streams through request cancellation.

      Remediation

      -

      Upgrade github.com/go-jose/go-jose/v3 to version 3.0.1 or higher.

      +

      Upgrade google.golang.org/grpc to version 1.56.3, 1.57.1, 1.58.3 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    • @@ -3024,11 +972,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -3043,11 +991,11 @@

    Detailed paths

    github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -3060,13 +1008,13 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - google.golang.org/grpc/health/grpc_health_v1@1.58.3 + google.golang.org/grpc/health/grpc_health_v1@1.56.2 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -3081,11 +1029,11 @@

    Detailed paths

    github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -3100,11 +1048,11 @@

    Detailed paths

    github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -3119,11 +1067,11 @@

    Detailed paths

    github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -3138,11 +1086,11 @@

    Detailed paths

    go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -3157,11 +1105,11 @@

    Detailed paths

    github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -3176,11 +1124,11 @@

    Detailed paths

    go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -3195,13 +1143,13 @@

    Detailed paths

    github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - google.golang.org/grpc/health/grpc_health_v1@1.58.3 + google.golang.org/grpc/health/grpc_health_v1@1.56.2 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -3214,15 +1162,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - google.golang.org/grpc/reflection@1.58.3 + google.golang.org/grpc/reflection@1.56.2 - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.58.3 + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.56.2 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -3235,15 +1183,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - google.golang.org/grpc/health@1.58.3 + google.golang.org/grpc/health@1.56.2 - google.golang.org/grpc/health/grpc_health_v1@1.58.3 + google.golang.org/grpc/health/grpc_health_v1@1.56.2 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -3264,11 +1212,11 @@

    Detailed paths

    github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -3371,11 +1319,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -3390,7 +1338,7 @@

    Detailed paths

    go.opentelemetry.io/proto/otlp/collector/trace/v1@0.19.0 - github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.7.0 + github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.11.3 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -3403,11 +1351,11 @@

    Detailed paths

    github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -3418,13 +1366,13 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - google.golang.org/grpc/health/grpc_health_v1@1.58.3 + google.golang.org/grpc/health/grpc_health_v1@1.56.2 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -3437,11 +1385,11 @@

    Detailed paths

    github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -3454,11 +1402,11 @@

    Detailed paths

    github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -3471,11 +1419,11 @@

    Detailed paths

    github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -3488,11 +1436,11 @@

    Detailed paths

    go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -3505,11 +1453,11 @@

    Detailed paths

    github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -3522,11 +1470,11 @@

    Detailed paths

    go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -3537,11 +1485,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 github.com/golang/protobuf/jsonpb@1.4.2 @@ -3549,6 +1497,23 @@

    Detailed paths

     + +
  • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 + + go.opentelemetry.io/proto/otlp/collector/trace/v1@0.19.0 + + github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.11.3 + + google.golang.org/protobuf/types/known/structpb@1.31.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + +
  • Introduced through: @@ -3556,13 +1521,13 @@

    Detailed paths

    github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - google.golang.org/grpc/health/grpc_health_v1@1.58.3 + google.golang.org/grpc/health/grpc_health_v1@1.56.2 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -3573,15 +1538,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - google.golang.org/grpc/reflection@1.58.3 + google.golang.org/grpc/reflection@1.56.2 - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.58.3 + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.56.2 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -3592,15 +1557,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - google.golang.org/grpc/health@1.58.3 + google.golang.org/grpc/health@1.56.2 - google.golang.org/grpc/health/grpc_health_v1@1.58.3 + google.golang.org/grpc/health/grpc_health_v1@1.56.2 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -3613,11 +1578,11 @@

    Detailed paths

    github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 github.com/golang/protobuf/jsonpb@1.4.2 @@ -3630,13 +1595,13 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - google.golang.org/grpc/health/grpc_health_v1@1.58.3 + google.golang.org/grpc/health/grpc_health_v1@1.56.2 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 github.com/golang/protobuf/jsonpb@1.4.2 @@ -3651,11 +1616,11 @@

    Detailed paths

    github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 github.com/golang/protobuf/jsonpb@1.4.2 @@ -3670,11 +1635,11 @@

    Detailed paths

    github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 github.com/golang/protobuf/jsonpb@1.4.2 @@ -3689,11 +1654,11 @@

    Detailed paths

    github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 github.com/golang/protobuf/jsonpb@1.4.2 @@ -3708,11 +1673,11 @@

    Detailed paths

    go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 github.com/golang/protobuf/jsonpb@1.4.2 @@ -3727,11 +1692,11 @@

    Detailed paths

    github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 github.com/golang/protobuf/jsonpb@1.4.2 @@ -3746,11 +1711,11 @@

    Detailed paths

    go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 github.com/golang/protobuf/jsonpb@1.4.2 @@ -3765,13 +1730,13 @@

    Detailed paths

    github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - google.golang.org/grpc/health/grpc_health_v1@1.58.3 + google.golang.org/grpc/health/grpc_health_v1@1.56.2 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 github.com/golang/protobuf/jsonpb@1.4.2 @@ -3784,15 +1749,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - google.golang.org/grpc/reflection@1.58.3 + google.golang.org/grpc/reflection@1.56.2 - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.58.3 + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.56.2 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 github.com/golang/protobuf/jsonpb@1.4.2 @@ -3805,15 +1770,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - google.golang.org/grpc/health@1.58.3 + google.golang.org/grpc/health@1.56.2 - google.golang.org/grpc/health/grpc_health_v1@1.58.3 + google.golang.org/grpc/health/grpc_health_v1@1.56.2 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 github.com/golang/protobuf/jsonpb@1.4.2 @@ -3834,11 +1799,11 @@

    Detailed paths

    github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -3857,11 +1822,11 @@

    Detailed paths

    github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 github.com/golang/protobuf/jsonpb@1.4.2 @@ -3961,11 +1926,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -3980,7 +1945,7 @@

    Detailed paths

    go.opentelemetry.io/proto/otlp/collector/trace/v1@0.19.0 - github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.7.0 + github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.11.3 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -3993,11 +1958,11 @@

    Detailed paths

    github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -4008,13 +1973,13 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - google.golang.org/grpc/health/grpc_health_v1@1.58.3 + google.golang.org/grpc/health/grpc_health_v1@1.56.2 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -4027,11 +1992,11 @@

    Detailed paths

    github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -4044,11 +2009,11 @@

    Detailed paths

    github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -4061,11 +2026,11 @@

    Detailed paths

    github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -4078,11 +2043,11 @@

    Detailed paths

    go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -4095,11 +2060,11 @@

    Detailed paths

    github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -4112,11 +2077,11 @@

    Detailed paths

    go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -4127,11 +2092,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 github.com/golang/protobuf/jsonpb@1.4.2 @@ -4139,6 +2104,23 @@

    Detailed paths

     +
    • +
  • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 + + go.opentelemetry.io/proto/otlp/collector/trace/v1@0.19.0 + + github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.11.3 + + google.golang.org/protobuf/types/known/structpb@1.31.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + +
  • Introduced through: @@ -4146,13 +2128,13 @@

    Detailed paths

    github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - google.golang.org/grpc/health/grpc_health_v1@1.58.3 + google.golang.org/grpc/health/grpc_health_v1@1.56.2 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -4163,15 +2145,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - google.golang.org/grpc/reflection@1.58.3 + google.golang.org/grpc/reflection@1.56.2 - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.58.3 + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.56.2 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -4182,15 +2164,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - google.golang.org/grpc/health@1.58.3 + google.golang.org/grpc/health@1.56.2 - google.golang.org/grpc/health/grpc_health_v1@1.58.3 + google.golang.org/grpc/health/grpc_health_v1@1.56.2 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -4203,11 +2185,11 @@

    Detailed paths

    github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 github.com/golang/protobuf/jsonpb@1.4.2 @@ -4220,13 +2202,13 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - google.golang.org/grpc/health/grpc_health_v1@1.58.3 + google.golang.org/grpc/health/grpc_health_v1@1.56.2 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 github.com/golang/protobuf/jsonpb@1.4.2 @@ -4241,11 +2223,11 @@

    Detailed paths

    github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 github.com/golang/protobuf/jsonpb@1.4.2 @@ -4260,11 +2242,11 @@

    Detailed paths

    github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 github.com/golang/protobuf/jsonpb@1.4.2 @@ -4279,11 +2261,11 @@

    Detailed paths

    github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 github.com/golang/protobuf/jsonpb@1.4.2 @@ -4298,11 +2280,11 @@

    Detailed paths

    go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 github.com/golang/protobuf/jsonpb@1.4.2 @@ -4317,11 +2299,11 @@

    Detailed paths

    github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 github.com/golang/protobuf/jsonpb@1.4.2 @@ -4336,11 +2318,11 @@

    Detailed paths

    go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 github.com/golang/protobuf/jsonpb@1.4.2 @@ -4355,13 +2337,13 @@

    Detailed paths

    github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - google.golang.org/grpc/health/grpc_health_v1@1.58.3 + google.golang.org/grpc/health/grpc_health_v1@1.56.2 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 github.com/golang/protobuf/jsonpb@1.4.2 @@ -4374,15 +2356,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - google.golang.org/grpc/reflection@1.58.3 + google.golang.org/grpc/reflection@1.56.2 - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.58.3 + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.56.2 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 github.com/golang/protobuf/jsonpb@1.4.2 @@ -4395,15 +2377,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - google.golang.org/grpc/health@1.58.3 + google.golang.org/grpc/health@1.56.2 - google.golang.org/grpc/health/grpc_health_v1@1.58.3 + google.golang.org/grpc/health/grpc_health_v1@1.56.2 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 github.com/golang/protobuf/jsonpb@1.4.2 @@ -4424,11 +2406,11 @@

    Detailed paths

    github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -4447,11 +2429,11 @@

    Detailed paths

    github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 github.com/golang/protobuf/jsonpb@1.4.2 @@ -4559,7 +2541,7 @@

    Detailed paths

    github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - github.com/skeema/knownhosts@1.2.2 + github.com/skeema/knownhosts@1.2.1 golang.org/x/crypto/ssh@0.16.0 @@ -4585,7 +2567,7 @@

    Detailed paths

    github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - github.com/skeema/knownhosts@1.2.2 + github.com/skeema/knownhosts@1.2.1 golang.org/x/crypto/ssh/knownhosts@0.16.0 @@ -4602,7 +2584,7 @@

    Detailed paths

    github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - github.com/skeema/knownhosts@1.2.2 + github.com/skeema/knownhosts@1.2.1 golang.org/x/crypto/ssh@0.16.0 @@ -4647,7 +2629,7 @@

    Detailed paths

    github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - github.com/skeema/knownhosts@1.2.2 + github.com/skeema/knownhosts@1.2.1 golang.org/x/crypto/ssh/knownhosts@0.16.0 @@ -4666,7 +2648,7 @@

    Detailed paths

    github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - github.com/skeema/knownhosts@1.2.2 + github.com/skeema/knownhosts@1.2.1 golang.org/x/crypto/ssh@0.16.0 @@ -4700,7 +2682,7 @@

    Detailed paths

    github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - github.com/skeema/knownhosts@1.2.2 + github.com/skeema/knownhosts@1.2.1 golang.org/x/crypto/ssh/knownhosts@0.16.0 @@ -4760,18 +2742,13 @@

    References

  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
    • -
  • GitHub Commit
    • -
  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
  • GitHub Issue
  • GitHub Issue
    • -
  • GitHub PR
  • Go Forum
  • Google Groups Forum
    • -
  • Jenkins Advisory
  • Security Release
    • -
  • Nuclei Templates
    • @@ -4780,221 +2757,6 @@

    References

    More about this vulnerability

    -
    -
    -

    Regular Expression Denial of Service (ReDoS)

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - github.com/whilp/git-urls -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/whilp/git-urls@1.0.2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/whilp/git-urls@1.0.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 - - github.com/whilp/git-urls@1.0.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#3446d4ae8520 - - github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 - - github.com/whilp/git-urls@1.0.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#3446d4ae8520 - - github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 - - github.com/whilp/git-urls@1.0.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#3446d4ae8520 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#3446d4ae8520 - - github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 - - github.com/whilp/git-urls@1.0.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#3446d4ae8520 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#3446d4ae8520 - - github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 - - github.com/whilp/git-urls@1.0.2 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    github.com/whilp/git-urls is a Git URLs parser

    -

    Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression in scpSyntax. Exploiting this vulnerability is possible when a long input is provided inside the directory path of the git URL.

    -

    Note: - This vulnerability has existed since commit 4a18977c6eecbf4ce0ca1e486e9ba77072ba4395.

    -

    PoC

    - 
    
-        var payload = strings.Repeat("////", 19000000) //payload used, the number can be tweaked to cause 7 second delay
-        malicious_url := "6en6ar@-:0////" + payload + "\"
-        begin := time.Now()
-        //u, err := giturls.ParseScp("remote_username@10.10.0.2:/remote/directory")// normal git url
-        _, err := giturls.ParseScp(malicious_url)
-        if err != nil {
-        fmt.Errorf("[ - ] Error ->" + err.Error())
-        }
-        //fmt.Println("[ + ] Url --> " + u.Host)
-        elapse := time.Since(begin)
-        fmt.Printf("Function took %s", elapse)
-
    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.

    -

    The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.

    -

    Let’s take the following regular expression as an example:

    - 
    regex = /A(B|C+)+D/
-
    -

    This regular expression accomplishes the following:

    -
      -
    • A The string must start with the letter 'A'
      • -
    • (B|C+)+ The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the + matches one or more times). The + at the end of this section states that we can look for one or more matches of this section.
      • -
    • D Finally, we ensure this section of the string ends with a 'D'
      • -
    -

    The expression would match inputs such as ABBD, ABCCCCD, ABCBCCCD and ACCCCCD

    -

    It most cases, it doesn't take very long for a regex engine to find a match:

    - 
    $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD")'
-        0.04s user 0.01s system 95% cpu 0.052 total
-        
-        $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX")'
-        1.79s user 0.02s system 99% cpu 1.812 total
-
    -

    The entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.

    -

    Most Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as catastrophic backtracking.

    -

    Let's look at how our expression runs into this problem, using a shorter string: "ACCCX". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:

    -
      -
    1. CCC
      2. -
    2. CC+C
      3. -
    3. C+CC
      4. -
    4. C+C+C.
      5. -
    -

    The engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use RegEx 101 debugger to see the engine has to take a total of 38 steps before it can determine the string doesn't match.

    -

    From there, the number of steps the engine must use to validate a string just continues to grow.

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    StringNumber of C'sNumber of steps
    ACCCX338
    ACCCCX471
    ACCCCCX5136
    ACCCCCCCCCCCCCCX1465,553
    -

    By the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.

    -

    Remediation

    -

    There is no fixed version for github.com/whilp/git-urls.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    -

    MPL-2.0 license

    @@ -5167,7 +2929,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/xanzy/go-gitlab@0.86.0 + github.com/xanzy/go-gitlab@0.91.1 github.com/hashicorp/go-retryablehttp@0.7.4 @@ -5178,7 +2940,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 + github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -5191,9 +2953,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/cmd@#3446d4ae8520 + github.com/argoproj/notifications-engine/pkg/subscriptions@#9dcecdc3eebf - github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 + github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -5206,9 +2968,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/subscriptions@#3446d4ae8520 + github.com/argoproj/notifications-engine/pkg/cmd@#9dcecdc3eebf - github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 + github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -5221,11 +2983,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/api@#3446d4ae8520 + github.com/argoproj/notifications-engine/pkg/api@#9dcecdc3eebf - github.com/argoproj/notifications-engine/pkg/subscriptions@#3446d4ae8520 + github.com/argoproj/notifications-engine/pkg/subscriptions@#9dcecdc3eebf - github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 + github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -5238,11 +3000,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/controller@#3446d4ae8520 + github.com/argoproj/notifications-engine/pkg/controller@#9dcecdc3eebf - github.com/argoproj/notifications-engine/pkg/subscriptions@#3446d4ae8520 + github.com/argoproj/notifications-engine/pkg/subscriptions@#9dcecdc3eebf - github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 + github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -5317,7 +3079,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/xanzy/go-gitlab@0.86.0 + github.com/xanzy/go-gitlab@0.91.1 github.com/hashicorp/go-cleanhttp@0.5.2 @@ -5328,7 +3090,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/xanzy/go-gitlab@0.86.0 + github.com/xanzy/go-gitlab@0.91.1 github.com/hashicorp/go-retryablehttp@0.7.4 @@ -5341,7 +3103,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 + github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -5356,9 +3118,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/cmd@#3446d4ae8520 + github.com/argoproj/notifications-engine/pkg/subscriptions@#9dcecdc3eebf - github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 + github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -5373,9 +3135,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/subscriptions@#3446d4ae8520 + github.com/argoproj/notifications-engine/pkg/cmd@#9dcecdc3eebf - github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 + github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -5390,11 +3152,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/api@#3446d4ae8520 + github.com/argoproj/notifications-engine/pkg/api@#9dcecdc3eebf - github.com/argoproj/notifications-engine/pkg/subscriptions@#3446d4ae8520 + github.com/argoproj/notifications-engine/pkg/subscriptions@#9dcecdc3eebf - github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 + github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -5409,11 +3171,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/controller@#3446d4ae8520 + github.com/argoproj/notifications-engine/pkg/controller@#9dcecdc3eebf - github.com/argoproj/notifications-engine/pkg/subscriptions@#3446d4ae8520 + github.com/argoproj/notifications-engine/pkg/subscriptions@#9dcecdc3eebf - github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 + github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -5524,8 +3286,8 @@

    Improper Handling of Highly Compressed Data (Data Amplif
  • Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 and github.com/go-jose/go-jose/v3@3.0.1 - github.com/argoproj/argo-cd/v2@0.0.0, github.com/coreos/go-oidc/v3/oidc@3.6.0 and others
    • @@ -5539,80 +3301,18 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/coreos/go-oidc/v3/oidc@3.6.0 - - github.com/go-jose/go-jose/v3@3.0.0 + github.com/go-jose/go-jose/v3@3.0.1 - - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data (Data Amplification). An attacker could send a JWE containing compressed data that, when decompressed by Decrypt or DecryptMulti, would use large amounts of memory and CPU.

    -

    Remediation

    -

    Upgrade github.com/go-jose/go-jose/v3 to version 3.0.3 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Template Injection

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd ui/yarn.lock -
      • -
    • - Package Manager: npm -
      • -
    • - Vulnerable module: - - dompurify -
      • - -
    • Introduced through: - - - argo-cd-ui@1.0.0, redoc@2.0.0-rc.64 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
    • Introduced through: - argo-cd-ui@1.0.0 + github.com/argoproj/argo-cd/v2@0.0.0 - redoc@2.0.0-rc.64 + github.com/coreos/go-oidc/v3/oidc@3.6.0 - dompurify@2.3.6 + github.com/go-jose/go-jose/v3@3.0.1 @@ -5624,24 +3324,20 @@

      Detailed paths

      Overview

      -

      dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG.

      -

      Affected versions of this package are vulnerable to Template Injection in purify.js, due to inconsistencies in the parsing of XML and HTML tags. Executable code can be injected in HTML inside XML CDATA blocks.

      -

      PoC

      - 
      <![CDATA[ ><img src onerror=alert(1)> ]]>
-
      +

      Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data (Data Amplification). An attacker could send a JWE containing compressed data that, when decompressed by Decrypt or DecryptMulti, would use large amounts of memory and CPU.

      Remediation

      -

      Upgrade dompurify to version 2.4.9, 3.0.11 or higher.

      +

      Upgrade github.com/go-jose/go-jose/v3 to version 3.0.3 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    diff --git a/docs/snyk/v2.8.18/ghcr.io_dexidp_dex_v2.37.0.html b/docs/snyk/v2.9.9/ghcr.io_dexidp_dex_v2.37.0.html similarity index 89% rename from docs/snyk/v2.8.18/ghcr.io_dexidp_dex_v2.37.0.html rename to docs/snyk/v2.9.9/ghcr.io_dexidp_dex_v2.37.0.html index 1ade62e22c1ae..ca1fb70c0e4b2 100644 --- a/docs/snyk/v2.8.18/ghcr.io_dexidp_dex_v2.37.0.html +++ b/docs/snyk/v2.9.9/ghcr.io_dexidp_dex_v2.37.0.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    May 5th 2024, 12:25:26 am (UTC+00:00)

    +

    March 24th 2024, 12:17:49 am (UTC+00:00)

    Scanned the following paths: @@ -469,8 +469,8 @@

    Snyk test report

    -
    44 known vulnerabilities
    -
    130 vulnerable dependency paths
    +
    42 known vulnerabilities
    +
    121 vulnerable dependency paths
    786 dependencies
    @@ -655,7 +655,7 @@

    Remediation

    Upgrade Alpine:3.18 busybox to version 1.36.1-r1 or higher.

    References

    @@ -818,14 +818,14 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r0 or higher.

    References

    @@ -904,7 +904,6 @@

    References

    -
    -
    -

    Allocation of Resources Without Limits or Throttling

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/net/http2 -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and golang.org/x/net/http2@v0.7.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - golang.org/x/net/http2@v0.7.0 - - - -
      • -
    • - Introduced through: - github.com/dexidp/dex@* - - golang.org/x/net/http2@v0.11.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    -

    Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when reading header data from CONTINUATION frames. As part of the HPACK flow, all incoming HEADERS and CONTINUATION frames are read even if their payloads exceed MaxHeaderBytes and will be discarded. An attacker can send excessive data over a connection to render it unresponsive.

    -

    Remediation

    -

    Upgrade golang.org/x/net/http2 to version 0.23.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    -

    Heap-based Buffer Overflow

    @@ -1236,7 +1154,6 @@

    Remediation

    Upgrade github.com/go-jose/go-jose/v3 to version 3.0.1 or higher.

    References

    @@ -1386,13 +1303,13 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.1-r2 or higher.

    References

    @@ -1545,18 +1462,18 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.1-r3 or higher.

    References

    @@ -1707,20 +1624,20 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.2-r0 or higher.

    References

    @@ -1875,14 +1792,13 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r1 or higher.

    References

    @@ -2046,10 +1962,6 @@

    References

  • https://www.openssl.org/news/secadv/20240109.txt
  • http://www.openwall.com/lists/oss-security/2024/01/09/1
  • https://security.netapp.com/advisory/ntap-20240216-0009/
    • -
  • https://security.netapp.com/advisory/ntap-20240426-0008/
    • -
  • https://security.netapp.com/advisory/ntap-20240426-0013/
    • -
  • http://www.openwall.com/lists/oss-security/2024/03/11/1
    • -
  • https://security.netapp.com/advisory/ntap-20240503-0011/
    • @@ -2196,14 +2108,13 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r5 or higher.

    References

    @@ -2734,18 +2645,13 @@

    References

  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
    • -
  • GitHub Commit
    • -
  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
  • GitHub Issue
  • GitHub Issue
    • -
  • GitHub PR
  • Go Forum
  • Google Groups Forum
    • -
  • Jenkins Advisory
  • Security Release
    • -
  • Nuclei Templates
    • @@ -4412,38 +4318,9 @@

    Detailed paths

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Checking excessively long invalid RSA public keys may take - a long time.

    -

    Impact summary: Applications that use the function EVP_PKEY_public_check() - to check RSA public keys may experience long delays. Where the key that - is being checked has been obtained from an untrusted source this may lead - to a Denial of Service.

    -

    When function EVP_PKEY_public_check() is called on RSA public keys, - a computation is done to confirm that the RSA modulus, n, is composite. - For valid RSA keys, n is a product of two or more large primes and this - computation completes quickly. However, if n is an overly large prime, - then this computation would take a long time.

    -

    An application that calls EVP_PKEY_public_check() and supplies an RSA key - obtained from an untrusted source could be vulnerable to a Denial of Service - attack.

    -

    The function EVP_PKEY_public_check() is not called from other OpenSSL - functions however it is called from the OpenSSL pkey command line - application. For that reason that application is also vulnerable if used - with the '-pubin' and '-check' options on untrusted data.

    -

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    -

    The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

    +

    This vulnerability has not been analyzed by NVD yet.

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r4 or higher.

    -

    References

    -
    @@ -4452,158 +4329,6 @@

    References

    -
    -

    CVE-2024-2511

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Some non-default TLS server configurations can cause unbounded - memory growth when processing TLSv1.3 sessions

    -

    Impact summary: An attacker may exploit certain server configurations to trigger - unbounded memory growth that would lead to a Denial of Service

    -

    This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is - being used (but not if early_data support is also configured and the default - anti-replay protection is in use). In this case, under certain conditions, the - session cache can get into an incorrect state and it will fail to flush properly - as it fills. The session cache will continue to grow in an unbounded manner. A - malicious client could deliberately create the scenario for this failure to - force a Denial of Service. It may also happen by accident in normal operation.

    -

    This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS - clients.

    -

    The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL - 1.0.2 is also not affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.4-r6 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    diff --git a/docs/snyk/v2.10.9/haproxy_2.6.14-alpine.html b/docs/snyk/v2.9.9/haproxy_2.6.14-alpine.html similarity index 78% rename from docs/snyk/v2.10.9/haproxy_2.6.14-alpine.html rename to docs/snyk/v2.9.9/haproxy_2.6.14-alpine.html index 22f27bd619126..22d46e565dc6f 100644 --- a/docs/snyk/v2.10.9/haproxy_2.6.14-alpine.html +++ b/docs/snyk/v2.9.9/haproxy_2.6.14-alpine.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    May 5th 2024, 12:20:52 am (UTC+00:00)

    +

    March 24th 2024, 12:17:53 am (UTC+00:00)

    Scanned the following path: @@ -466,8 +466,8 @@

    Snyk test report

    -
    6 known vulnerabilities
    -
    54 vulnerable dependency paths
    +
    5 known vulnerabilities
    +
    45 vulnerable dependency paths
    18 dependencies
    @@ -660,14 +660,14 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r0 or higher.

    References

    @@ -844,14 +844,13 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r1 or higher.

    References

    @@ -1037,10 +1036,6 @@

    References

  • https://www.openssl.org/news/secadv/20240109.txt
  • http://www.openwall.com/lists/oss-security/2024/01/09/1
  • https://security.netapp.com/advisory/ntap-20240216-0009/
    • -
  • https://security.netapp.com/advisory/ntap-20240426-0008/
    • -
  • https://security.netapp.com/advisory/ntap-20240426-0013/
    • -
  • http://www.openwall.com/lists/oss-security/2024/03/11/1
    • -
  • https://security.netapp.com/advisory/ntap-20240503-0011/
    • @@ -1209,14 +1204,13 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r5 or higher.

    References

    @@ -1363,38 +1357,9 @@

    Detailed paths

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Checking excessively long invalid RSA public keys may take - a long time.

    -

    Impact summary: Applications that use the function EVP_PKEY_public_check() - to check RSA public keys may experience long delays. Where the key that - is being checked has been obtained from an untrusted source this may lead - to a Denial of Service.

    -

    When function EVP_PKEY_public_check() is called on RSA public keys, - a computation is done to confirm that the RSA modulus, n, is composite. - For valid RSA keys, n is a product of two or more large primes and this - computation completes quickly. However, if n is an overly large prime, - then this computation would take a long time.

    -

    An application that calls EVP_PKEY_public_check() and supplies an RSA key - obtained from an untrusted source could be vulnerable to a Denial of Service - attack.

    -

    The function EVP_PKEY_public_check() is not called from other OpenSSL - functions however it is called from the OpenSSL pkey command line - application. For that reason that application is also vulnerable if used - with the '-pubin' and '-check' options on untrusted data.

    -

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    -

    The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

    +

    This vulnerability has not been analyzed by NVD yet.

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r4 or higher.

    -

    References

    -
    @@ -1403,180 +1368,6 @@

    References

    -
    -

    CVE-2024-2511

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Some non-default TLS server configurations can cause unbounded - memory growth when processing TLSv1.3 sessions

    -

    Impact summary: An attacker may exploit certain server configurations to trigger - unbounded memory growth that would lead to a Denial of Service

    -

    This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is - being used (but not if early_data support is also configured and the default - anti-replay protection is in use). In this case, under certain conditions, the - session cache can get into an incorrect state and it will fail to flush properly - as it fills. The session cache will continue to grow in an unbounded manner. A - malicious client could deliberately create the scenario for this failure to - force a Denial of Service. It may also happen by accident in normal operation.

    -

    This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS - clients.

    -

    The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL - 1.0.2 is also not affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.4-r6 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    diff --git a/docs/snyk/v2.8.18/quay.io_argoproj_argocd_v2.8.18.html b/docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html similarity index 89% rename from docs/snyk/v2.8.18/quay.io_argoproj_argocd_v2.8.18.html rename to docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html index b708770d0969c..704d480d51ff7 100644 --- a/docs/snyk/v2.8.18/quay.io_argoproj_argocd_v2.8.18.html +++ b/docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,23 +456,23 @@

    Snyk test report

    -

    May 5th 2024, 12:25:52 am (UTC+00:00)

    +

    March 24th 2024, 12:18:09 am (UTC+00:00)

    Scanned the following paths:
      -
    • quay.io/argoproj/argocd:v2.8.18/argoproj/argocd/Dockerfile (deb)
      • -
    • quay.io/argoproj/argocd:v2.8.18/argoproj/argo-cd/v2//usr/local/bin/argocd (gomodules)
      • -
    • quay.io/argoproj/argocd:v2.8.18/kustomize/kustomize/v5//usr/local/bin/kustomize (gomodules)
      • -
    • quay.io/argoproj/argocd:v2.8.18/helm/v3//usr/local/bin/helm (gomodules)
      • -
    • quay.io/argoproj/argocd:v2.8.18/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.9.9/argoproj/argocd/Dockerfile (deb)
      • +
    • quay.io/argoproj/argocd:v2.9.9/argoproj/argo-cd/v2//usr/local/bin/argocd (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.9.9//usr/local/bin/kustomize (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.9.9/helm/v3//usr/local/bin/helm (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.9.9/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)
    36 known vulnerabilities
    -
    170 vulnerable dependency paths
    -
    2120 dependencies
    +
    179 vulnerable dependency paths
    +
    2189 dependencies
    @@ -480,86 +480,6 @@

    Snyk test report

    -
    -

    Allocation of Resources Without Limits or Throttling

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.8.18/argoproj/argo-cd/v2 /usr/local/bin/argocd -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/net/http2 -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and golang.org/x/net/http2@v0.19.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - golang.org/x/net/http2@v0.19.0 - - - -
      • -
    • - Introduced through: - helm.sh/helm/v3@* - - golang.org/x/net/http2@v0.8.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    -

    Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when reading header data from CONTINUATION frames. As part of the HPACK flow, all incoming HEADERS and CONTINUATION frames are read even if their payloads exceed MaxHeaderBytes and will be discarded. An attacker can send excessive data over a connection to render it unresponsive.

    -

    Remediation

    -

    Upgrade golang.org/x/net/http2 to version 0.23.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -

    Denial of Service (DoS)

    @@ -572,7 +492,7 @@

    Denial of Service (DoS)

    • - Manifest file: quay.io/argoproj/argocd:v2.8.18/helm/v3 /usr/local/bin/helm + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argo-cd/v2 /usr/local/bin/argocd
    • Package Manager: golang @@ -580,12 +500,12 @@

      Denial of Service (DoS)

    • Vulnerable module: - golang.org/x/net/http2 + google.golang.org/grpc
    • Introduced through: - helm.sh/helm/v3@* and golang.org/x/net/http2@v0.8.0 + github.com/argoproj/argo-cd/v2@* and google.golang.org/grpc@v1.56.2
    @@ -598,9 +518,9 @@

    Detailed paths

    • Introduced through: - helm.sh/helm/v3@* + github.com/argoproj/argo-cd/v2@* - golang.org/x/net/http2@v0.8.0 + google.golang.org/grpc@v1.56.2 @@ -612,15 +532,14 @@

      Detailed paths

      Overview

      -

      golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

      +

      google.golang.org/grpc is a Go implementation of gRPC

      Affected versions of this package are vulnerable to Denial of Service (DoS) in the implementation of the HTTP/2 protocol. An attacker can cause a denial of service (including via DDoS) by rapidly resetting many streams through request cancellation.

      Remediation

      -

      Upgrade golang.org/x/net/http2 to version 0.17.0 or higher.

      +

      Upgrade google.golang.org/grpc to version 1.56.3, 1.57.1, 1.58.3 or higher.

      References

    -
    -

    Denial of Service (DoS)

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.8.18/argoproj/argo-cd/v2 /usr/local/bin/argocd -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - github.com/go-jose/go-jose/v3 -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/go-jose/go-jose/v3@v3.0.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - github.com/go-jose/go-jose/v3@v3.0.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Denial of Service (DoS) when decrypting JWE inputs. An attacker can cause a denial-of-service by providing a PBES2 encrypted JWE blob with a very large p2c value.

    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    -

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    -

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    -

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    -

    Two common types of DoS vulnerabilities:

    -
      -

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      -
      • -

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      -
      • -
    -

    Remediation

    -

    Upgrade github.com/go-jose/go-jose/v3 to version 3.0.1 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    +

    More about this vulnerability

    -
    -

    Directory Traversal

    +
    +

    CVE-2020-22916

    -
    - high severity +
    + medium severity
    • - Manifest file: quay.io/argoproj/argocd:v2.8.18/helm/v3 /usr/local/bin/helm + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd Dockerfile
    • - Package Manager: golang + Package Manager: ubuntu:22.04
    • Vulnerable module: - github.com/cyphar/filepath-securejoin + xz-utils/liblzma5
    • Introduced through: - helm.sh/helm/v3@* and github.com/cyphar/filepath-securejoin@v0.2.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 and xz-utils/liblzma5@5.2.5-2ubuntu1
    @@ -761,9 +599,9 @@

    Detailed paths

    • Introduced through: - helm.sh/helm/v3@* + docker-image|quay.io/argoproj/argocd@v2.9.9 - github.com/cyphar/filepath-securejoin@v0.2.3 + xz-utils/liblzma5@5.2.5-2ubuntu1 @@ -774,47 +612,33 @@

      Detailed paths

      -

      Overview

      -

      Affected versions of this package are vulnerable to Directory Traversal via the filepath.FromSlash() function, allwoing attackers to generate paths that were outside of the provided rootfs.

      -

      Note: - This vulnerability is only exploitable on Windows OS.

      -

      Details

      -

      A Directory Traversal attack (also known as path traversal) aims to access files and directories that are stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and its variations, or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system, including application source code, configuration, and other critical system files.

      -

      Directory Traversal vulnerabilities can be generally divided into two types:

      -
        -
      • Information Disclosure: Allows the attacker to gain information about the folder structure or read the contents of sensitive files on the system.
        • -
      -

      st is a module for serving static files on web pages, and contains a vulnerability of this type. In our example, we will serve files from the public route.

      -

      If an attacker requests the following URL from our server, it will in turn leak the sensitive private key of the root user.

      - 
      curl http://localhost:8080/public/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/root/.ssh/id_rsa
-
      -

      Note %2e is the URL encoded version of . (dot).

      -
        -
      • Writing arbitrary files: Allows the attacker to create or replace existing files. This type of vulnerability is also known as Zip-Slip.
        • -
      -

      One way to achieve this is by using a malicious zip archive that holds path traversal filenames. When each filename in the zip archive gets concatenated to the target extraction folder, without validation, the final path ends up outside of the target folder. If an executable or a configuration file is overwritten with a file containing malicious code, the problem can turn into an arbitrary code execution issue quite easily.

      -

      The following is an example of a zip archive with one benign file and one malicious file. Extracting the malicious file will result in traversing out of the target folder, ending up in /root/.ssh/ overwriting the authorized_keys file:

      - 
      2018-04-15 22:04:29 .....           19           19  good.txt
-        2018-04-15 22:04:42 .....           20           20  ../../../../../../root/.ssh/authorized_keys
-
      +

      NVD Description

      +

      Note: Versions mentioned in the description apply only to the upstream xz-utils package and not the xz-utils package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      +

      An issue discovered in XZ 5.2.5 allows attackers to cause a denial of service via decompression of a crafted file. NOTE: the vendor disputes the claims of "endless output" and "denial of service" because decompression of the 17,486 bytes always results in 114,881,179 bytes, which is often a reasonable size increase.

      Remediation

      -

      Upgrade github.com/cyphar/filepath-securejoin to version 0.2.4 or higher.

      +

      There is no fixed version for Ubuntu:22.04 xz-utils.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    CVE-2020-22916

    +

    CVE-2023-51767

    @@ -825,7 +649,7 @@

    CVE-2020-22916

    • - Manifest file: quay.io/argoproj/argocd:v2.8.18/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -833,12 +657,12 @@

      CVE-2020-22916

    • Vulnerable module: - xz-utils/liblzma5 + openssh/openssh-client
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 and xz-utils/liblzma5@5.2.5-2ubuntu1 + docker-image|quay.io/argoproj/argocd@v2.9.9 and openssh/openssh-client@1:8.9p1-3ubuntu0.6
    @@ -851,9 +675,9 @@

    Detailed paths

    @@ -901,7 +725,7 @@

    Information Exposure

    • - Manifest file: quay.io/argoproj/argocd:v2.8.18/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -914,7 +738,7 @@

      Information Exposure

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 and libgcrypt20@1.9.4-3ubuntu3 + docker-image|quay.io/argoproj/argocd@v2.9.9 and libgcrypt20@1.9.4-3ubuntu3
    @@ -927,7 +751,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 libgcrypt20@1.9.4-3ubuntu3 @@ -936,7 +760,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -947,7 +771,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -958,11 +782,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 - apt@2.4.12 + apt@2.4.11 - apt/libapt-pkg6.0@2.4.12 + apt/libapt-pkg6.0@2.4.11 libgcrypt20@1.9.4-3ubuntu3 @@ -971,9 +795,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 - apt@2.4.12 + apt@2.4.11 gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -984,7 +808,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -997,7 +821,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -1010,7 +834,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -1023,7 +847,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -1036,7 +860,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -1049,7 +873,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -1062,11 +886,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 - apt@2.4.12 + apt@2.4.11 - apt/libapt-pkg6.0@2.4.12 + apt/libapt-pkg6.0@2.4.11 systemd/libsystemd0@249.11-0ubuntu3.12 @@ -1092,7 +916,6 @@

      References

    • http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-2236
    • https://access.redhat.com/security/cve/CVE-2024-2236
    • https://bugzilla.redhat.com/show_bug.cgi?id=2268268
      • -
    • https://bugzilla.redhat.com/show_bug.cgi?id=2245218
    @@ -1114,7 +937,7 @@

    CVE-2024-26461

    • - Manifest file: quay.io/argoproj/argocd:v2.8.18/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -1127,7 +950,7 @@

      CVE-2024-26461

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 and krb5/libk5crypto3@1.19.2-2ubuntu0.3
    @@ -1140,7 +963,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 krb5/libk5crypto3@1.19.2-2ubuntu0.3 @@ -1149,7 +972,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 adduser@3.118ubuntu5 @@ -1170,7 +993,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 adduser@3.118ubuntu5 @@ -1193,7 +1016,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 krb5/libkrb5-3@1.19.2-2ubuntu0.3 @@ -1202,7 +1025,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 adduser@3.118ubuntu5 @@ -1223,7 +1046,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1232,9 +1055,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 - openssh/openssh-client@1:8.9p1-3ubuntu0.7 + openssh/openssh-client@1:8.9p1-3ubuntu0.6 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1243,11 +1066,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1256,11 +1079,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 @@ -1271,7 +1094,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 adduser@3.118ubuntu5 @@ -1290,7 +1113,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 krb5/libkrb5support0@1.19.2-2ubuntu0.3 @@ -1334,7 +1157,7 @@

      CVE-2024-26462

      • - Manifest file: quay.io/argoproj/argocd:v2.8.18/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd Dockerfile
      • Package Manager: ubuntu:22.04 @@ -1347,7 +1170,7 @@

        CVE-2024-26462

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 and krb5/libk5crypto3@1.19.2-2ubuntu0.3
      @@ -1360,7 +1183,7 @@

      Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 krb5/libk5crypto3@1.19.2-2ubuntu0.3 @@ -1369,7 +1192,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 adduser@3.118ubuntu5 @@ -1390,7 +1213,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 adduser@3.118ubuntu5 @@ -1413,7 +1236,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 krb5/libkrb5-3@1.19.2-2ubuntu0.3 @@ -1422,7 +1245,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 adduser@3.118ubuntu5 @@ -1443,7 +1266,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1452,9 +1275,9 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 - openssh/openssh-client@1:8.9p1-3ubuntu0.7 + openssh/openssh-client@1:8.9p1-3ubuntu0.6 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1463,11 +1286,11 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1476,11 +1299,11 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 @@ -1491,7 +1314,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 adduser@3.118ubuntu5 @@ -1510,7 +1333,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 krb5/libkrb5support0@1.19.2-2ubuntu0.3 @@ -1554,7 +1377,7 @@

        CVE-2024-26458

        • - Manifest file: quay.io/argoproj/argocd:v2.8.18/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd Dockerfile
        • Package Manager: ubuntu:22.04 @@ -1567,7 +1390,7 @@

          CVE-2024-26458

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 and krb5/libk5crypto3@1.19.2-2ubuntu0.3
        @@ -1580,7 +1403,7 @@

        Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 krb5/libk5crypto3@1.19.2-2ubuntu0.3 @@ -1589,7 +1412,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 adduser@3.118ubuntu5 @@ -1610,7 +1433,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 adduser@3.118ubuntu5 @@ -1633,7 +1456,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 krb5/libkrb5-3@1.19.2-2ubuntu0.3 @@ -1642,7 +1465,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 adduser@3.118ubuntu5 @@ -1663,7 +1486,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1672,9 +1495,9 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 - openssh/openssh-client@1:8.9p1-3ubuntu0.7 + openssh/openssh-client@1:8.9p1-3ubuntu0.6 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1683,11 +1506,11 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1696,11 +1519,11 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 @@ -1711,7 +1534,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 adduser@3.118ubuntu5 @@ -1730,7 +1553,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 krb5/libkrb5support0@1.19.2-2ubuntu0.3 @@ -1774,7 +1597,7 @@

          LGPL-3.0 license

          • - Manifest file: quay.io/argoproj/argocd:v2.8.18/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argo-cd/v2 /usr/local/bin/argocd
          • Package Manager: golang @@ -1834,7 +1657,7 @@

            Infinite loop

            • - Manifest file: quay.io/argoproj/argocd:v2.8.18/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argo-cd/v2 /usr/local/bin/argocd
            • Package Manager: golang @@ -1905,7 +1728,7 @@

              Stack-based Buffer Overflow

              • - Manifest file: quay.io/argoproj/argocd:v2.8.18/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argo-cd/v2 /usr/local/bin/argocd
              • Package Manager: golang @@ -1973,7 +1796,7 @@

                Infinite loop

                • - Manifest file: quay.io/argoproj/argocd:v2.8.18/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argo-cd/v2 /usr/local/bin/argocd
                • Package Manager: golang @@ -2033,7 +1856,7 @@

                  References

    -

    Allocation of Resources Without Limits or Throttling

    +

    Authentication Bypass by Capture-replay

    @@ -2044,7 +1867,7 @@

    Allocation of Resources Without Limits or Throttling

  • - Manifest file: quay.io/argoproj/argocd:v2.8.18/helm/v3 /usr/local/bin/helm + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argo-cd/v2 /usr/local/bin/argocd
  • Package Manager: golang @@ -2052,12 +1875,12 @@

    Allocation of Resources Without Limits or Throttling

    Vulnerable module: - golang.org/x/net/http2 + golang.org/x/crypto/ssh
  • Introduced through: - helm.sh/helm/v3@* and golang.org/x/net/http2@v0.8.0 + github.com/argoproj/argo-cd/v2@* and golang.org/x/crypto/ssh@v0.16.0
    • @@ -2070,9 +1893,9 @@

    Detailed paths

    • Introduced through: - helm.sh/helm/v3@* + github.com/argoproj/argo-cd/v2@* - golang.org/x/net/http2@v0.8.0 + golang.org/x/crypto/ssh@v0.16.0 @@ -2084,28 +1907,49 @@

      Detailed paths

      Overview

      -

      golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

      -

      Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when MaxConcurrentStreams handler goroutines running. A a handler is started until one of the existing handlers exits.

      +

      golang.org/x/crypto/ssh is a SSH client and server

      +

      Affected versions of this package are vulnerable to Authentication Bypass by Capture-replay during the establishment of the secure channel. An attacker can manipulate handshake sequence numbers to delete messages sent immediately after the channel is established.

      Note:

      -

      This issue is related to CVE-2023-44487

      +
        +

      1. Sequence numbers are only validated once the channel is established and arbitrary messages are allowed during the handshake, allowing them to manipulate the sequence numbers.

        +
        2. +

      2. The potential consequences of the general Terrapin attack are dependent on the messages exchanged after the handshake concludes. If you are using a custom SSH service and do not resort to the authentication protocol, you should check that dropping the first few messages of a connection does not yield security risks.

        +
        3. +
      +

      Impact:

      +

      While cryptographically novel, there is no discernable impact on the integrity of SSH traffic beyond giving the attacker the ability to delete the message that enables some features related to keystroke timing obfuscation. To successfully carry out the exploitation, the connection needs to be protected using either the ChaCha20-Poly1305 or CBC with Encrypt-then-MAC encryption methods. The attacker must also be able to intercept and modify the connection's traffic.

      +

      Workaround

      +

      Temporarily disable the affected chacha20-poly1305@openssh.com encryption and *-etm@openssh.com MAC algorithms in the affected configuration, and use unaffected algorithms like AES-GCM instead.

      Remediation

      -

      Upgrade golang.org/x/net/http2 to version 0.17.0 or higher.

      +

      Upgrade golang.org/x/crypto/ssh to version 0.17.0 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    Authentication Bypass by Capture-replay

    +

    Information Exposure

    @@ -2116,20 +1960,20 @@

    Authentication Bypass by Capture-replay

    • - Manifest file: quay.io/argoproj/argocd:v2.8.18/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd Dockerfile
    • - Package Manager: golang + Package Manager: ubuntu:22.04
    • Vulnerable module: - golang.org/x/crypto/ssh + gnutls28/libgnutls30
    • Introduced through: - github.com/argoproj/argo-cd/v2@* and golang.org/x/crypto/ssh@v0.16.0 + docker-image|quay.io/argoproj/argocd@v2.9.9 and gnutls28/libgnutls30@3.7.3-4ubuntu1.4
    @@ -2142,9 +1986,74 @@

    Detailed paths

    • Introduced through: - github.com/argoproj/argo-cd/v2@* + docker-image|quay.io/argoproj/argocd@v2.9.9 - golang.org/x/crypto/ssh@v0.16.0 + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.9 + + apt@2.4.11 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.9 + + gnupg2/dirmngr@2.2.27-3ubuntu2.1 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.9 + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.9 + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + openldap/libldap-2.5-0@2.5.17+dfsg-0ubuntu0.22.04.1 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.9 + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build4 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 @@ -2155,50 +2064,162 @@

      Detailed paths

      -

      Overview

      -

      golang.org/x/crypto/ssh is a SSH client and server

      -

      Affected versions of this package are vulnerable to Authentication Bypass by Capture-replay during the establishment of the secure channel. An attacker can manipulate handshake sequence numbers to delete messages sent immediately after the channel is established.

      -

      Note:

      -
        -

      1. Sequence numbers are only validated once the channel is established and arbitrary messages are allowed during the handshake, allowing them to manipulate the sequence numbers.

        -
        2. -

      2. The potential consequences of the general Terrapin attack are dependent on the messages exchanged after the handshake concludes. If you are using a custom SSH service and do not resort to the authentication protocol, you should check that dropping the first few messages of a connection does not yield security risks.

        -
        3. -
      -

      Impact:

      -

      While cryptographically novel, there is no discernable impact on the integrity of SSH traffic beyond giving the attacker the ability to delete the message that enables some features related to keystroke timing obfuscation. To successfully carry out the exploitation, the connection needs to be protected using either the ChaCha20-Poly1305 or CBC with Encrypt-then-MAC encryption methods. The attacker must also be able to intercept and modify the connection's traffic.

      -

      Workaround

      -

      Temporarily disable the affected chacha20-poly1305@openssh.com encryption and *-etm@openssh.com MAC algorithms in the affected configuration, and use unaffected algorithms like AES-GCM instead.

      +

      NVD Description

      +

      Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      +

      A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.

      Remediation

      -

      Upgrade golang.org/x/crypto/ssh to version 0.17.0 or higher.

      +

      There is no fixed version for Ubuntu:22.04 gnutls28.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

      +
      + +
    +
    +

    Uncaught Exception

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + gnutls28/libgnutls30 +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.9.9 and gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.9 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.9 + + apt@2.4.11 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.9 + + gnupg2/dirmngr@2.2.27-3ubuntu2.1 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.9 + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.9 + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + openldap/libldap-2.5-0@2.5.17+dfsg-0ubuntu0.22.04.1 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.9 + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build4 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 gnutls28.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    @@ -2214,7 +2235,7 @@

    MPL-2.0 license

    • - Manifest file: quay.io/argoproj/argocd:v2.8.18/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argo-cd/v2 /usr/local/bin/argocd
    • Package Manager: golang @@ -2274,7 +2295,7 @@

      MPL-2.0 license

      • - Manifest file: quay.io/argoproj/argocd:v2.8.18/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argo-cd/v2 /usr/local/bin/argocd
      • Package Manager: golang @@ -2334,7 +2355,7 @@

        MPL-2.0 license

        • - Manifest file: quay.io/argoproj/argocd:v2.8.18/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argo-cd/v2 /usr/local/bin/argocd
        • Package Manager: golang @@ -2394,7 +2415,7 @@

          MPL-2.0 license

          • - Manifest file: quay.io/argoproj/argocd:v2.8.18/helm/v3 /usr/local/bin/helm + Manifest file: quay.io/argoproj/argocd:v2.9.9/helm/v3 /usr/local/bin/helm
          • Package Manager: golang @@ -2454,7 +2475,7 @@

            MPL-2.0 license

            • - Manifest file: quay.io/argoproj/argocd:v2.8.18/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argo-cd/v2 /usr/local/bin/argocd
            • Package Manager: golang @@ -2514,7 +2535,7 @@

              MPL-2.0 license

              • - Manifest file: quay.io/argoproj/argocd:v2.8.18/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argo-cd/v2 /usr/local/bin/argocd
              • Package Manager: golang @@ -2574,7 +2595,7 @@

                Improper Handling of Highly Compressed Data (Data Amplif
                • - Manifest file: quay.io/argoproj/argocd:v2.8.18/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argo-cd/v2 /usr/local/bin/argocd
                • Package Manager: golang @@ -2587,7 +2608,7 @@

                  Improper Handling of Highly Compressed Data (Data Amplif
                • Introduced through: - github.com/argoproj/argo-cd/v2@* and github.com/go-jose/go-jose/v3@v3.0.0 + github.com/argoproj/argo-cd/v2@* and github.com/go-jose/go-jose/v3@v3.0.1

                @@ -2602,7 +2623,7 @@

                Detailed paths

                Introduced through: github.com/argoproj/argo-cd/v2@* - github.com/go-jose/go-jose/v3@v3.0.0 + github.com/go-jose/go-jose/v3@v3.0.1 @@ -2630,6 +2651,76 @@

                References

                More about this vulnerability

    +
    +
    +

    Out-of-bounds Write

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + bash +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.9.9 and bash@5.1-6ubuntu1 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.9 + + bash@5.1-6ubuntu1 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream bash package and not the bash package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_transform. This issue may lead to memory problems.

    +

    Remediation

    +

    Upgrade Ubuntu:22.04 bash to version 5.1-6ubuntu1.1 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    CVE-2023-7008

    @@ -2643,7 +2734,7 @@

    CVE-2023-7008

    • - Manifest file: quay.io/argoproj/argocd:v2.8.18/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -2656,7 +2747,7 @@

      CVE-2023-7008

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 and systemd/libsystemd0@249.11-0ubuntu3.12 + docker-image|quay.io/argoproj/argocd@v2.9.9 and systemd/libsystemd0@249.11-0ubuntu3.12
    @@ -2669,7 +2760,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 systemd/libsystemd0@249.11-0ubuntu3.12 @@ -2678,9 +2769,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 - apt@2.4.12 + apt@2.4.11 systemd/libsystemd0@249.11-0ubuntu3.12 @@ -2689,7 +2780,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 procps/libprocps8@2:3.3.17-6ubuntu2.1 @@ -2700,9 +2791,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 - util-linux@2.37.2-4ubuntu3.4 + util-linux@2.37.2-4ubuntu3 systemd/libsystemd0@249.11-0ubuntu3.12 @@ -2711,9 +2802,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 - util-linux/bsdutils@1:2.37.2-4ubuntu3.4 + util-linux/bsdutils@1:2.37.2-4ubuntu3 systemd/libsystemd0@249.11-0ubuntu3.12 @@ -2722,11 +2813,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 - apt@2.4.12 + apt@2.4.11 - apt/libapt-pkg6.0@2.4.12 + apt/libapt-pkg6.0@2.4.11 systemd/libsystemd0@249.11-0ubuntu3.12 @@ -2735,7 +2826,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 systemd/libudev1@249.11-0ubuntu3.12 @@ -2744,7 +2835,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 libfido2/libfido2-1@1.10.0-1 @@ -2755,9 +2846,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 - util-linux@2.37.2-4ubuntu3.4 + util-linux@2.37.2-4ubuntu3 systemd/libudev1@249.11-0ubuntu3.12 @@ -2766,11 +2857,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 - apt@2.4.12 + apt@2.4.11 - apt/libapt-pkg6.0@2.4.12 + apt/libapt-pkg6.0@2.4.11 systemd/libudev1@249.11-0ubuntu3.12 @@ -2798,7 +2889,6 @@

      References

    • https://github.com/systemd/systemd/issues/25676
    • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QHNBXGKJWISJETTTDTZKTBFIBJUOSLKL/
    • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4GMDEG5PKONWNHOEYSUDRT6JEOISRMN2/
      • -
    • https://access.redhat.com/errata/RHSA-2024:2463
    @@ -2820,7 +2910,7 @@

    Arbitrary Code Injection

    • - Manifest file: quay.io/argoproj/argocd:v2.8.18/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -2833,7 +2923,7 @@

      Arbitrary Code Injection

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 and shadow/passwd@1:4.8.1-2ubuntu2.2 + docker-image|quay.io/argoproj/argocd@v2.9.9 and shadow/passwd@1:4.8.1-2ubuntu2.2
    @@ -2846,7 +2936,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 shadow/passwd@1:4.8.1-2ubuntu2.2 @@ -2855,7 +2945,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 adduser@3.118ubuntu5 @@ -2866,9 +2956,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 - openssh/openssh-client@1:8.9p1-3ubuntu0.7 + openssh/openssh-client@1:8.9p1-3ubuntu0.6 shadow/passwd@1:4.8.1-2ubuntu2.2 @@ -2877,7 +2967,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 shadow/login@1:4.8.1-2ubuntu2.2 @@ -2924,7 +3014,7 @@

      Uncontrolled Recursion

      • - Manifest file: quay.io/argoproj/argocd:v2.8.18/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd Dockerfile
      • Package Manager: ubuntu:22.04 @@ -2937,7 +3027,7 @@

        Uncontrolled Recursion

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 + docker-image|quay.io/argoproj/argocd@v2.9.9 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1
      @@ -2950,7 +3040,7 @@

      Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 @@ -2959,7 +3049,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 grep@3.7-1build1 @@ -2982,15 +3072,15 @@

        Remediation

        There is no fixed version for Ubuntu:22.04 pcre3.

        References

        @@ -3012,7 +3102,7 @@

        Release of Invalid Pointer or Reference

        • - Manifest file: quay.io/argoproj/argocd:v2.8.18/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd Dockerfile
        • Package Manager: ubuntu:22.04 @@ -3025,7 +3115,7 @@

          Release of Invalid Pointer or Reference

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 and patch@2.7.6-7build2 + docker-image|quay.io/argoproj/argocd@v2.9.9 and patch@2.7.6-7build2
        @@ -3038,7 +3128,7 @@

        Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 patch@2.7.6-7build2 @@ -3082,7 +3172,7 @@

          Double Free

          • - Manifest file: quay.io/argoproj/argocd:v2.8.18/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd Dockerfile
          • Package Manager: ubuntu:22.04 @@ -3095,7 +3185,7 @@

            Double Free

          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 and patch@2.7.6-7build2 + docker-image|quay.io/argoproj/argocd@v2.9.9 and patch@2.7.6-7build2
          @@ -3108,7 +3198,7 @@

          Detailed paths

          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 patch@2.7.6-7build2 @@ -3129,13 +3219,13 @@

            Remediation

            There is no fixed version for Ubuntu:22.04 patch.

            References

            @@ -3157,7 +3247,7 @@

            CVE-2023-50495

            • - Manifest file: quay.io/argoproj/argocd:v2.8.18/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd Dockerfile
            • Package Manager: ubuntu:22.04 @@ -3170,7 +3260,7 @@

              CVE-2023-50495

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 and ncurses/libtinfo6@6.3-2ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.9.9 and ncurses/libtinfo6@6.3-2ubuntu0.1
            @@ -3183,7 +3273,7 @@

            Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -3192,9 +3282,9 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 - bash@5.1-6ubuntu1.1 + bash@5.1-6ubuntu1 ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -3203,7 +3293,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 ncurses/libncursesw6@6.3-2ubuntu0.1 @@ -3214,9 +3304,9 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 - less@590-1ubuntu0.22.04.3 + less@590-1ubuntu0.22.04.2 ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -3225,7 +3315,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 libedit/libedit2@3.1-20210910-1build1 @@ -3236,7 +3326,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 ncurses/libncurses6@6.3-2ubuntu0.1 @@ -3247,7 +3337,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 ncurses/ncurses-bin@6.3-2ubuntu0.1 @@ -3258,7 +3348,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 procps@2:3.3.17-6ubuntu2.1 @@ -3269,9 +3359,9 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 - util-linux@2.37.2-4ubuntu3.4 + util-linux@2.37.2-4ubuntu3 ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -3280,7 +3370,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -3295,7 +3385,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3310,7 +3400,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 ncurses/libncursesw6@6.3-2ubuntu0.1 @@ -3319,7 +3409,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 procps@2:3.3.17-6ubuntu2.1 @@ -3330,7 +3420,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3345,7 +3435,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 ncurses/libncurses6@6.3-2ubuntu0.1 @@ -3354,7 +3444,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 procps@2:3.3.17-6ubuntu2.1 @@ -3365,7 +3455,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 ncurses/ncurses-base@6.3-2ubuntu0.1 @@ -3374,7 +3464,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 ncurses/ncurses-bin@6.3-2ubuntu0.1 @@ -3421,7 +3511,7 @@

              CVE-2023-45918

              • - Manifest file: quay.io/argoproj/argocd:v2.8.18/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd Dockerfile
              • Package Manager: ubuntu:22.04 @@ -3434,7 +3524,7 @@

                CVE-2023-45918

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 and ncurses/libtinfo6@6.3-2ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.9.9 and ncurses/libtinfo6@6.3-2ubuntu0.1
              @@ -3447,7 +3537,7 @@

              Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -3456,9 +3546,9 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 - bash@5.1-6ubuntu1.1 + bash@5.1-6ubuntu1 ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -3467,7 +3557,7 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 ncurses/libncursesw6@6.3-2ubuntu0.1 @@ -3478,9 +3568,9 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 - less@590-1ubuntu0.22.04.3 + less@590-1ubuntu0.22.04.2 ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -3489,7 +3579,7 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 libedit/libedit2@3.1-20210910-1build1 @@ -3500,7 +3590,7 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 ncurses/libncurses6@6.3-2ubuntu0.1 @@ -3511,7 +3601,7 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 ncurses/ncurses-bin@6.3-2ubuntu0.1 @@ -3522,7 +3612,7 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 procps@2:3.3.17-6ubuntu2.1 @@ -3533,9 +3623,9 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 - util-linux@2.37.2-4ubuntu3.4 + util-linux@2.37.2-4ubuntu3 ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -3544,7 +3634,7 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -3559,7 +3649,7 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3574,7 +3664,7 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 ncurses/libncursesw6@6.3-2ubuntu0.1 @@ -3583,7 +3673,7 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 procps@2:3.3.17-6ubuntu2.1 @@ -3594,7 +3684,7 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3609,7 +3699,7 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 ncurses/libncurses6@6.3-2ubuntu0.1 @@ -3618,7 +3708,7 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 procps@2:3.3.17-6ubuntu2.1 @@ -3629,7 +3719,7 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 ncurses/ncurses-base@6.3-2ubuntu0.1 @@ -3638,7 +3728,7 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 ncurses/ncurses-bin@6.3-2ubuntu0.1 @@ -3683,7 +3773,7 @@

                Resource Exhaustion

                • - Manifest file: quay.io/argoproj/argocd:v2.8.18/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd Dockerfile
                • Package Manager: ubuntu:22.04 @@ -3696,7 +3786,7 @@

                  Resource Exhaustion

                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 and libzstd/libzstd1@1.4.8+dfsg-3build1 + docker-image|quay.io/argoproj/argocd@v2.9.9 and libzstd/libzstd1@1.4.8+dfsg-3build1
                @@ -3709,7 +3799,7 @@

                Detailed paths

                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 libzstd/libzstd1@1.4.8+dfsg-3build1 @@ -3730,15 +3820,15 @@

                  Remediation

                  There is no fixed version for Ubuntu:22.04 libzstd.

                  References

                  @@ -3760,7 +3850,7 @@

                  Integer Overflow or Wraparound

                  • - Manifest file: quay.io/argoproj/argocd:v2.8.18/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd Dockerfile
                  • Package Manager: ubuntu:22.04 @@ -3773,7 +3863,7 @@

                    Integer Overflow or Wraparound

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 and krb5/libk5crypto3@1.19.2-2ubuntu0.3
                  @@ -3786,7 +3876,7 @@

                  Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 krb5/libk5crypto3@1.19.2-2ubuntu0.3 @@ -3795,7 +3885,7 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 adduser@3.118ubuntu5 @@ -3816,7 +3906,7 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 adduser@3.118ubuntu5 @@ -3839,7 +3929,7 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 krb5/libkrb5-3@1.19.2-2ubuntu0.3 @@ -3848,7 +3938,7 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 adduser@3.118ubuntu5 @@ -3869,7 +3959,7 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -3878,9 +3968,9 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 - openssh/openssh-client@1:8.9p1-3ubuntu0.7 + openssh/openssh-client@1:8.9p1-3ubuntu0.6 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -3889,11 +3979,11 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -3902,11 +3992,11 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 @@ -3917,7 +4007,7 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 adduser@3.118ubuntu5 @@ -3936,7 +4026,7 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 krb5/libkrb5support0@1.19.2-2ubuntu0.3 @@ -3984,7 +4074,7 @@

                    Out-of-bounds Write

                    • - Manifest file: quay.io/argoproj/argocd:v2.8.18/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd Dockerfile
                    • Package Manager: ubuntu:22.04 @@ -3997,7 +4087,7 @@

                      Out-of-bounds Write

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 and gnupg2/gpgv@2.2.27-3ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.9.9 and gnupg2/gpgv@2.2.27-3ubuntu2.1
                    @@ -4010,7 +4100,7 @@

                    Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -4019,9 +4109,9 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 - apt@2.4.12 + apt@2.4.11 gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -4030,7 +4120,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4041,7 +4131,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -4052,7 +4142,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -4063,7 +4153,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4076,7 +4166,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4089,7 +4179,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -4098,7 +4188,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4109,7 +4199,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4122,7 +4212,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1 @@ -4131,7 +4221,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4142,7 +4232,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 @@ -4151,7 +4241,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4162,7 +4252,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -4171,7 +4261,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4182,7 +4272,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4195,7 +4285,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4208,7 +4298,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gpg-agent@2.2.27-3ubuntu2.1 @@ -4217,7 +4307,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4228,7 +4318,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4241,7 +4331,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4254,7 +4344,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 @@ -4263,7 +4353,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4274,7 +4364,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 @@ -4283,7 +4373,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4294,7 +4384,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gpgsm@2.2.27-3ubuntu2.1 @@ -4303,7 +4393,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4314,7 +4404,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4335,13 +4425,13 @@

                      Remediation

                      There is no fixed version for Ubuntu:22.04 gnupg2.

                      References

                      @@ -4363,7 +4453,7 @@

                      Allocation of Resources Without Limits or Throttling

                    • - Manifest file: quay.io/argoproj/argocd:v2.8.18/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd Dockerfile
                    • Package Manager: ubuntu:22.04 @@ -4376,7 +4466,7 @@

                      Allocation of Resources Without Limits or Throttling

                      Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 and glibc/libc-bin@2.35-0ubuntu3.7 + docker-image|quay.io/argoproj/argocd@v2.9.9 and glibc/libc-bin@2.35-0ubuntu3.6
                    @@ -4389,18 +4479,18 @@

                    Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 - glibc/libc-bin@2.35-0ubuntu3.7 + glibc/libc-bin@2.35-0ubuntu3.6
                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 - glibc/libc6@2.35-0ubuntu3.7 + glibc/libc6@2.35-0ubuntu3.6 @@ -4419,10 +4509,10 @@

                      Remediation

                      There is no fixed version for Ubuntu:22.04 glibc.

                      References

                      @@ -4444,7 +4534,7 @@

                      Improper Input Validation

                      • - Manifest file: quay.io/argoproj/argocd:v2.8.18/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd Dockerfile
                      • Package Manager: ubuntu:22.04 @@ -4458,7 +4548,7 @@

                        Improper Input Validation

                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18, git@1:2.34.1-1ubuntu1.10 and others + docker-image|quay.io/argoproj/argocd@v2.9.9, git@1:2.34.1-1ubuntu1.10 and others
                      @@ -4470,7 +4560,7 @@

                      Detailed paths

                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 git@1:2.34.1-1ubuntu1.10 @@ -4481,7 +4571,7 @@

                        Detailed paths

                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 git@1:2.34.1-1ubuntu1.10 @@ -4490,7 +4580,7 @@

                        Detailed paths

                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 git-lfs@3.0.2-1ubuntu0.2 @@ -4513,8 +4603,8 @@

                        Remediation

                        There is no fixed version for Ubuntu:22.04 git.

                        References

                        @@ -4537,7 +4627,7 @@

                        Uncontrolled Recursion

                        • - Manifest file: quay.io/argoproj/argocd:v2.8.18/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd Dockerfile
                        • Package Manager: ubuntu:22.04 @@ -4550,7 +4640,7 @@

                          Uncontrolled Recursion

                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 and gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 + docker-image|quay.io/argoproj/argocd@v2.9.9 and gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04
                        @@ -4563,7 +4653,7 @@

                        Detailed paths

                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 @@ -4572,9 +4662,9 @@

                          Detailed paths

                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 - apt@2.4.12 + apt@2.4.11 gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 @@ -4583,11 +4673,11 @@

                          Detailed paths

                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 - apt@2.4.12 + apt@2.4.11 - apt/libapt-pkg6.0@2.4.12 + apt/libapt-pkg6.0@2.4.11 gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 @@ -4596,7 +4686,7 @@

                          Detailed paths

                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gcc-12/gcc-12-base@12.3.0-1ubuntu1~22.04 @@ -4605,7 +4695,7 @@

                          Detailed paths

                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gcc-12/libgcc-s1@12.3.0-1ubuntu1~22.04 @@ -4652,7 +4742,7 @@

                          Improper Input Validation

                          • - Manifest file: quay.io/argoproj/argocd:v2.8.18/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd Dockerfile
                          • Package Manager: ubuntu:22.04 @@ -4665,7 +4755,7 @@

                            Improper Input Validation

                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 and coreutils@8.32-4.1ubuntu1.2 + docker-image|quay.io/argoproj/argocd@v2.9.9 and coreutils@8.32-4.1ubuntu1.1
                          @@ -4678,9 +4768,9 @@

                          Detailed paths

                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 - coreutils@8.32-4.1ubuntu1.2 + coreutils@8.32-4.1ubuntu1.1 @@ -4699,12 +4789,12 @@

                            Remediation

                            There is no fixed version for Ubuntu:22.04 coreutils.

                            References

                            diff --git a/docs/snyk/v2.9.9/redis_7.0.11-alpine.html b/docs/snyk/v2.9.9/redis_7.0.11-alpine.html new file mode 100644 index 0000000000000..55538b9b23982 --- /dev/null +++ b/docs/snyk/v2.9.9/redis_7.0.11-alpine.html @@ -0,0 +1,2032 @@ + + + + + + + + + Snyk test report + + + + + + + + + +
                            +
                            +
                            +
                            + + + Snyk - Open Source Security + + + + + + + +
                            +

                            Snyk test report

                            + +

                            March 24th 2024, 12:18:14 am (UTC+00:00)

                            +
                            +
                            + Scanned the following path: +
                              +
                            • redis:7.0.11-alpine (apk)
                              • +
                            +
                            + +
                            +
                            9 known vulnerabilities
                            +
                            77 vulnerable dependency paths
                            +
                            18 dependencies
                            +
                            +
                            +
                            +
                            +
                            + + + + + + + +
                            Project docker-image|redis
                            Path redis:7.0.11-alpine
                            Package Manager apk
                            +
                            +
                            +
                            +
                            +

                            Out-of-bounds Write

                            +
                            + +
                            + critical severity +
                            + +
                            + +
                              +
                            • + Package Manager: alpine:3.18 +
                              • +
                            • + Vulnerable module: + + busybox/busybox +
                              • + +
                            • Introduced through: + + docker-image|redis@7.0.11-alpine and busybox/busybox@1.36.1-r0 + +
                              • +
                            + +
                            + + +

                            Detailed paths

                            + +
                              +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/busybox@1.36.1-r0 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + alpine-baselayout/alpine-baselayout@3.4.3-r1 + + busybox/busybox-binsh@1.36.1-r0 + + busybox/busybox@1.36.1-r0 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/busybox-binsh@1.36.1-r0 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + alpine-baselayout/alpine-baselayout@3.4.3-r1 + + busybox/busybox-binsh@1.36.1-r0 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + + +
                              • +
                            + +
                            + +
                            + +

                            NVD Description

                            +

                            Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

                            +

                            There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution.

                            +

                            Remediation

                            +

                            Upgrade Alpine:3.18 busybox to version 1.36.1-r1 or higher.

                            +

                            References

                            + + +
                            + +
                            +

                            More about this vulnerability

                            +
                            + +
                            +
                            +

                            CVE-2023-5363

                            +
                            + +
                            + high severity +
                            + +
                            + +
                              +
                            • + Package Manager: alpine:3.18 +
                              • +
                            • + Vulnerable module: + + openssl/libcrypto3 +
                              • + +
                            • Introduced through: + + docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 + +
                              • +
                            + +
                            + + +

                            Detailed paths

                            + +
                              +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libssl3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 + + + +
                              • +
                            + +
                            + +
                            + +

                            NVD Description

                            +

                            Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

                            +

                            Issue summary: A bug has been identified in the processing of key and + initialisation vector (IV) lengths. This can lead to potential truncation + or overruns during the initialisation of some symmetric ciphers.

                            +

                            Impact summary: A truncation in the IV can result in non-uniqueness, + which could result in loss of confidentiality for some cipher modes.

                            +

                            When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or + EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after + the key and IV have been established. Any alterations to the key length, + via the "keylen" parameter or the IV length, via the "ivlen" parameter, + within the OSSL_PARAM array will not take effect as intended, potentially + causing truncation or overreading of these values. The following ciphers + and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.

                            +

                            For the CCM, GCM and OCB cipher modes, truncation of the IV can result in + loss of confidentiality. For example, when following NIST's SP 800-38D + section 8.2.1 guidance for constructing a deterministic IV for AES in + GCM mode, truncation of the counter portion could lead to IV reuse.

                            +

                            Both truncations and overruns of the key and overruns of the IV will + produce incorrect results and could, in some cases, trigger a memory + exception. However, these issues are not currently assessed as security + critical.

                            +

                            Changing the key and/or IV lengths is not considered to be a common operation + and the vulnerable API was recently introduced. Furthermore it is likely that + application developers will have spotted this problem during testing since + decryption would fail unless both peers in the communication were similarly + vulnerable. For these reasons we expect the probability of an application being + vulnerable to this to be quite low. However if an application is vulnerable then + this issue is considered very serious. For these reasons we have assessed this + issue as Moderate severity overall.

                            +

                            The OpenSSL SSL/TLS implementation is not affected by this issue.

                            +

                            The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because + the issue lies outside of the FIPS provider boundary.

                            +

                            OpenSSL 3.1 and 3.0 are vulnerable to this issue.

                            +

                            Remediation

                            +

                            Upgrade Alpine:3.18 openssl to version 3.1.4-r0 or higher.

                            +

                            References

                            + + +
                            + +
                            +

                            More about this vulnerability

                            +
                            + +
                            +
                            +

                            Improper Authentication

                            +
                            + +
                            + medium severity +
                            + +
                            + +
                              +
                            • + Package Manager: alpine:3.18 +
                              • +
                            • + Vulnerable module: + + openssl/libcrypto3 +
                              • + +
                            • Introduced through: + + docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 + +
                              • +
                            + +
                            + + +

                            Detailed paths

                            + +
                              +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libssl3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 + + + +
                              • +
                            + +
                            + +
                            + +

                            NVD Description

                            +

                            Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

                            +

                            Issue summary: The AES-SIV cipher implementation contains a bug that causes + it to ignore empty associated data entries which are unauthenticated as + a consequence.

                            +

                            Impact summary: Applications that use the AES-SIV algorithm and want to + authenticate empty data entries as associated data can be mislead by removing + adding or reordering such empty entries as these are ignored by the OpenSSL + implementation. We are currently unaware of any such applications.

                            +

                            The AES-SIV algorithm allows for authentication of multiple associated + data entries along with the encryption. To authenticate empty data the + application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with + NULL pointer as the output buffer and 0 as the input buffer length. + The AES-SIV implementation in OpenSSL just returns success for such a call + instead of performing the associated data authentication operation. + The empty data thus will not be authenticated.

                            +

                            As this issue does not affect non-empty associated data authentication and + we expect it to be rare for an application to use empty associated data + entries this is qualified as Low severity issue.

                            +

                            Remediation

                            +

                            Upgrade Alpine:3.18 openssl to version 3.1.1-r2 or higher.

                            +

                            References

                            + + +
                            + +
                            +

                            More about this vulnerability

                            +
                            + +
                            +
                            +

                            Inefficient Regular Expression Complexity

                            +
                            + +
                            + medium severity +
                            + +
                            + +
                              +
                            • + Package Manager: alpine:3.18 +
                              • +
                            • + Vulnerable module: + + openssl/libcrypto3 +
                              • + +
                            • Introduced through: + + docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 + +
                              • +
                            + +
                            + + +

                            Detailed paths

                            + +
                              +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libssl3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 + + + +
                              • +
                            + +
                            + +
                            + +

                            NVD Description

                            +

                            Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

                            +

                            Issue summary: Checking excessively long DH keys or parameters may be very slow.

                            +

                            Impact summary: Applications that use the functions DH_check(), DH_check_ex() + or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long + delays. Where the key or parameters that are being checked have been obtained + from an untrusted source this may lead to a Denial of Service.

                            +

                            The function DH_check() performs various checks on DH parameters. One of those + checks confirms that the modulus ('p' parameter) is not too large. Trying to use + a very large modulus is slow and OpenSSL will not normally use a modulus which + is over 10,000 bits in length.

                            +

                            However the DH_check() function checks numerous aspects of the key or parameters + that have been supplied. Some of those checks use the supplied modulus value + even if it has already been found to be too large.

                            +

                            An application that calls DH_check() and supplies a key or parameters obtained + from an untrusted source could be vulernable to a Denial of Service attack.

                            +

                            The function DH_check() is itself called by a number of other OpenSSL functions. + An application calling any of those other functions may similarly be affected. + The other functions affected by this are DH_check_ex() and + EVP_PKEY_param_check().

                            +

                            Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications + when using the '-check' option.

                            +

                            The OpenSSL SSL/TLS implementation is not affected by this issue. + The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

                            +

                            Remediation

                            +

                            Upgrade Alpine:3.18 openssl to version 3.1.1-r3 or higher.

                            +

                            References

                            + + +
                            + +
                            +

                            More about this vulnerability

                            +
                            + +
                            +
                            +

                            Excessive Iteration

                            +
                            + +
                            + medium severity +
                            + +
                            + +
                              +
                            • + Package Manager: alpine:3.18 +
                              • +
                            • + Vulnerable module: + + openssl/libcrypto3 +
                              • + +
                            • Introduced through: + + docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 + +
                              • +
                            + +
                            + + +

                            Detailed paths

                            + +
                              +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libssl3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 + + + +
                              • +
                            + +
                            + +
                            + +

                            NVD Description

                            +

                            Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

                            +

                            Issue summary: Checking excessively long DH keys or parameters may be very slow.

                            +

                            Impact summary: Applications that use the functions DH_check(), DH_check_ex() + or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long + delays. Where the key or parameters that are being checked have been obtained + from an untrusted source this may lead to a Denial of Service.

                            +

                            The function DH_check() performs various checks on DH parameters. After fixing + CVE-2023-3446 it was discovered that a large q parameter value can also trigger + an overly long computation during some of these checks. A correct q value, + if present, cannot be larger than the modulus p parameter, thus it is + unnecessary to perform these checks if q is larger than p.

                            +

                            An application that calls DH_check() and supplies a key or parameters obtained + from an untrusted source could be vulnerable to a Denial of Service attack.

                            +

                            The function DH_check() is itself called by a number of other OpenSSL functions. + An application calling any of those other functions may similarly be affected. + The other functions affected by this are DH_check_ex() and + EVP_PKEY_param_check().

                            +

                            Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications + when using the "-check" option.

                            +

                            The OpenSSL SSL/TLS implementation is not affected by this issue.

                            +

                            The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

                            +

                            Remediation

                            +

                            Upgrade Alpine:3.18 openssl to version 3.1.2-r0 or higher.

                            +

                            References

                            + + +
                            + +
                            +

                            More about this vulnerability

                            +
                            + +
                            +
                            +

                            Improper Check for Unusual or Exceptional Conditions

                            +
                            + +
                            + medium severity +
                            + +
                            + +
                              +
                            • + Package Manager: alpine:3.18 +
                              • +
                            • + Vulnerable module: + + openssl/libcrypto3 +
                              • + +
                            • Introduced through: + + docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 + +
                              • +
                            + +
                            + + +

                            Detailed paths

                            + +
                              +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libssl3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 + + + +
                              • +
                            + +
                            + +
                            + +

                            NVD Description

                            +

                            Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

                            +

                            Issue summary: Generating excessively long X9.42 DH keys or checking + excessively long X9.42 DH keys or parameters may be very slow.

                            +

                            Impact summary: Applications that use the functions DH_generate_key() to + generate an X9.42 DH key may experience long delays. Likewise, applications + that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() + to check an X9.42 DH key or X9.42 DH parameters may experience long delays. + Where the key or parameters that are being checked have been obtained from + an untrusted source this may lead to a Denial of Service.

                            +

                            While DH_check() performs all the necessary checks (as of CVE-2023-3817), + DH_check_pub_key() doesn't make any of these checks, and is therefore + vulnerable for excessively large P and Q parameters.

                            +

                            Likewise, while DH_generate_key() performs a check for an excessively large + P, it doesn't check for an excessively large Q.

                            +

                            An application that calls DH_generate_key() or DH_check_pub_key() and + supplies a key or parameters obtained from an untrusted source could be + vulnerable to a Denial of Service attack.

                            +

                            DH_generate_key() and DH_check_pub_key() are also called by a number of + other OpenSSL functions. An application calling any of those other + functions may similarly be affected. The other functions affected by this + are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().

                            +

                            Also vulnerable are the OpenSSL pkey command line application when using the + "-pubcheck" option, as well as the OpenSSL genpkey command line application.

                            +

                            The OpenSSL SSL/TLS implementation is not affected by this issue.

                            +

                            The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

                            +

                            Remediation

                            +

                            Upgrade Alpine:3.18 openssl to version 3.1.4-r1 or higher.

                            +

                            References

                            + + +
                            + +
                            +

                            More about this vulnerability

                            +
                            + +
                            +
                            +

                            Out-of-bounds Write

                            +
                            + +
                            + medium severity +
                            + +
                            + +
                              +
                            • + Package Manager: alpine:3.18 +
                              • +
                            • + Vulnerable module: + + openssl/libcrypto3 +
                              • + +
                            • Introduced through: + + docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 + +
                              • +
                            + +
                            + + +

                            Detailed paths

                            + +
                              +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libssl3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 + + + +
                              • +
                            + +
                            + +
                            + +

                            NVD Description

                            +

                            Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

                            +

                            Issue summary: The POLY1305 MAC (message authentication code) implementation + contains a bug that might corrupt the internal state of applications running + on PowerPC CPU based platforms if the CPU provides vector instructions.

                            +

                            Impact summary: If an attacker can influence whether the POLY1305 MAC + algorithm is used, the application state might be corrupted with various + application dependent consequences.

                            +

                            The POLY1305 MAC (message authentication code) implementation in OpenSSL for + PowerPC CPUs restores the contents of vector registers in a different order + than they are saved. Thus the contents of some of these vector registers + are corrupted when returning to the caller. The vulnerable code is used only + on newer PowerPC processors supporting the PowerISA 2.07 instructions.

                            +

                            The consequences of this kind of internal application state corruption can + be various - from no consequences, if the calling application does not + depend on the contents of non-volatile XMM registers at all, to the worst + consequences, where the attacker could get complete control of the application + process. However unless the compiler uses the vector registers for storing + pointers, the most likely consequence, if any, would be an incorrect result + of some application dependent calculations or a crash leading to a denial of + service.

                            +

                            The POLY1305 MAC algorithm is most frequently used as part of the + CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) + algorithm. The most common usage of this AEAD cipher is with TLS protocol + versions 1.2 and 1.3. If this cipher is enabled on the server a malicious + client can influence whether this AEAD cipher is used. This implies that + TLS server applications using OpenSSL can be potentially impacted. However + we are currently not aware of any concrete application that would be affected + by this issue therefore we consider this a Low severity security issue.

                            +

                            Remediation

                            +

                            Upgrade Alpine:3.18 openssl to version 3.1.4-r3 or higher.

                            +

                            References

                            + + +
                            + +
                            +

                            More about this vulnerability

                            +
                            + +
                            +
                            +

                            CVE-2024-0727

                            +
                            + +
                            + medium severity +
                            + +
                            + +
                              +
                            • + Package Manager: alpine:3.18 +
                              • +
                            • + Vulnerable module: + + openssl/libcrypto3 +
                              • + +
                            • Introduced through: + + docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 + +
                              • +
                            + +
                            + + +

                            Detailed paths

                            + +
                              +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libssl3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 + + + +
                              • +
                            + +
                            + +
                            + +

                            NVD Description

                            +

                            Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

                            +

                            Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL + to crash leading to a potential Denial of Service attack

                            +

                            Impact summary: Applications loading files in the PKCS12 format from untrusted + sources might terminate abruptly.

                            +

                            A file in PKCS12 format can contain certificates and keys and may come from an + untrusted source. The PKCS12 specification allows certain fields to be NULL, but + OpenSSL does not correctly check for this case. This can lead to a NULL pointer + dereference that results in OpenSSL crashing. If an application processes PKCS12 + files from an untrusted source using the OpenSSL APIs then that application will + be vulnerable to this issue.

                            +

                            OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), + PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() + and PKCS12_newpass().

                            +

                            We have also fixed a similar issue in SMIME_write_PKCS7(). However since this + function is related to writing data we do not consider it security significant.

                            +

                            The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.

                            +

                            Remediation

                            +

                            Upgrade Alpine:3.18 openssl to version 3.1.4-r5 or higher.

                            +

                            References

                            + + +
                            + +
                            +

                            More about this vulnerability

                            +
                            + +
                            +
                            +

                            CVE-2023-6237

                            +
                            + +
                            + low severity +
                            + +
                            + +
                              +
                            • + Package Manager: alpine:3.18 +
                              • +
                            • + Vulnerable module: + + openssl/libcrypto3 +
                              • + +
                            • Introduced through: + + docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 + +
                              • +
                            + +
                            + + +

                            Detailed paths

                            + +
                              +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libssl3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 + + + +
                              • +
                            + +
                            + +
                            + +

                            NVD Description

                            +

                            This vulnerability has not been analyzed by NVD yet.

                            +

                            Remediation

                            +

                            Upgrade Alpine:3.18 openssl to version 3.1.4-r4 or higher.

                            + +
                            + +
                            +

                            More about this vulnerability

                            +
                            + +
                            +
                            +
                            +
                            + + + diff --git a/docs/user-guide/commands/argocd_admin.md b/docs/user-guide/commands/argocd_admin.md index 4375c7f2e3cae..0aa338f1570e2 100644 --- a/docs/user-guide/commands/argocd_admin.md +++ b/docs/user-guide/commands/argocd_admin.md @@ -64,6 +64,7 @@ $ argocd admin initial-password reset * [argocd admin initial-password](argocd_admin_initial-password.md) - Prints initial password to log in to Argo CD for the first time * [argocd admin notifications](argocd_admin_notifications.md) - Set of CLI commands that helps manage notifications settings * [argocd admin proj](argocd_admin_proj.md) - Manage projects configuration +* [argocd admin redis-initial-password](argocd_admin_redis-initial-password.md) - Ensure the Redis password exists, creating a new one if necessary. * [argocd admin repo](argocd_admin_repo.md) - Manage repositories configuration * [argocd admin settings](argocd_admin_settings.md) - Provides set of commands for settings validation and troubleshooting diff --git a/docs/user-guide/commands/argocd_admin_redis-initial-password.md b/docs/user-guide/commands/argocd_admin_redis-initial-password.md new file mode 100644 index 0000000000000..85e56195758dd --- /dev/null +++ b/docs/user-guide/commands/argocd_admin_redis-initial-password.md @@ -0,0 +1,67 @@ +# `argocd admin redis-initial-password` Command Reference + +## argocd admin redis-initial-password + +Ensure the Redis password exists, creating a new one if necessary. + +``` +argocd admin redis-initial-password [flags] +``` + +### Options + +``` + --as string Username to impersonate for the operation + --as-group stringArray Group to impersonate for the operation, this flag can be repeated to specify multiple groups. + --as-uid string UID to impersonate for the operation + --certificate-authority string Path to a cert file for the certificate authority + --client-certificate string Path to a client certificate file for TLS + --client-key string Path to a client key file for TLS + --cluster string The name of the kubeconfig cluster to use + --context string The name of the kubeconfig context to use + --disable-compression If true, opt-out of response compression for all requests to the server + -h, --help help for redis-initial-password + --insecure-skip-tls-verify If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure + --kubeconfig string Path to a kube config. Only required if out-of-cluster + -n, --namespace string If present, the namespace scope for this CLI request + --password string Password for basic authentication to the API server + --proxy-url string If provided, this URL will be used to connect via proxy + --request-timeout string The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. (default "0") + --server string The address and port of the Kubernetes API server + --tls-server-name string If provided, this name will be used to validate server certificate. If this is not provided, hostname used to contact the server is used. + --token string Bearer token for authentication to the API server + --user string The name of the kubeconfig user to use + --username string Username for basic authentication to the API server +``` + +### Options inherited from parent commands + +``` + --auth-token string Authentication token + --client-crt string Client certificate file + --client-crt-key string Client certificate key file + --config string Path to Argo CD config (default "/home/user/.config/argocd/config") + --controller-name string Name of the Argo CD Application controller; set this or the ARGOCD_APPLICATION_CONTROLLER_NAME environment variable when the controller's name label differs from the default, for example when installing via the Helm chart (default "argocd-application-controller") + --core If set to true then CLI talks directly to Kubernetes instead of talking to Argo CD API server + --grpc-web Enables gRPC-web protocol. Useful if Argo CD server is behind proxy which does not support HTTP2. + --grpc-web-root-path string Enables gRPC-web protocol. Useful if Argo CD server is behind proxy which does not support HTTP2. Set web root. + -H, --header strings Sets additional header to all requests made by Argo CD CLI. (Can be repeated multiple times to add multiple headers, also supports comma separated headers) + --http-retry-max int Maximum number of retries to establish http connection to Argo CD server + --insecure Skip server certificate and domain verification + --kube-context string Directs the command to the given kube-context + --logformat string Set the logging format. One of: text|json (default "text") + --loglevel string Set the logging level. One of: debug|info|warn|error (default "info") + --plaintext Disable TLS + --port-forward Connect to a random argocd-server port using port forwarding + --port-forward-namespace string Namespace name which should be used for port forwarding + --redis-haproxy-name string Name of the Redis HA Proxy; set this or the ARGOCD_REDIS_HAPROXY_NAME environment variable when the HA Proxy's name label differs from the default, for example when installing via the Helm chart (default "argocd-redis-ha-haproxy") + --redis-name string Name of the Redis deployment; set this or the ARGOCD_REDIS_NAME environment variable when the Redis's name label differs from the default, for example when installing via the Helm chart (default "argocd-redis") + --repo-server-name string Name of the Argo CD Repo server; set this or the ARGOCD_REPO_SERVER_NAME environment variable when the server's name label differs from the default, for example when installing via the Helm chart (default "argocd-repo-server") + --server-crt string Server certificate file + --server-name string Name of the Argo CD API server; set this or the ARGOCD_SERVER_NAME environment variable when the server's name label differs from the default, for example when installing via the Helm chart (default "argocd-server") +``` + +### SEE ALSO + +* [argocd admin](argocd_admin.md) - Contains a set of commands useful for Argo CD administrators and requires direct Kubernetes access + diff --git a/docs/user-guide/diff-strategies.md b/docs/user-guide/diff-strategies.md index ffd09660696ac..2890fe64cbb0e 100644 --- a/docs/user-guide/diff-strategies.md +++ b/docs/user-guide/diff-strategies.md @@ -114,7 +114,7 @@ metadata: ... ``` -Note: This annotation is only effective when Server-Side Diff is +Note: This annoation is only effective when Server-Side Diff is enabled. To enable both options for a given application add the following annotation in the Argo CD Application resource: diff --git a/docs/user-guide/diffing.md b/docs/user-guide/diffing.md index 95fe7f0ace3ac..2a69654b4aa1a 100644 --- a/docs/user-guide/diffing.md +++ b/docs/user-guide/diffing.md @@ -68,7 +68,7 @@ spec: The above configuration will ignore differences from all fields owned by `kube-controller-manager` for all resources belonging to this application. -If you have a slash `/` in your pointer path, you need to replace it with the `~1` character. For example: +If you have a slash `/` in your pointer path, you can use the `~1` character. For example: ```yaml spec: diff --git a/docs/user-guide/helm.md b/docs/user-guide/helm.md index 3b5a5de0dc262..c3b6aa0c6e8fa 100644 --- a/docs/user-guide/helm.md +++ b/docs/user-guide/helm.md @@ -72,22 +72,6 @@ source: - values-production.yaml ``` -If Helm is passed a non-existing value file during template expansion, it will error out. Missing -values files can be ignored (meaning, not passed to Helm) using the `--ignore-missing-value-files`. This can be -particularly helpful to implement a [default/override -pattern](https://github.com/argoproj/argo-cd/issues/7767#issue-1060611415) with [Application -Sets](./application-set.md). - -In the declarative syntax: -```yaml -source: - helm: - valueFiles: - - values-common.yaml - - values-optional-override.yaml - ignoreMissingValueFiles: true -``` - ## Values Argo CD supports the equivalent of a values file directly in the Application manifest using the `source.helm.valuesObject` key. @@ -217,28 +201,6 @@ the result will be param1=value5 The list of parameters seen in the ui is not what is used for resources, rather it is the values/valuesObject merged with parameters (see [this issue](https://github.com/argoproj/argo-cd/issues/9213) incase it has been resolved) As a workaround using parameters instead of values/valuesObject will provide a better overview of what will be used for resources -## Helm --set-file support - -The `--set-file` argument to helm can be used with the following syntax on -the cli: - -```bash -argocd app set helm-guestbook --helm-set-file some.key=path/to/file.ext -``` - -or using the fileParameters for yaml: - -```yaml -source: - helm: - fileParameters: - - name: some.key - value: path/to/file.ext -``` - -!!! warning "Reference in multiple sources not supported" - Please note that using a multiple sources application will not let you load the file by reference. See [argoproj/argo-cd#13220](https://github.com/argoproj/argo-cd/issues/13220) - ## Helm Release Name By default, the Helm release name is equal to the Application name to which it belongs. Sometimes, especially on a centralised Argo CD, diff --git a/docs/user-guide/kustomize.md b/docs/user-guide/kustomize.md index d8f5330667973..1aa876fb74224 100644 --- a/docs/user-guide/kustomize.md +++ b/docs/user-guide/kustomize.md @@ -212,7 +212,7 @@ argocd app set --kustomize-version v3.5.4 ## Build Environment -Kustomize apps have access to the [standard build environment](build-environment.md) which can be used in combination with a [config management plugin](../operator-manual/config-management-plugins.md) to alter the rendered manifests. +Kustomize apps have access to the [standard build environment](build-environment.md) which can be used in combination with a [config managment plugin](../operator-manual/config-management-plugins.md) to alter the rendered manifests. You can use these build environment variables in your Argo CD Application manifests. You can enable this by setting `.spec.source.kustomize.commonAnnotationsEnvsubst` to `true` in your Application manifest. diff --git a/docs/user-guide/status-badge.md b/docs/user-guide/status-badge.md index a933a751d2550..3363227997309 100644 --- a/docs/user-guide/status-badge.md +++ b/docs/user-guide/status-badge.md @@ -14,45 +14,7 @@ The URLs for status image are available on application details page: for the status image URL in markdown, html, etc are available . 4. Copy the text and paste it into your README or website. -## Additional query parameters options -### showAppName -Display the application name in the status badge. +The application name may optionally be displayed in the status badge by adding the `?showAppName=true` query parameter. -Available values: `true/false` - -Default value: `false` - -Example: `&showAppName=true` - -### revision -Display revision targeted by the application. - -It will also extend the badge width to 192px. - -Available values: `true/false` - -Default value: `false` - -Example: `&revision=true` -### keepFullRevision -By default, displayed revision is truncated to 7 characters. - -This parameter allows to display it fully if it exceeds that length. - -It will also extend the badge width to 400px. - -Available values: `true/false` - -Default value: `false` - -Example: `&keepFullRevision=true` -### width -Change width of the badge. - -Completely replace current calculated width. - -Available values: `integer` - -Default value: `nil` - -Example: `&width=500` \ No newline at end of file +For example, `${argoCdBaseUrl}/api/badge?name=${appName}&showAppName=true`. +To remove the application name from the badge, remove the query parameter from the URL or set it to `false`. \ No newline at end of file diff --git a/docs/user-guide/sync-kubectl.md b/docs/user-guide/sync-kubectl.md index 53700afed4f67..100ec2cdf70b1 100644 --- a/docs/user-guide/sync-kubectl.md +++ b/docs/user-guide/sync-kubectl.md @@ -38,7 +38,7 @@ operation: username: sync: syncStrategy: - hook: {} + hook: {} ``` ```bash diff --git a/go.mod b/go.mod index 486451df114b0..ef33baa591249 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,7 @@ go 1.21 toolchain go1.21.0 require ( - code.gitea.io/sdk/gitea v0.18.0 + code.gitea.io/sdk/gitea v0.15.1 github.com/Azure/kubelogin v0.0.20 github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible github.com/Masterminds/semver/v3 v3.2.1 @@ -78,15 +78,15 @@ require ( github.com/valyala/fasttemplate v1.2.2 github.com/xanzy/go-gitlab v0.91.1 github.com/yuin/gopher-lua v1.1.0 - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.42.0 + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.1 go.opentelemetry.io/otel v1.21.0 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.21.0 go.opentelemetry.io/otel/sdk v1.21.0 - golang.org/x/crypto v0.22.0 + golang.org/x/crypto v0.19.0 golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 golang.org/x/oauth2 v0.11.0 golang.org/x/sync v0.3.0 - golang.org/x/term v0.19.0 + golang.org/x/term v0.17.0 google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d google.golang.org/grpc v1.59.0 google.golang.org/protobuf v1.33.0 @@ -129,8 +129,6 @@ require ( github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7 // indirect github.com/aws/aws-sdk-go-v2/service/sts v1.26.7 // indirect github.com/aws/smithy-go v1.19.0 // indirect - github.com/davidmz/go-pageant v1.0.2 // indirect - github.com/go-fed/httpsig v1.1.0 // indirect github.com/golang-jwt/jwt v3.2.2+incompatible // indirect github.com/google/s2a-go v0.1.4 // indirect github.com/googleapis/enterprise-certificate-proxy v0.2.5 // indirect @@ -210,7 +208,7 @@ require ( github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect - github.com/hashicorp/go-version v1.6.0 // indirect + github.com/hashicorp/go-version v1.2.1 // indirect github.com/huandu/xstrings v1.3.3 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/itchyny/timefmt-go v0.1.5 // indirect @@ -269,8 +267,8 @@ require ( go.opentelemetry.io/proto/otlp v1.0.0 // indirect go.starlark.net v0.0.0-20220328144851-d1966c6b9fcd // indirect golang.org/x/mod v0.12.0 // indirect - golang.org/x/net v0.23.0 - golang.org/x/sys v0.19.0 // indirect + golang.org/x/net v0.19.0 + golang.org/x/sys v0.17.0 // indirect golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.5.0 golang.org/x/tools v0.13.0 // indirect @@ -302,6 +300,9 @@ replace ( github.com/golang/protobuf => github.com/golang/protobuf v1.5.4 github.com/grpc-ecosystem/grpc-gateway => github.com/grpc-ecosystem/grpc-gateway v1.16.0 + // Avoid CVE-2023-46402 + github.com/whilp/git-urls => github.com/chainguard-dev/git-urls v1.0.2 + // Avoid CVE-2022-3064 gopkg.in/yaml.v2 => gopkg.in/yaml.v2 v2.4.0 diff --git a/go.sum b/go.sum index c8b733a32fd79..4517cdc08744e 100644 --- a/go.sum +++ b/go.sum @@ -597,8 +597,9 @@ cloud.google.com/go/workflows v1.7.0/go.mod h1:JhSrZuVZWuiDfKEFxU0/F1PQjmpnpcoIS cloud.google.com/go/workflows v1.8.0/go.mod h1:ysGhmEajwZxGn1OhGOGKsTXc5PyxOc0vfKf5Af+to4M= cloud.google.com/go/workflows v1.9.0/go.mod h1:ZGkj1aFIOd9c8Gerkjjq7OW7I5+l6cSvT3ujaO/WwSA= cloud.google.com/go/workflows v1.10.0/go.mod h1:fZ8LmRmZQWacon9UCX1r/g/DfAXx5VcPALq2CxzdePw= -code.gitea.io/sdk/gitea v0.18.0 h1:+zZrwVmujIrgobt6wVBWCqITz6bn1aBjnCUHmpZrerI= -code.gitea.io/sdk/gitea v0.18.0/go.mod h1:IG9xZJoltDNeDSW0qiF2Vqx5orMWa7OhVWrjvrd5NpI= +code.gitea.io/gitea-vet v0.2.1/go.mod h1:zcNbT/aJEmivCAhfmkHOlT645KNOf9W2KnkLgFjGGfE= +code.gitea.io/sdk/gitea v0.15.1 h1:WJreC7YYuxbn0UDaPuWIe/mtiNKTvLN8MLkaw71yx/M= +code.gitea.io/sdk/gitea v0.15.1/go.mod h1:klY2LVI3s3NChzIk/MzMn7G1FHrfU7qd63iSMVoHRBA= dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk= dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= @@ -833,8 +834,6 @@ github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxG github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/davidmz/go-pageant v1.0.2 h1:bPblRCh5jGU+Uptpz6LgMZGD5hJoOt7otgT454WvHn0= -github.com/davidmz/go-pageant v1.0.2/go.mod h1:P2EDDnMqIwG5Rrp05dTRITj9z2zpGcD9efWSkTNKLIE= github.com/deckarep/golang-set v1.7.1/go.mod h1:93vsz/8Wt4joVM7c2AVqh+YRMiUSc14yDtF28KmMOgQ= github.com/desertbit/timer v0.0.0-20180107155436-c41aec40b27f h1:U5y3Y5UE0w7amNe7Z5G/twsBW0KEalRQXZzf8ufSh9I= github.com/desertbit/timer v0.0.0-20180107155436-c41aec40b27f/go.mod h1:xH/i4TFMt8koVQZ6WFms69WAsDWr2XsYL3Hkl7jkoLE= @@ -923,8 +922,6 @@ github.com/gliderlabs/ssh v0.3.5 h1:OcaySEmAQJgyYcArR+gGGTHCyE7nvhEMTlYY+Dp8CpY= github.com/gliderlabs/ssh v0.3.5/go.mod h1:8XB4KraRrX39qHhT6yxPsHedjA08I/uBVwj4xC+/+z4= github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA= github.com/go-errors/errors v1.4.2/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og= -github.com/go-fed/httpsig v1.1.0 h1:9M+hb0jkEICD8/cAiNqEB66R87tTINszBRTjwjQzWcI= -github.com/go-fed/httpsig v1.1.0/go.mod h1:RCMrTZvN1bJYtofsG4rd5NaO5obxQ5xBkdiS7xsT7bM= github.com/go-fonts/dejavu v0.1.0/go.mod h1:4Wt4I4OU2Nq9asgDCteaAaWZOV24E+0/Pwo0gppep4g= github.com/go-fonts/latin-modern v0.2.0/go.mod h1:rQVLdDMK+mK1xscDwsqM5J8U2jrRa3T0ecnM9pNujks= github.com/go-fonts/liberation v0.1.1/go.mod h1:K6qoJYypsmfVjWg8KOVDQhLc8UDgIK2HYqyqAO9z7GY= @@ -1256,8 +1253,8 @@ github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdv github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= -github.com/hashicorp/go-version v1.6.0 h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mOkIeek= -github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= +github.com/hashicorp/go-version v1.2.1 h1:zEfKbn2+PDgroKdiOzqiE8rsmLqU2uwi5PB5pBJ3TkI= +github.com/hashicorp/go-version v1.2.1/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= @@ -1749,8 +1746,8 @@ go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.42.0 h1:ZOLJc06r4CB42laIXg/7udr0pbZyuAihN10A/XuiQRY= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.42.0/go.mod h1:5z+/ZWJQKXa9YT34fQNx5K8Hd1EoIhvtUygUQPqEOgQ= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.1 h1:SpGay3w+nEwMpfVnbqOLH5gY52/foP8RE8UzTZ1pdSE= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.1/go.mod h1:4UoMYEZOC0yN/sPGH76KPkkU7zgiEWYWL9vwmbnTJPE= go.opentelemetry.io/otel v1.21.0 h1:hzLeKBZEL7Okw2mGzZ0cc4k/A7Fta0uoPgaJCr8fsFc= go.opentelemetry.io/otel v1.21.0/go.mod h1:QZzNPQPm1zLX4gZK4cMi+71eaorMSGT3A4znnUvNNEo= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.21.0 h1:cl5P5/GIfFh4t6xyruOgJP5QiA1pw4fYYdv6nc6CBWw= @@ -1802,7 +1799,6 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= -golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8= golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= @@ -1818,9 +1814,8 @@ golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45 golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw= golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc= golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= +golang.org/x/crypto v0.19.0 h1:ENy+Az/9Y1vSrlrvBSyna3PITt4tiZLf7sgCjZBX7Wo= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= -golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30= -golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M= golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -1966,8 +1961,8 @@ golang.org/x/net v0.11.0/go.mod h1:2L/ixqYpgIVXmeoSA/4Lu7BzTG4KIyPIryS4IsOd1oQ= golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI= golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= -golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs= -golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= +golang.org/x/net v0.19.0 h1:zTwKpTd2XuCqf8huc7Fo2iSy+4RHPd10s4KzeTnVr1c= +golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -2139,9 +2134,8 @@ golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= -golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -2156,9 +2150,8 @@ golang.org/x/term v0.9.0/go.mod h1:M6DEAAIenWoTxdKrOltXcmDY3rSplQUkrvaDU5FcQyo= golang.org/x/term v0.11.0/go.mod h1:zC9APTIj3jG3FdV/Ons+XE1riIZXG4aZ4GTHiPZJPIU= golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= +golang.org/x/term v0.17.0 h1:mkTF7LCd6WGJNL3K1Ad7kwxNfYAW6a8a8QqtMblp/4U= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= -golang.org/x/term v0.19.0 h1:+ThwsDv+tYfnJFhF4L8jITxu1tdTWRTZpdsWgEgjL6Q= -golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -2236,6 +2229,7 @@ golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapK golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= +golang.org/x/tools v0.0.0-20200325010219-a49f79bcc224/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200505023115-26f46d2f7ef8/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= diff --git a/hack/gen-crd-spec/main.go b/hack/gen-crd-spec/main.go index 283752f8e881c..e7dcd658ef26a 100644 --- a/hack/gen-crd-spec/main.go +++ b/hack/gen-crd-spec/main.go @@ -2,7 +2,6 @@ package main import ( "encoding/json" - "errors" "fmt" "os" "os/exec" @@ -28,6 +27,7 @@ func getCustomResourceDefinitions() map[string]*extensionsobj.CustomResourceDefi crdYamlBytes, err := exec.Command( "controller-gen", "paths=./pkg/apis/application/...", + "crd:trivialVersions=true", "crd:crdVersions=v1", "output:crd:stdout", ).Output() @@ -117,10 +117,6 @@ func removeDescription(v interface{}) { func checkErr(err error) { if err != nil { - var execError *exec.ExitError - if errors.As(err, &execError) { - fmt.Println(string(execError.Stderr)) - } panic(err) } } diff --git a/hack/installers/checksums/helm-v3.14.4-darwin-amd64.tar.gz.sha256 b/hack/installers/checksums/helm-v3.14.4-darwin-amd64.tar.gz.sha256 new file mode 100644 index 0000000000000..a17a4f14d364d --- /dev/null +++ b/hack/installers/checksums/helm-v3.14.4-darwin-amd64.tar.gz.sha256 @@ -0,0 +1 @@ +73434aeac36ad068ce2e5582b8851a286dc628eae16494a26e2ad0b24a7199f9 helm-v3.14.4-darwin-amd64.tar.gz diff --git a/hack/installers/checksums/helm-v3.14.4-darwin-arm64.tar.gz.sha256 b/hack/installers/checksums/helm-v3.14.4-darwin-arm64.tar.gz.sha256 new file mode 100644 index 0000000000000..0eaa6ab9a823b --- /dev/null +++ b/hack/installers/checksums/helm-v3.14.4-darwin-arm64.tar.gz.sha256 @@ -0,0 +1 @@ +61e9c5455f06b2ad0a1280975bf65892e707adc19d766b0cf4e9006e3b7b4b6c helm-v3.14.4-darwin-arm64.tar.gz diff --git a/hack/installers/checksums/helm-v3.14.4-linux-amd64.tar.gz.sha256 b/hack/installers/checksums/helm-v3.14.4-linux-amd64.tar.gz.sha256 new file mode 100644 index 0000000000000..de8a7a596ea6a --- /dev/null +++ b/hack/installers/checksums/helm-v3.14.4-linux-amd64.tar.gz.sha256 @@ -0,0 +1 @@ +a5844ef2c38ef6ddf3b5a8f7d91e7e0e8ebc39a38bb3fc8013d629c1ef29c259 helm-v3.14.4-linux-amd64.tar.gz diff --git a/hack/installers/checksums/helm-v3.14.4-linux-arm64.tar.gz.sha256 b/hack/installers/checksums/helm-v3.14.4-linux-arm64.tar.gz.sha256 new file mode 100644 index 0000000000000..f10ab40830331 --- /dev/null +++ b/hack/installers/checksums/helm-v3.14.4-linux-arm64.tar.gz.sha256 @@ -0,0 +1 @@ +113ccc53b7c57c2aba0cd0aa560b5500841b18b5210d78641acfddc53dac8ab2 helm-v3.14.4-linux-arm64.tar.gz diff --git a/hack/installers/checksums/helm-v3.14.4-linux-ppc64le.tar.gz.sha256 b/hack/installers/checksums/helm-v3.14.4-linux-ppc64le.tar.gz.sha256 new file mode 100644 index 0000000000000..7a84560c18fe4 --- /dev/null +++ b/hack/installers/checksums/helm-v3.14.4-linux-ppc64le.tar.gz.sha256 @@ -0,0 +1 @@ +d0d625b43f6650ad376428520b2238baa2400bfedb43b2e0f24ad7247f0f59b5 helm-v3.14.4-linux-ppc64le.tar.gz diff --git a/hack/installers/checksums/helm-v3.14.4-linux-s390x.tar.gz.sha256 b/hack/installers/checksums/helm-v3.14.4-linux-s390x.tar.gz.sha256 new file mode 100644 index 0000000000000..869e43aecfebf --- /dev/null +++ b/hack/installers/checksums/helm-v3.14.4-linux-s390x.tar.gz.sha256 @@ -0,0 +1 @@ +a5750d0cb1ba34ce84ab3be6382a14617130661d15dd2aa1b36630b293437936 helm-v3.14.4-linux-s390x.tar.gz diff --git a/hack/installers/install-codegen-go-tools.sh b/hack/installers/install-codegen-go-tools.sh index 373d6977d127a..6c9775ff46274 100755 --- a/hack/installers/install-codegen-go-tools.sh +++ b/hack/installers/install-codegen-go-tools.sh @@ -45,7 +45,7 @@ go_mod_install k8s.io/code-generator/cmd/lister-gen go_mod_install k8s.io/kube-openapi/cmd/openapi-gen # controller-gen is run by ./hack/gen-crd-spec to generate the CRDs -go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.14.0 +go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.4.1 # swagger cli is used to generate swagger docs go install github.com/go-swagger/go-swagger/cmd/swagger@v0.28.0 diff --git a/hack/snyk-report.sh b/hack/snyk-report.sh index 8147c3bba3bc4..074f218289c43 100755 --- a/hack/snyk-report.sh +++ b/hack/snyk-report.sh @@ -37,8 +37,8 @@ git clone https://github.com/argoproj/argo-cd.git cd argo-cd git checkout master -minor_version=$(git tag -l | sort -V | tail -n 1 | grep -Eo '[0-9]+\.[0-9]+') -patch_num=$(git tag -l | grep "v$minor_version." | grep -o "[a-z[:digit:]-]*$" | sort -V | tail -n 1) +minor_version=$(git tag -l | sort -g | tail -n 1 | grep -Eo '[0-9]+\.[0-9]+') +patch_num=$(git tag -l | grep "v$minor_version." | grep -o "[a-z[:digit:]-]*$" | sort -g | tail -n 1) version="v$minor_version.$patch_num" versions="master " @@ -54,7 +54,7 @@ for i in $(seq "$version_count"); do minor_num=$(printf '%s' "$minor_version" | sed -E 's/[0-9]+\.//') minor_num=$((minor_num-1)) minor_version=$(printf '%s' "$minor_version" | sed -E "s/\.[0-9]+$/.$minor_num/g") - patch_num=$(git tag -l | grep "v$minor_version." | grep -o "[a-z[:digit:]-]*$" | sort -V | tail -n 1) + patch_num=$(git tag -l | grep "v$minor_version." | grep -o "[a-z[:digit:]-]*$" | sort -g | tail -n 1) version="v$minor_version.$patch_num" done diff --git a/hack/tool-versions.sh b/hack/tool-versions.sh index e87dc54590afd..a49285c88000d 100644 --- a/hack/tool-versions.sh +++ b/hack/tool-versions.sh @@ -11,7 +11,7 @@ # Use ./hack/installers/checksums/add-helm-checksums.sh and # add-kustomize-checksums.sh to help download checksums. ############################################################################### -helm3_version=3.14.3 +helm3_version=3.14.4 kubectl_version=1.17.8 kubectx_version=0.6.3 kustomize5_version=5.2.1 diff --git a/manifests/base/application-controller-deployment/argocd-application-controller-deployment.yaml b/manifests/base/application-controller-deployment/argocd-application-controller-deployment.yaml index 68dd75de2f47f..815e4123d05e3 100644 --- a/manifests/base/application-controller-deployment/argocd-application-controller-deployment.yaml +++ b/manifests/base/application-controller-deployment/argocd-application-controller-deployment.yaml @@ -20,6 +20,11 @@ spec: - args: - /usr/local/bin/argocd-application-controller env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis - name: ARGOCD_RECONCILIATION_TIMEOUT valueFrom: configMapKeyRef: diff --git a/manifests/base/application-controller/argocd-application-controller-statefulset.yaml b/manifests/base/application-controller/argocd-application-controller-statefulset.yaml index 7b6302a09c449..2219f5f9b4731 100644 --- a/manifests/base/application-controller/argocd-application-controller-statefulset.yaml +++ b/manifests/base/application-controller/argocd-application-controller-statefulset.yaml @@ -21,6 +21,11 @@ spec: - args: - /usr/local/bin/argocd-application-controller env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis - name: ARGOCD_CONTROLLER_REPLICAS value: "1" - name: ARGOCD_RECONCILIATION_TIMEOUT diff --git a/manifests/base/kustomization.yaml b/manifests/base/kustomization.yaml index e80274cddc620..ef54af86025e7 100644 --- a/manifests/base/kustomization.yaml +++ b/manifests/base/kustomization.yaml @@ -5,7 +5,7 @@ kind: Kustomization images: - name: quay.io/argoproj/argocd newName: quay.io/argoproj/argocd - newTag: latest + newTag: v2.11.2 resources: - ./application-controller - ./dex diff --git a/manifests/base/redis/argocd-redis-deployment.yaml b/manifests/base/redis/argocd-redis-deployment.yaml index bcbe729ac6d00..a2951694ed7d7 100644 --- a/manifests/base/redis/argocd-redis-deployment.yaml +++ b/manifests/base/redis/argocd-redis-deployment.yaml @@ -15,6 +15,23 @@ spec: labels: app.kubernetes.io/name: argocd-redis spec: + initContainers: + - command: + - argocd + - admin + - redis-initial-password + image: quay.io/argoproj/argocd:latest + imagePullPolicy: IfNotPresent + name: secret-init + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault securityContext: runAsNonRoot: true runAsUser: 999 @@ -23,13 +40,20 @@ spec: serviceAccountName: argocd-redis containers: - name: redis - image: redis:7.0.15-alpine + image: redis:7.0.14-alpine imagePullPolicy: Always args: - "--save" - "" - "--appendonly" - "no" + - --requirepass $(REDIS_PASSWORD) + env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis ports: - containerPort: 6379 securityContext: diff --git a/manifests/base/redis/argocd-redis-network-policy.yaml b/manifests/base/redis/argocd-redis-network-policy.yaml index 837b3e0424502..1454874742240 100644 --- a/manifests/base/redis/argocd-redis-network-policy.yaml +++ b/manifests/base/redis/argocd-redis-network-policy.yaml @@ -8,7 +8,6 @@ spec: app.kubernetes.io/name: argocd-redis policyTypes: - Ingress - - Egress ingress: - from: - podSelector: @@ -23,9 +22,3 @@ spec: ports: - protocol: TCP port: 6379 - egress: - - ports: - - port: 53 - protocol: UDP - - port: 53 - protocol: TCP diff --git a/manifests/base/redis/argocd-redis-role.yaml b/manifests/base/redis/argocd-redis-role.yaml new file mode 100644 index 0000000000000..a7a33f48a4c11 --- /dev/null +++ b/manifests/base/redis/argocd-redis-role.yaml @@ -0,0 +1,23 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis + app.kubernetes.io/part-of: argocd + name: argocd-redis +rules: + - apiGroups: + - "" + resources: + - secrets + resourceNames: + - argocd-redis + verbs: + - get + - apiGroups: + - "" + resources: + - secrets + verbs: + - create \ No newline at end of file diff --git a/manifests/base/redis/argocd-redis-rolebinding.yaml b/manifests/base/redis/argocd-redis-rolebinding.yaml new file mode 100644 index 0000000000000..f396914dffdca --- /dev/null +++ b/manifests/base/redis/argocd-redis-rolebinding.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis + app.kubernetes.io/part-of: argocd + name: argocd-redis +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argocd-redis +subjects: + - kind: ServiceAccount + name: argocd-redis \ No newline at end of file diff --git a/manifests/base/redis/kustomization.yaml b/manifests/base/redis/kustomization.yaml index 4a0b64c4da6a8..f13b17e134234 100644 --- a/manifests/base/redis/kustomization.yaml +++ b/manifests/base/redis/kustomization.yaml @@ -6,3 +6,5 @@ resources: - argocd-redis-sa.yaml - argocd-redis-service.yaml - argocd-redis-network-policy.yaml +- argocd-redis-role.yaml +- argocd-redis-rolebinding.yaml diff --git a/manifests/base/repo-server/argocd-repo-server-deployment.yaml b/manifests/base/repo-server/argocd-repo-server-deployment.yaml index 051e66027ec11..971b7a21c2151 100644 --- a/manifests/base/repo-server/argocd-repo-server-deployment.yaml +++ b/manifests/base/repo-server/argocd-repo-server-deployment.yaml @@ -24,6 +24,11 @@ spec: args: - /usr/local/bin/argocd-repo-server env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis - name: ARGOCD_RECONCILIATION_TIMEOUT valueFrom: configMapKeyRef: @@ -198,12 +203,6 @@ spec: key: reposerver.git.request.timeout name: argocd-cmd-params-cm optional: true - - name: ARGOCD_GRPC_MAX_SIZE_MB - valueFrom: - configMapKeyRef: - key: reposerver.grpc.max.size - name: argocd-cmd-params-cm - optional: true - name: HELM_CACHE_HOME value: /helm-working-dir - name: HELM_CONFIG_HOME diff --git a/manifests/base/server/argocd-server-deployment.yaml b/manifests/base/server/argocd-server-deployment.yaml index 0ebeb70e08531..1107323b2e3b9 100644 --- a/manifests/base/server/argocd-server-deployment.yaml +++ b/manifests/base/server/argocd-server-deployment.yaml @@ -23,6 +23,11 @@ spec: args: - /usr/local/bin/argocd-server env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis - name: ARGOCD_SERVER_INSECURE valueFrom: configMapKeyRef: diff --git a/manifests/core-install.yaml b/manifests/core-install.yaml index 946afb8a8ac3c..555d6a82acc68 100644 --- a/manifests/core-install.yaml +++ b/manifests/core-install.yaml @@ -35,19 +35,14 @@ spec: description: Application is a definition of Application resource. properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -145,21 +140,22 @@ spec: type: object type: array revision: - description: |- - Revision is the revision (Git) or chart version (Helm) which to sync the application to - If omitted, will use the revision specified in app spec. + description: Revision is the revision (Git) or chart version (Helm) + which to sync the application to If omitted, will use the revision + specified in app spec. type: string revisions: - description: |- - Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to - If omitted, will use the revision specified in app spec. + description: Revisions is the list of revision (Git) or chart + version (Helm) which to sync each source in sources field for + the application to If omitted, will use the revision specified + in app spec. items: type: string type: array source: - description: |- - Source overrides the source definition set in the application. - This is typically set in a Rollback operation and is nil during a Sync operation + description: Source overrides the source definition set in the + application. This is typically set in a Rollback operation and + is nil during a Sync operation properties: chart: description: Chart is a Helm chart name, and must be specified @@ -480,18 +476,18 @@ spec: Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + description: TargetRevision defines the revision of the source + to sync the application to. In case of Git, this can be + commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL type: object sources: - description: |- - Sources overrides the source definition set in the application. - This is typically set in a Rollback operation and is nil during a Sync operation + description: Sources overrides the source definition set in the + application. This is typically set in a Rollback operation and + is nil during a Sync operation items: description: ApplicationSource contains all required information about the source of an application @@ -819,10 +815,11 @@ spec: Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the + source to sync the application to. In case of Git, this + can be commit, tag, or branch. If omitted, will equal + to HEAD. In case of Helm, this is a semver tag for the + Chart's version. type: string required: - repoURL @@ -841,10 +838,10 @@ spec: the sync. properties: force: - description: |- - Force indicates whether or not to supply the --force flag to `kubectl apply`. - The --force flag deletes and re-create the resource, when PATCH encounters conflict and has - retried for 5 times. + description: Force indicates whether or not to supply + the --force flag to `kubectl apply`. The --force flag + deletes and re-create the resource, when PATCH encounters + conflict and has retried for 5 times. type: boolean type: object hook: @@ -852,10 +849,10 @@ spec: perform the sync. This is the default strategy properties: force: - description: |- - Force indicates whether or not to supply the --force flag to `kubectl apply`. - The --force flag deletes and re-create the resource, when PATCH encounters conflict and has - retried for 5 times. + description: Force indicates whether or not to supply + the --force flag to `kubectl apply`. The --force flag + deletes and re-create the resource, when PATCH encounters + conflict and has retried for 5 times. type: boolean type: object type: object @@ -876,9 +873,9 @@ spec: not set. type: string namespace: - description: |- - Namespace specifies the target namespace for the application's resources. - The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace + description: Namespace specifies the target namespace for the + application's resources. The namespace will only be set for + namespace-scoped resources that have not set a value for .metadata.namespace type: string server: description: Server specifies the URL of the target cluster's @@ -907,9 +904,10 @@ spec: kind: type: string managedFieldsManagers: - description: |- - ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the - desired state defined in the SCM and won't be displayed in diffs + description: ManagedFieldsManagers is a list of trusted managers. + Fields mutated by those managers will take precedence over + the desired state defined in the SCM and won't be displayed + in diffs items: type: string type: array @@ -936,17 +934,18 @@ spec: type: object type: array project: - description: |- - Project is a reference to the project this application belongs to. - The empty string means that application belongs to the 'default' project. + description: Project is a reference to the project this application + belongs to. The empty string means that application belongs to the + 'default' project. type: string revisionHistoryLimit: - description: |- - RevisionHistoryLimit limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. - This should only be changed in exceptional circumstances. - Setting to zero will store no history. This will reduce storage used. - Increasing will increase the space used to store the history, so we do not recommend increasing it. - Default is 10. + description: RevisionHistoryLimit limits the number of items kept + in the application's revision history, which is used for informational + purposes as well as for rollbacks to previous versions. This should + only be changed in exceptional circumstances. Setting to zero will + store no history. This will reduce storage used. Increasing will + increase the space used to store the history, so we do not recommend + increasing it. Default is 10. format: int64 type: integer source: @@ -1265,10 +1264,10 @@ spec: that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the source + to sync the application to. In case of Git, this can be commit, + tag, or branch. If omitted, will equal to HEAD. In case of Helm, + this is a semver tag for the Chart's version. type: string required: - repoURL @@ -1597,10 +1596,10 @@ spec: that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the source + to sync the application to. In case of Git, this can be commit, + tag, or branch. If omitted, will equal to HEAD. In case of + Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -2093,10 +2092,11 @@ spec: Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the + source to sync the application to. In case of Git, this + can be commit, tag, or branch. If omitted, will equal + to HEAD. In case of Helm, this is a semver tag for the + Chart's version. type: string required: - repoURL @@ -2438,10 +2438,11 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the + source to sync the application to. In case of Git, this + can be commit, tag, or branch. If omitted, will equal + to HEAD. In case of Helm, this is a semver tag for the + Chart's version. type: string required: - repoURL @@ -2453,9 +2454,9 @@ spec: type: object type: array observedAt: - description: |- - ObservedAt indicates when the application state was updated without querying latest git state - Deprecated: controller no longer updates ObservedAt field + description: 'ObservedAt indicates when the application state was + updated without querying latest git state Deprecated: controller + no longer updates ObservedAt field' format: date-time type: string operationState: @@ -2568,21 +2569,22 @@ spec: type: object type: array revision: - description: |- - Revision is the revision (Git) or chart version (Helm) which to sync the application to - If omitted, will use the revision specified in app spec. + description: Revision is the revision (Git) or chart version + (Helm) which to sync the application to If omitted, + will use the revision specified in app spec. type: string revisions: - description: |- - Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to - If omitted, will use the revision specified in app spec. + description: Revisions is the list of revision (Git) or + chart version (Helm) which to sync each source in sources + field for the application to If omitted, will use the + revision specified in app spec. items: type: string type: array source: - description: |- - Source overrides the source definition set in the application. - This is typically set in a Rollback operation and is nil during a Sync operation + description: Source overrides the source definition set + in the application. This is typically set in a Rollback + operation and is nil during a Sync operation properties: chart: description: Chart is a Helm chart name, and must @@ -2925,18 +2927,19 @@ spec: (Git or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of + the source to sync the application to. In case of + Git, this can be commit, tag, or branch. If omitted, + will equal to HEAD. In case of Helm, this is a semver + tag for the Chart's version. type: string required: - repoURL type: object sources: - description: |- - Sources overrides the source definition set in the application. - This is typically set in a Rollback operation and is nil during a Sync operation + description: Sources overrides the source definition set + in the application. This is typically set in a Rollback + operation and is nil during a Sync operation items: description: ApplicationSource contains all required information about the source of an application @@ -3287,10 +3290,11 @@ spec: (Git or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision + of the source to sync the application to. In case + of Git, this can be commit, tag, or branch. If + omitted, will equal to HEAD. In case of Helm, + this is a semver tag for the Chart's version. type: string required: - repoURL @@ -3311,10 +3315,11 @@ spec: to perform the sync. properties: force: - description: |- - Force indicates whether or not to supply the --force flag to `kubectl apply`. - The --force flag deletes and re-create the resource, when PATCH encounters conflict and has - retried for 5 times. + description: Force indicates whether or not to + supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, + when PATCH encounters conflict and has retried + for 5 times. type: boolean type: object hook: @@ -3322,10 +3327,11 @@ spec: to perform the sync. This is the default strategy properties: force: - description: |- - Force indicates whether or not to supply the --force flag to `kubectl apply`. - The --force flag deletes and re-create the resource, when PATCH encounters conflict and has - retried for 5 times. + description: Force indicates whether or not to + supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, + when PATCH encounters conflict and has retried + for 5 times. type: boolean type: object type: object @@ -3369,9 +3375,9 @@ spec: description: Group specifies the API group of the resource type: string hookPhase: - description: |- - HookPhase contains the state of any operation associated with this resource OR hook - This can also contain values for non-hook resources. + description: HookPhase contains the state of any operation + associated with this resource OR hook This can also + contain values for non-hook resources. type: string hookType: description: HookType specifies the type of the hook. @@ -3756,10 +3762,11 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the + source to sync the application to. In case of Git, this + can be commit, tag, or branch. If omitted, will equal + to HEAD. In case of Helm, this is a semver tag for the + Chart's version. type: string required: - repoURL @@ -4110,10 +4117,11 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of + the source to sync the application to. In case of + Git, this can be commit, tag, or branch. If omitted, + will equal to HEAD. In case of Helm, this is a semver + tag for the Chart's version. type: string required: - repoURL @@ -4140,9 +4148,8 @@ spec: description: Resources is a list of Kubernetes resources managed by this application items: - description: |- - ResourceStatus holds the current sync and health status of a resource - TODO: describe members of this type + description: 'ResourceStatus holds the current sync and health status + of a resource TODO: describe members of this type' properties: group: type: string @@ -4225,9 +4232,10 @@ spec: if Server is not set. type: string namespace: - description: |- - Namespace specifies the target namespace for the application's resources. - The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace + description: Namespace specifies the target namespace + for the application's resources. The namespace will + only be set for namespace-scoped resources that have + not set a value for .metadata.namespace type: string server: description: Server specifies the URL of the target cluster's @@ -4256,9 +4264,10 @@ spec: kind: type: string managedFieldsManagers: - description: |- - ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the - desired state defined in the SCM and won't be displayed in diffs + description: ManagedFieldsManagers is a list of trusted + managers. Fields mutated by those managers will take + precedence over the desired state defined in the SCM + and won't be displayed in diffs items: type: string type: array @@ -4604,10 +4613,11 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the + source to sync the application to. In case of Git, this + can be commit, tag, or branch. If omitted, will equal + to HEAD. In case of Helm, this is a semver tag for the + Chart's version. type: string required: - repoURL @@ -4958,10 +4968,11 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of + the source to sync the application to. In case of + Git, this can be commit, tag, or branch. If omitted, + will equal to HEAD. In case of Helm, this is a semver + tag for the Chart's version. type: string required: - repoURL @@ -5058,7 +5069,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic name: type: string requeueAfterSeconds: @@ -5655,7 +5665,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic template: properties: metadata: @@ -7418,7 +7427,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic name: type: string requeueAfterSeconds: @@ -8015,7 +8023,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic template: properties: metadata: @@ -11881,7 +11888,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic type: object type: array template: @@ -12478,7 +12484,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic name: type: string requeueAfterSeconds: @@ -13075,7 +13080,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic template: properties: metadata: @@ -16941,7 +16945,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic type: object type: array mergeKeys: @@ -19642,7 +19645,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic type: object type: array goTemplate: @@ -20329,37 +20331,6 @@ spec: - type type: object type: array - resources: - items: - properties: - group: - type: string - health: - properties: - message: - type: string - status: - type: string - type: object - hook: - type: boolean - kind: - type: string - name: - type: string - namespace: - type: string - requiresPruning: - type: boolean - status: - type: string - syncWave: - format: int64 - type: integer - version: - type: string - type: object - type: array type: object required: - metadata @@ -20392,28 +20363,22 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: |- - AppProject provides a logical grouping of applications, providing controls for: - * where the apps may deploy to (cluster whitelist) - * what may be deployed (repository whitelist, resource whitelist/blacklist) - * who can access these applications (roles, OIDC group claims bindings) - * and what they can do (RBAC policies) - * automation access to these roles (JWT tokens) + description: 'AppProject provides a logical grouping of applications, providing + controls for: * where the apps may deploy to (cluster whitelist) * what + may be deployed (repository whitelist, resource whitelist/blacklist) * who + can access these applications (roles, OIDC group claims bindings) * and + what they can do (RBAC policies) * automation access to these roles (JWT + tokens)' properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -20424,9 +20389,9 @@ spec: description: ClusterResourceBlacklist contains list of blacklisted cluster level resources items: - description: |- - GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying - concepts during lookup stages without having partially valid types + description: GroupKind specifies a Group and a Kind, but does not + force a version. This is useful for identifying concepts during + lookup stages without having partially valid types properties: group: type: string @@ -20441,9 +20406,9 @@ spec: description: ClusterResourceWhitelist contains list of whitelisted cluster level resources items: - description: |- - GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying - concepts during lookup stages without having partially valid types + description: GroupKind specifies a Group and a Kind, but does not + force a version. This is useful for identifying concepts during + lookup stages without having partially valid types properties: group: type: string @@ -20470,9 +20435,9 @@ spec: not set. type: string namespace: - description: |- - Namespace specifies the target namespace for the application's resources. - The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace + description: Namespace specifies the target namespace for the + application's resources. The namespace will only be set for + namespace-scoped resources that have not set a value for .metadata.namespace type: string server: description: Server specifies the URL of the target cluster's @@ -20485,9 +20450,9 @@ spec: description: NamespaceResourceBlacklist contains list of blacklisted namespace level resources items: - description: |- - GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying - concepts during lookup stages without having partially valid types + description: GroupKind specifies a Group and a Kind, but does not + force a version. This is useful for identifying concepts during + lookup stages without having partially valid types properties: group: type: string @@ -20502,9 +20467,9 @@ spec: description: NamespaceResourceWhitelist contains list of whitelisted namespace level resources items: - description: |- - GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying - concepts during lookup stages without having partially valid types + description: GroupKind specifies a Group and a Kind, but does not + force a version. This is useful for identifying concepts during + lookup stages without having partially valid types properties: group: type: string @@ -20851,6 +20816,30 @@ rules: - watch --- apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis + app.kubernetes.io/part-of: argocd + name: argocd-redis +rules: +- apiGroups: + - "" + resourceNames: + - argocd-redis + resources: + - secrets + verbs: + - get +- apiGroups: + - "" + resources: + - secrets + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: @@ -20903,6 +20892,22 @@ subjects: name: argocd-applicationset-controller --- apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis + app.kubernetes.io/part-of: argocd + name: argocd-redis +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argocd-redis +subjects: +- kind: ServiceAccount + name: argocd-redis +--- +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: @@ -21219,7 +21224,7 @@ spec: key: applicationsetcontroller.enable.scm.providers name: argocd-cmd-params-cm optional: true - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.2 imagePullPolicy: Always name: argocd-applicationset-controller ports: @@ -21314,7 +21319,14 @@ spec: - "" - --appendonly - "no" - image: redis:7.0.15-alpine + - --requirepass $(REDIS_PASSWORD) + env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis + image: redis:7.0.14-alpine imagePullPolicy: Always name: redis ports: @@ -21325,6 +21337,23 @@ spec: drop: - ALL readOnlyRootFilesystem: true + initContainers: + - command: + - argocd + - admin + - redis-initial-password + image: quay.io/argoproj/argocd:v2.11.2 + imagePullPolicy: IfNotPresent + name: secret-init + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault securityContext: runAsNonRoot: true runAsUser: 999 @@ -21369,6 +21398,11 @@ spec: - args: - /usr/local/bin/argocd-repo-server env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis - name: ARGOCD_RECONCILIATION_TIMEOUT valueFrom: configMapKeyRef: @@ -21543,19 +21577,13 @@ spec: key: reposerver.git.request.timeout name: argocd-cmd-params-cm optional: true - - name: ARGOCD_GRPC_MAX_SIZE_MB - valueFrom: - configMapKeyRef: - key: reposerver.grpc.max.size - name: argocd-cmd-params-cm - optional: true - name: HELM_CACHE_HOME value: /helm-working-dir - name: HELM_CONFIG_HOME value: /helm-working-dir - name: HELM_DATA_HOME value: /helm-working-dir - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.2 imagePullPolicy: Always livenessProbe: failureThreshold: 3 @@ -21607,7 +21635,7 @@ spec: - -n - /usr/local/bin/argocd - /var/run/argocd/argocd-cmp-server - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.2 name: copyutil securityContext: allowPrivilegeEscalation: false @@ -21692,6 +21720,11 @@ spec: - args: - /usr/local/bin/argocd-application-controller env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis - name: ARGOCD_CONTROLLER_REPLICAS value: "1" - name: ARGOCD_RECONCILIATION_TIMEOUT @@ -21874,7 +21907,7 @@ spec: key: controller.ignore.normalizer.jq.timeout name: argocd-cmd-params-cm optional: true - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.2 imagePullPolicy: Always name: argocd-application-controller ports: @@ -21956,12 +21989,6 @@ kind: NetworkPolicy metadata: name: argocd-redis-network-policy spec: - egress: - - ports: - - port: 53 - protocol: UDP - - port: 53 - protocol: TCP ingress: - from: - podSelector: @@ -21981,7 +22008,6 @@ spec: app.kubernetes.io/name: argocd-redis policyTypes: - Ingress - - Egress --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy diff --git a/manifests/core-install/kustomization.yaml b/manifests/core-install/kustomization.yaml index 07a82b3707700..f0ac65d0f7dfb 100644 --- a/manifests/core-install/kustomization.yaml +++ b/manifests/core-install/kustomization.yaml @@ -12,4 +12,4 @@ resources: images: - name: quay.io/argoproj/argocd newName: quay.io/argoproj/argocd - newTag: latest + newTag: v2.11.2 diff --git a/manifests/crds/application-crd.yaml b/manifests/crds/application-crd.yaml index 6b67f460587e5..aaf1347f64dfb 100644 --- a/manifests/crds/application-crd.yaml +++ b/manifests/crds/application-crd.yaml @@ -34,19 +34,14 @@ spec: description: Application is a definition of Application resource. properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -144,21 +139,22 @@ spec: type: object type: array revision: - description: |- - Revision is the revision (Git) or chart version (Helm) which to sync the application to - If omitted, will use the revision specified in app spec. + description: Revision is the revision (Git) or chart version (Helm) + which to sync the application to If omitted, will use the revision + specified in app spec. type: string revisions: - description: |- - Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to - If omitted, will use the revision specified in app spec. + description: Revisions is the list of revision (Git) or chart + version (Helm) which to sync each source in sources field for + the application to If omitted, will use the revision specified + in app spec. items: type: string type: array source: - description: |- - Source overrides the source definition set in the application. - This is typically set in a Rollback operation and is nil during a Sync operation + description: Source overrides the source definition set in the + application. This is typically set in a Rollback operation and + is nil during a Sync operation properties: chart: description: Chart is a Helm chart name, and must be specified @@ -479,18 +475,18 @@ spec: Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + description: TargetRevision defines the revision of the source + to sync the application to. In case of Git, this can be + commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL type: object sources: - description: |- - Sources overrides the source definition set in the application. - This is typically set in a Rollback operation and is nil during a Sync operation + description: Sources overrides the source definition set in the + application. This is typically set in a Rollback operation and + is nil during a Sync operation items: description: ApplicationSource contains all required information about the source of an application @@ -818,10 +814,11 @@ spec: Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the + source to sync the application to. In case of Git, this + can be commit, tag, or branch. If omitted, will equal + to HEAD. In case of Helm, this is a semver tag for the + Chart's version. type: string required: - repoURL @@ -840,10 +837,10 @@ spec: the sync. properties: force: - description: |- - Force indicates whether or not to supply the --force flag to `kubectl apply`. - The --force flag deletes and re-create the resource, when PATCH encounters conflict and has - retried for 5 times. + description: Force indicates whether or not to supply + the --force flag to `kubectl apply`. The --force flag + deletes and re-create the resource, when PATCH encounters + conflict and has retried for 5 times. type: boolean type: object hook: @@ -851,10 +848,10 @@ spec: perform the sync. This is the default strategy properties: force: - description: |- - Force indicates whether or not to supply the --force flag to `kubectl apply`. - The --force flag deletes and re-create the resource, when PATCH encounters conflict and has - retried for 5 times. + description: Force indicates whether or not to supply + the --force flag to `kubectl apply`. The --force flag + deletes and re-create the resource, when PATCH encounters + conflict and has retried for 5 times. type: boolean type: object type: object @@ -875,9 +872,9 @@ spec: not set. type: string namespace: - description: |- - Namespace specifies the target namespace for the application's resources. - The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace + description: Namespace specifies the target namespace for the + application's resources. The namespace will only be set for + namespace-scoped resources that have not set a value for .metadata.namespace type: string server: description: Server specifies the URL of the target cluster's @@ -906,9 +903,10 @@ spec: kind: type: string managedFieldsManagers: - description: |- - ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the - desired state defined in the SCM and won't be displayed in diffs + description: ManagedFieldsManagers is a list of trusted managers. + Fields mutated by those managers will take precedence over + the desired state defined in the SCM and won't be displayed + in diffs items: type: string type: array @@ -935,17 +933,18 @@ spec: type: object type: array project: - description: |- - Project is a reference to the project this application belongs to. - The empty string means that application belongs to the 'default' project. + description: Project is a reference to the project this application + belongs to. The empty string means that application belongs to the + 'default' project. type: string revisionHistoryLimit: - description: |- - RevisionHistoryLimit limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. - This should only be changed in exceptional circumstances. - Setting to zero will store no history. This will reduce storage used. - Increasing will increase the space used to store the history, so we do not recommend increasing it. - Default is 10. + description: RevisionHistoryLimit limits the number of items kept + in the application's revision history, which is used for informational + purposes as well as for rollbacks to previous versions. This should + only be changed in exceptional circumstances. Setting to zero will + store no history. This will reduce storage used. Increasing will + increase the space used to store the history, so we do not recommend + increasing it. Default is 10. format: int64 type: integer source: @@ -1264,10 +1263,10 @@ spec: that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the source + to sync the application to. In case of Git, this can be commit, + tag, or branch. If omitted, will equal to HEAD. In case of Helm, + this is a semver tag for the Chart's version. type: string required: - repoURL @@ -1596,10 +1595,10 @@ spec: that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the source + to sync the application to. In case of Git, this can be commit, + tag, or branch. If omitted, will equal to HEAD. In case of + Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -2092,10 +2091,11 @@ spec: Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the + source to sync the application to. In case of Git, this + can be commit, tag, or branch. If omitted, will equal + to HEAD. In case of Helm, this is a semver tag for the + Chart's version. type: string required: - repoURL @@ -2437,10 +2437,11 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the + source to sync the application to. In case of Git, this + can be commit, tag, or branch. If omitted, will equal + to HEAD. In case of Helm, this is a semver tag for the + Chart's version. type: string required: - repoURL @@ -2452,9 +2453,9 @@ spec: type: object type: array observedAt: - description: |- - ObservedAt indicates when the application state was updated without querying latest git state - Deprecated: controller no longer updates ObservedAt field + description: 'ObservedAt indicates when the application state was + updated without querying latest git state Deprecated: controller + no longer updates ObservedAt field' format: date-time type: string operationState: @@ -2567,21 +2568,22 @@ spec: type: object type: array revision: - description: |- - Revision is the revision (Git) or chart version (Helm) which to sync the application to - If omitted, will use the revision specified in app spec. + description: Revision is the revision (Git) or chart version + (Helm) which to sync the application to If omitted, + will use the revision specified in app spec. type: string revisions: - description: |- - Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to - If omitted, will use the revision specified in app spec. + description: Revisions is the list of revision (Git) or + chart version (Helm) which to sync each source in sources + field for the application to If omitted, will use the + revision specified in app spec. items: type: string type: array source: - description: |- - Source overrides the source definition set in the application. - This is typically set in a Rollback operation and is nil during a Sync operation + description: Source overrides the source definition set + in the application. This is typically set in a Rollback + operation and is nil during a Sync operation properties: chart: description: Chart is a Helm chart name, and must @@ -2924,18 +2926,19 @@ spec: (Git or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of + the source to sync the application to. In case of + Git, this can be commit, tag, or branch. If omitted, + will equal to HEAD. In case of Helm, this is a semver + tag for the Chart's version. type: string required: - repoURL type: object sources: - description: |- - Sources overrides the source definition set in the application. - This is typically set in a Rollback operation and is nil during a Sync operation + description: Sources overrides the source definition set + in the application. This is typically set in a Rollback + operation and is nil during a Sync operation items: description: ApplicationSource contains all required information about the source of an application @@ -3286,10 +3289,11 @@ spec: (Git or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision + of the source to sync the application to. In case + of Git, this can be commit, tag, or branch. If + omitted, will equal to HEAD. In case of Helm, + this is a semver tag for the Chart's version. type: string required: - repoURL @@ -3310,10 +3314,11 @@ spec: to perform the sync. properties: force: - description: |- - Force indicates whether or not to supply the --force flag to `kubectl apply`. - The --force flag deletes and re-create the resource, when PATCH encounters conflict and has - retried for 5 times. + description: Force indicates whether or not to + supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, + when PATCH encounters conflict and has retried + for 5 times. type: boolean type: object hook: @@ -3321,10 +3326,11 @@ spec: to perform the sync. This is the default strategy properties: force: - description: |- - Force indicates whether or not to supply the --force flag to `kubectl apply`. - The --force flag deletes and re-create the resource, when PATCH encounters conflict and has - retried for 5 times. + description: Force indicates whether or not to + supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, + when PATCH encounters conflict and has retried + for 5 times. type: boolean type: object type: object @@ -3368,9 +3374,9 @@ spec: description: Group specifies the API group of the resource type: string hookPhase: - description: |- - HookPhase contains the state of any operation associated with this resource OR hook - This can also contain values for non-hook resources. + description: HookPhase contains the state of any operation + associated with this resource OR hook This can also + contain values for non-hook resources. type: string hookType: description: HookType specifies the type of the hook. @@ -3755,10 +3761,11 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the + source to sync the application to. In case of Git, this + can be commit, tag, or branch. If omitted, will equal + to HEAD. In case of Helm, this is a semver tag for the + Chart's version. type: string required: - repoURL @@ -4109,10 +4116,11 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of + the source to sync the application to. In case of + Git, this can be commit, tag, or branch. If omitted, + will equal to HEAD. In case of Helm, this is a semver + tag for the Chart's version. type: string required: - repoURL @@ -4139,9 +4147,8 @@ spec: description: Resources is a list of Kubernetes resources managed by this application items: - description: |- - ResourceStatus holds the current sync and health status of a resource - TODO: describe members of this type + description: 'ResourceStatus holds the current sync and health status + of a resource TODO: describe members of this type' properties: group: type: string @@ -4224,9 +4231,10 @@ spec: if Server is not set. type: string namespace: - description: |- - Namespace specifies the target namespace for the application's resources. - The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace + description: Namespace specifies the target namespace + for the application's resources. The namespace will + only be set for namespace-scoped resources that have + not set a value for .metadata.namespace type: string server: description: Server specifies the URL of the target cluster's @@ -4255,9 +4263,10 @@ spec: kind: type: string managedFieldsManagers: - description: |- - ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the - desired state defined in the SCM and won't be displayed in diffs + description: ManagedFieldsManagers is a list of trusted + managers. Fields mutated by those managers will take + precedence over the desired state defined in the SCM + and won't be displayed in diffs items: type: string type: array @@ -4603,10 +4612,11 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the + source to sync the application to. In case of Git, this + can be commit, tag, or branch. If omitted, will equal + to HEAD. In case of Helm, this is a semver tag for the + Chart's version. type: string required: - repoURL @@ -4957,10 +4967,11 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of + the source to sync the application to. In case of + Git, this can be commit, tag, or branch. If omitted, + will equal to HEAD. In case of Helm, this is a semver + tag for the Chart's version. type: string required: - repoURL diff --git a/manifests/crds/applicationset-crd.yaml b/manifests/crds/applicationset-crd.yaml index b0ea7bb05d9c0..2668052f431a0 100644 --- a/manifests/crds/applicationset-crd.yaml +++ b/manifests/crds/applicationset-crd.yaml @@ -61,7 +61,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic name: type: string requeueAfterSeconds: @@ -658,7 +657,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic template: properties: metadata: @@ -2421,7 +2419,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic name: type: string requeueAfterSeconds: @@ -3018,7 +3015,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic template: properties: metadata: @@ -6884,7 +6880,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic type: object type: array template: @@ -7481,7 +7476,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic name: type: string requeueAfterSeconds: @@ -8078,7 +8072,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic template: properties: metadata: @@ -11944,7 +11937,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic type: object type: array mergeKeys: @@ -14645,7 +14637,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic type: object type: array goTemplate: @@ -15332,37 +15323,6 @@ spec: - type type: object type: array - resources: - items: - properties: - group: - type: string - health: - properties: - message: - type: string - status: - type: string - type: object - hook: - type: boolean - kind: - type: string - name: - type: string - namespace: - type: string - requiresPruning: - type: boolean - status: - type: string - syncWave: - format: int64 - type: integer - version: - type: string - type: object - type: array type: object required: - metadata diff --git a/manifests/crds/appproject-crd.yaml b/manifests/crds/appproject-crd.yaml index 2ebe3c2f4e325..989b3004892f6 100644 --- a/manifests/crds/appproject-crd.yaml +++ b/manifests/crds/appproject-crd.yaml @@ -20,28 +20,22 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: |- - AppProject provides a logical grouping of applications, providing controls for: - * where the apps may deploy to (cluster whitelist) - * what may be deployed (repository whitelist, resource whitelist/blacklist) - * who can access these applications (roles, OIDC group claims bindings) - * and what they can do (RBAC policies) - * automation access to these roles (JWT tokens) + description: 'AppProject provides a logical grouping of applications, providing + controls for: * where the apps may deploy to (cluster whitelist) * what + may be deployed (repository whitelist, resource whitelist/blacklist) * who + can access these applications (roles, OIDC group claims bindings) * and + what they can do (RBAC policies) * automation access to these roles (JWT + tokens)' properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -52,9 +46,9 @@ spec: description: ClusterResourceBlacklist contains list of blacklisted cluster level resources items: - description: |- - GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying - concepts during lookup stages without having partially valid types + description: GroupKind specifies a Group and a Kind, but does not + force a version. This is useful for identifying concepts during + lookup stages without having partially valid types properties: group: type: string @@ -69,9 +63,9 @@ spec: description: ClusterResourceWhitelist contains list of whitelisted cluster level resources items: - description: |- - GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying - concepts during lookup stages without having partially valid types + description: GroupKind specifies a Group and a Kind, but does not + force a version. This is useful for identifying concepts during + lookup stages without having partially valid types properties: group: type: string @@ -98,9 +92,9 @@ spec: not set. type: string namespace: - description: |- - Namespace specifies the target namespace for the application's resources. - The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace + description: Namespace specifies the target namespace for the + application's resources. The namespace will only be set for + namespace-scoped resources that have not set a value for .metadata.namespace type: string server: description: Server specifies the URL of the target cluster's @@ -113,9 +107,9 @@ spec: description: NamespaceResourceBlacklist contains list of blacklisted namespace level resources items: - description: |- - GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying - concepts during lookup stages without having partially valid types + description: GroupKind specifies a Group and a Kind, but does not + force a version. This is useful for identifying concepts during + lookup stages without having partially valid types properties: group: type: string @@ -130,9 +124,9 @@ spec: description: NamespaceResourceWhitelist contains list of whitelisted namespace level resources items: - description: |- - GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying - concepts during lookup stages without having partially valid types + description: GroupKind specifies a Group and a Kind, but does not + force a version. This is useful for identifying concepts during + lookup stages without having partially valid types properties: group: type: string diff --git a/manifests/ha/base/kustomization.yaml b/manifests/ha/base/kustomization.yaml index ae40b96e8657e..64db612f4fc75 100644 --- a/manifests/ha/base/kustomization.yaml +++ b/manifests/ha/base/kustomization.yaml @@ -12,7 +12,7 @@ patches: images: - name: quay.io/argoproj/argocd newName: quay.io/argoproj/argocd - newTag: latest + newTag: v2.11.2 resources: - ../../base/application-controller - ../../base/applicationset-controller diff --git a/manifests/ha/base/redis-ha/argocd-redis-ha-proxy-network-policy.yaml b/manifests/ha/base/redis-ha/argocd-redis-ha-proxy-network-policy.yaml index 7732c0debdae4..89c9302e9430a 100644 --- a/manifests/ha/base/redis-ha/argocd-redis-ha-proxy-network-policy.yaml +++ b/manifests/ha/base/redis-ha/argocd-redis-ha-proxy-network-policy.yaml @@ -8,7 +8,6 @@ spec: app.kubernetes.io/name: argocd-redis-ha-haproxy policyTypes: - Ingress - - Egress ingress: - from: - podSelector: @@ -25,18 +24,4 @@ spec: protocol: TCP - port: 26379 protocol: TCP - egress: - - to: - - podSelector: - matchLabels: - app.kubernetes.io/name: argocd-redis-ha - ports: - - port: 6379 - protocol: TCP - - port: 26379 - protocol: TCP - - ports: - - port: 53 - protocol: UDP - - port: 53 - protocol: TCP + diff --git a/manifests/ha/base/redis-ha/chart/requirements.lock b/manifests/ha/base/redis-ha/chart/requirements.lock index 9e5e9273942da..25a568b2620d4 100644 --- a/manifests/ha/base/redis-ha/chart/requirements.lock +++ b/manifests/ha/base/redis-ha/chart/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: redis-ha repository: https://dandydeveloper.github.io/charts - version: 4.22.3 -digest: sha256:ae773caf65b172bdd2216072c03ba76ef3c0383dbd1e2478934a67b9455f6a2e -generated: "2022-11-02T16:57:25.047025473-07:00" + version: 4.26.6 +digest: sha256:c363f48ea8339c4bdb7c8a2cca62aa487b69d0a52a6fe6267fbbbbc07e468abd +generated: "2024-04-10T11:02:32.957812-07:00" diff --git a/manifests/ha/base/redis-ha/chart/requirements.yaml b/manifests/ha/base/redis-ha/chart/requirements.yaml index bdcde75a60727..618eecda6ddcc 100644 --- a/manifests/ha/base/redis-ha/chart/requirements.yaml +++ b/manifests/ha/base/redis-ha/chart/requirements.yaml @@ -1,4 +1,4 @@ dependencies: - name: redis-ha - version: 4.22.3 + version: 4.26.6 repository: https://dandydeveloper.github.io/charts diff --git a/manifests/ha/base/redis-ha/chart/upstream.yaml b/manifests/ha/base/redis-ha/chart/upstream.yaml index e78ed94856d91..c486cc286315d 100644 --- a/manifests/ha/base/redis-ha/chart/upstream.yaml +++ b/manifests/ha/base/redis-ha/chart/upstream.yaml @@ -9,8 +9,10 @@ metadata: labels: heritage: Helm release: argocd - chart: redis-ha-4.22.3 + chart: redis-ha-4.26.6 app: argocd-redis-ha +secrets: +- name: argocd-redis --- # Source: redis-ha/charts/redis-ha/templates/redis-haproxy-serviceaccount.yaml apiVersion: v1 @@ -21,7 +23,7 @@ metadata: labels: heritage: Helm release: argocd - chart: redis-ha-4.22.3 + chart: redis-ha-4.26.6 app: argocd-redis-ha --- # Source: redis-ha/charts/redis-ha/templates/redis-ha-configmap.yaml @@ -33,7 +35,7 @@ metadata: labels: heritage: Helm release: argocd - chart: redis-ha-4.22.3 + chart: redis-ha-4.26.6 app: argocd-redis-ha data: redis.conf: | @@ -50,6 +52,8 @@ data: rdbcompression yes repl-diskless-sync yes save "" + requirepass replace-default-auth + masterauth replace-default-auth sentinel.conf: | dir "/data" @@ -59,6 +63,7 @@ data: sentinel failover-timeout argocd 180000 maxclients 10000 sentinel parallel-syncs argocd 5 + sentinel auth-pass argocd replace-default-auth init.sh: | echo "$(date) Start..." @@ -82,7 +87,7 @@ data: sentinel_get_master() { set +e if [ "$SENTINEL_PORT" -eq 0 ]; then - redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ + redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ grep -E '((^\s*((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\s*$)|(^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?s*$))' else redis-cli -h "${SERVICE}" -p "${SENTINEL_PORT}" sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ @@ -191,9 +196,9 @@ data: redis_ping() { set +e if [ "$REDIS_PORT" -eq 0 ]; then - redis-cli -h "${MASTER}" -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key ping + redis-cli -h "${MASTER}" -a "${AUTH}" --no-auth-warning -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key ping else - redis-cli -h "${MASTER}" -p "${REDIS_PORT}" ping + redis-cli -h "${MASTER}" -a "${AUTH}" --no-auth-warning -p "${REDIS_PORT}" ping fi set -e } @@ -226,7 +231,7 @@ data: if [ "$SENTINEL_PORT" -eq 0 ]; then echo " on sentinel (${SERVICE}:${SENTINEL_TLS_PORT}), sentinel grp (${MASTER_GROUP})" - if redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then + if redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then echo " $(date) Failover returned with 'NOGOODSLAVE'" echo "Setting defaults for this pod.." setup_defaults @@ -345,7 +350,7 @@ data: sentinel_get_master() { set +e if [ "$SENTINEL_PORT" -eq 0 ]; then - redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ + redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ grep -E '((^\s*((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\s*$)|(^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?s*$))' else redis-cli -h "${SERVICE}" -p "${SENTINEL_PORT}" sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ @@ -454,9 +459,9 @@ data: redis_ping() { set +e if [ "$REDIS_PORT" -eq 0 ]; then - redis-cli -h "${MASTER}" -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key ping + redis-cli -h "${MASTER}" -a "${AUTH}" --no-auth-warning -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key ping else - redis-cli -h "${MASTER}" -p "${REDIS_PORT}" ping + redis-cli -h "${MASTER}" -a "${AUTH}" --no-auth-warning -p "${REDIS_PORT}" ping fi set -e } @@ -489,7 +494,7 @@ data: if [ "$SENTINEL_PORT" -eq 0 ]; then echo " on sentinel (${SERVICE}:${SENTINEL_TLS_PORT}), sentinel grp (${MASTER_GROUP})" - if redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then + if redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then echo " $(date) Failover returned with 'NOGOODSLAVE'" echo "Setting defaults for this pod.." setup_defaults @@ -554,9 +559,9 @@ data: redis_role() { set +e if [ "$REDIS_PORT" -eq 0 ]; then - ROLE=$(redis-cli -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key info | grep role | sed 's/role://' | sed 's/\r//') + ROLE=$(redis-cli -a "${AUTH}" --no-auth-warning -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key info | grep role | sed 's/role://' | sed 's/\r//') else - ROLE=$(redis-cli -p "${REDIS_PORT}" info | grep role | sed 's/role://' | sed 's/\r//') + ROLE=$(redis-cli -a "${AUTH}" --no-auth-warning -p "${REDIS_PORT}" info | grep role | sed 's/role://' | sed 's/\r//') fi set -e } @@ -564,9 +569,9 @@ data: identify_redis_master() { set +e if [ "$REDIS_PORT" -eq 0 ]; then - REDIS_MASTER=$(redis-cli -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key info | grep master_host | sed 's/master_host://' | sed 's/\r//') + REDIS_MASTER=$(redis-cli -a "${AUTH}" --no-auth-warning -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key info | grep master_host | sed 's/master_host://' | sed 's/\r//') else - REDIS_MASTER=$(redis-cli -p "${REDIS_PORT}" info | grep master_host | sed 's/master_host://' | sed 's/\r//') + REDIS_MASTER=$(redis-cli -a "${AUTH}" --no-auth-warning -p "${REDIS_PORT}" info | grep master_host | sed 's/master_host://' | sed 's/\r//') fi set -e } @@ -576,9 +581,9 @@ data: sh /readonly-config/init.sh if [ "$REDIS_PORT" -eq 0 ]; then - echo "shutdown" | redis-cli -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key + echo "shutdown" | redis-cli -a "${AUTH}" --no-auth-warning -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key else - echo "shutdown" | redis-cli -p "${REDIS_PORT}" + echo "shutdown" | redis-cli -a "${AUTH}" --no-auth-warning -p "${REDIS_PORT}" fi set -e } @@ -591,6 +596,7 @@ data: identify_announce_ip done + trap "exit 0" TERM while true; do sleep 60 @@ -674,6 +680,8 @@ data: mode tcp option tcp-check tcp-check connect + tcp-check send "AUTH ${AUTH}"\r\n + tcp-check expect string +OK tcp-check send PING\r\n tcp-check expect string +PONG tcp-check send info\ replication\r\n @@ -730,6 +738,7 @@ data: get_redis_role() { is_master=$( redis-cli \ + -a "${AUTH}" --no-auth-warning \ -h localhost \ -p 6379 \ info | grep -c 'role:master' || true @@ -766,12 +775,13 @@ metadata: labels: heritage: Helm release: argocd - chart: redis-ha-4.22.3 + chart: redis-ha-4.26.6 app: argocd-redis-ha data: redis_liveness.sh: | response=$( redis-cli \ + -a "${AUTH}" --no-auth-warning \ -h localhost \ -p 6379 \ ping @@ -784,6 +794,7 @@ data: redis_readiness.sh: | response=$( redis-cli \ + -a "${AUTH}" --no-auth-warning \ -h localhost \ -p 6379 \ ping @@ -816,7 +827,7 @@ metadata: app: redis-ha heritage: "Helm" release: "argocd" - chart: redis-ha-4.22.3 + chart: redis-ha-4.26.6 rules: - apiGroups: - "" @@ -835,7 +846,7 @@ metadata: app: redis-ha heritage: "Helm" release: "argocd" - chart: redis-ha-4.22.3 + chart: redis-ha-4.26.6 component: argocd-redis-ha-haproxy rules: - apiGroups: @@ -855,7 +866,7 @@ metadata: app: redis-ha heritage: "Helm" release: "argocd" - chart: redis-ha-4.22.3 + chart: redis-ha-4.26.6 subjects: - kind: ServiceAccount name: argocd-redis-ha @@ -874,7 +885,7 @@ metadata: app: redis-ha heritage: "Helm" release: "argocd" - chart: redis-ha-4.22.3 + chart: redis-ha-4.26.6 component: argocd-redis-ha-haproxy subjects: - kind: ServiceAccount @@ -894,9 +905,8 @@ metadata: app: redis-ha heritage: "Helm" release: "argocd" - chart: redis-ha-4.22.3 + chart: redis-ha-4.26.6 annotations: - service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" spec: publishNotReadyAddresses: true type: ClusterIP @@ -924,9 +934,8 @@ metadata: app: redis-ha heritage: "Helm" release: "argocd" - chart: redis-ha-4.22.3 + chart: redis-ha-4.26.6 annotations: - service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" spec: publishNotReadyAddresses: true type: ClusterIP @@ -954,9 +963,8 @@ metadata: app: redis-ha heritage: "Helm" release: "argocd" - chart: redis-ha-4.22.3 + chart: redis-ha-4.26.6 annotations: - service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" spec: publishNotReadyAddresses: true type: ClusterIP @@ -984,7 +992,7 @@ metadata: app: redis-ha heritage: "Helm" release: "argocd" - chart: redis-ha-4.22.3 + chart: redis-ha-4.26.6 annotations: spec: type: ClusterIP @@ -1012,7 +1020,7 @@ metadata: app: redis-ha heritage: "Helm" release: "argocd" - chart: redis-ha-4.22.3 + chart: redis-ha-4.26.6 component: argocd-redis-ha-haproxy annotations: spec: @@ -1040,7 +1048,7 @@ metadata: app: redis-ha heritage: "Helm" release: "argocd" - chart: redis-ha-4.22.3 + chart: redis-ha-4.26.6 spec: strategy: type: RollingUpdate @@ -1056,12 +1064,11 @@ spec: labels: app: redis-ha-haproxy release: argocd - revision: "1" annotations: prometheus.io/port: "9101" prometheus.io/scrape: "true" prometheus.io/path: "/metrics" - checksum/config: 492a6adabb741e0cee39be9aa5155c41a4456629f862d0006a2d892dbecfbcae + checksum/config: e34e8124c38bcfd2f16e75620bbde30158686692b13bc449eecc44c51b207d54 spec: # Needed when using unmodified rbac-setup.yml @@ -1081,7 +1088,6 @@ spec: matchLabels: app: redis-ha-haproxy release: argocd - revision: "1" topologyKey: kubernetes.io/hostname initContainers: - name: config-init @@ -1119,6 +1125,12 @@ spec: runAsNonRoot: true seccompProfile: type: RuntimeDefault + env: + - name: AUTH + valueFrom: + secretKeyRef: + name: argocd-redis + key: auth livenessProbe: httpGet: path: /healthz @@ -1167,7 +1179,7 @@ metadata: app: redis-ha heritage: "Helm" release: "argocd" - chart: redis-ha-4.22.3 + chart: redis-ha-4.26.6 annotations: {} spec: @@ -1183,7 +1195,7 @@ spec: template: metadata: annotations: - checksum/init-config: 69130412bda04eacad3530cb7bcf26cf121401e725e15d0959dd71a7380afe75 + checksum/init-config: 9d3c019a5ea1fd98ab5cde397d8eecd351da884f15e6ba346c607cb2446c2198 labels: release: argocd app: redis-ha @@ -1207,7 +1219,7 @@ spec: automountServiceAccountToken: false initContainers: - name: config-init - image: redis:7.0.15-alpine + image: redis:7.0.14-alpine imagePullPolicy: IfNotPresent resources: {} @@ -1231,6 +1243,11 @@ spec: value: 40000915ab58c3fa8fd888fb8b24711944e6cbb4 - name: SENTINEL_ID_2 value: 2bbec7894d954a8af3bb54d13eaec53cb024e2ca + - name: AUTH + valueFrom: + secretKeyRef: + name: argocd-redis + key: auth volumeMounts: - name: config mountPath: /readonly-config @@ -1241,12 +1258,12 @@ spec: containers: - name: redis - image: redis:7.0.15-alpine + image: redis:7.0.14-alpine imagePullPolicy: IfNotPresent command: - - redis-server + - redis-server args: - - /data/conf/redis.conf + - /data/conf/redis.conf securityContext: allowPrivilegeEscalation: false capabilities: @@ -1256,6 +1273,12 @@ spec: runAsUser: 1000 seccompProfile: type: RuntimeDefault + env: + - name: AUTH + valueFrom: + secretKeyRef: + name: argocd-redis + key: auth livenessProbe: initialDelaySeconds: 30 periodSeconds: 15 @@ -1298,7 +1321,7 @@ spec: - /bin/sh - /readonly-config/trigger-failover-if-master.sh - name: sentinel - image: redis:7.0.15-alpine + image: redis:7.0.14-alpine imagePullPolicy: IfNotPresent command: - redis-sentinel @@ -1313,6 +1336,12 @@ spec: runAsUser: 1000 seccompProfile: type: RuntimeDefault + env: + - name: AUTH + valueFrom: + secretKeyRef: + name: argocd-redis + key: auth livenessProbe: initialDelaySeconds: 30 periodSeconds: 15 @@ -1349,7 +1378,7 @@ spec: {} - name: split-brain-fix - image: redis:7.0.15-alpine + image: redis:7.0.14-alpine imagePullPolicy: IfNotPresent command: - sh @@ -1371,6 +1400,11 @@ spec: value: 40000915ab58c3fa8fd888fb8b24711944e6cbb4 - name: SENTINEL_ID_2 value: 2bbec7894d954a8af3bb54d13eaec53cb024e2ca + - name: AUTH + valueFrom: + secretKeyRef: + name: argocd-redis + key: auth resources: {} volumeMounts: diff --git a/manifests/ha/base/redis-ha/chart/values.yaml b/manifests/ha/base/redis-ha/chart/values.yaml index c15def91ece21..47a8c43b8c001 100644 --- a/manifests/ha/base/redis-ha/chart/values.yaml +++ b/manifests/ha/base/redis-ha/chart/values.yaml @@ -1,4 +1,7 @@ redis-ha: + auth: true + authKey: auth + existingSecret: argocd-redis persistentVolume: enabled: false redis: @@ -11,6 +14,7 @@ redis-ha: IPv6: enabled: false image: + repository: haproxy tag: 2.6.14-alpine containerSecurityContext: null timeout: @@ -20,7 +24,8 @@ redis-ha: metrics: enabled: true image: - tag: 7.0.15-alpine + repository: redis + tag: 7.0.14-alpine containerSecurityContext: null sentinel: bind: "0.0.0.0" diff --git a/manifests/ha/base/redis-ha/kustomization.yaml b/manifests/ha/base/redis-ha/kustomization.yaml index bf0c6c3dff255..0da9beb9930e8 100644 --- a/manifests/ha/base/redis-ha/kustomization.yaml +++ b/manifests/ha/base/redis-ha/kustomization.yaml @@ -20,7 +20,7 @@ patches: kind: ConfigMap name: argocd-redis-ha-configmap namespace: argocd - path: overlays/remove-namespace.yaml + path: overlays/remove-namespace.yaml - target: version: v1 group: "" @@ -34,28 +34,28 @@ patches: kind: ServiceAccount name: argocd-redis-ha-haproxy namespace: argocd - path: overlays/remove-namespace.yaml + path: overlays/remove-namespace.yaml - target: group: rbac.authorization.k8s.io version: v1 kind: Role name: argocd-redis-ha namespace: argocd - path: overlays/remove-namespace.yaml + path: overlays/remove-namespace.yaml - target: group: rbac.authorization.k8s.io version: v1 kind: Role name: argocd-redis-ha-haproxy namespace: argocd - path: overlays/remove-namespace.yaml + path: overlays/remove-namespace.yaml - target: group: rbac.authorization.k8s.io version: v1 kind: RoleBinding name: argocd-redis-ha namespace: argocd - path: overlays/remove-namespace.yaml + path: overlays/remove-namespace.yaml - target: group: rbac.authorization.k8s.io version: v1 @@ -294,3 +294,15 @@ patches: kind: StatefulSet name: argocd-redis-ha-server path: overlays/statefulset-containers-securityContext.yaml +- target: + group: rbac.authorization.k8s.io + version: v1 + kind: Role + name: argocd-redis-ha-haproxy + path: overlays/haproxy-role.yaml +- target: + group: apps + version: v1 + kind: Deployment + name: argocd-redis-ha-haproxy + path: overlays/deployment-initContainers.yaml \ No newline at end of file diff --git a/manifests/ha/base/redis-ha/overlays/deployment-initContainers.yaml b/manifests/ha/base/redis-ha/overlays/deployment-initContainers.yaml new file mode 100644 index 0000000000000..8e6ea2754a9fa --- /dev/null +++ b/manifests/ha/base/redis-ha/overlays/deployment-initContainers.yaml @@ -0,0 +1,16 @@ +- op: add + path: /spec/template/spec/initContainers/0 + value: + name: secret-init + command: [ 'argocd', 'admin', 'redis-initial-password' ] + image: quay.io/argoproj/argocd:latest + imagePullPolicy: IfNotPresent + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault \ No newline at end of file diff --git a/manifests/ha/base/redis-ha/overlays/haproxy-role.yaml b/manifests/ha/base/redis-ha/overlays/haproxy-role.yaml new file mode 100644 index 0000000000000..b74a48006a977 --- /dev/null +++ b/manifests/ha/base/redis-ha/overlays/haproxy-role.yaml @@ -0,0 +1,20 @@ +- op: add + path: /rules/0 + value: + apiGroups: + - "" + resources: + - secrets + resourceNames: + - argocd-redis + verbs: + - get +- op: add + path: /rules/0 + value: + apiGroups: + - "" + resources: + - secrets + verbs: + - create \ No newline at end of file diff --git a/manifests/ha/install.yaml b/manifests/ha/install.yaml index c1d60412b387a..4a26535d43212 100644 --- a/manifests/ha/install.yaml +++ b/manifests/ha/install.yaml @@ -35,19 +35,14 @@ spec: description: Application is a definition of Application resource. properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -145,21 +140,22 @@ spec: type: object type: array revision: - description: |- - Revision is the revision (Git) or chart version (Helm) which to sync the application to - If omitted, will use the revision specified in app spec. + description: Revision is the revision (Git) or chart version (Helm) + which to sync the application to If omitted, will use the revision + specified in app spec. type: string revisions: - description: |- - Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to - If omitted, will use the revision specified in app spec. + description: Revisions is the list of revision (Git) or chart + version (Helm) which to sync each source in sources field for + the application to If omitted, will use the revision specified + in app spec. items: type: string type: array source: - description: |- - Source overrides the source definition set in the application. - This is typically set in a Rollback operation and is nil during a Sync operation + description: Source overrides the source definition set in the + application. This is typically set in a Rollback operation and + is nil during a Sync operation properties: chart: description: Chart is a Helm chart name, and must be specified @@ -480,18 +476,18 @@ spec: Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + description: TargetRevision defines the revision of the source + to sync the application to. In case of Git, this can be + commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL type: object sources: - description: |- - Sources overrides the source definition set in the application. - This is typically set in a Rollback operation and is nil during a Sync operation + description: Sources overrides the source definition set in the + application. This is typically set in a Rollback operation and + is nil during a Sync operation items: description: ApplicationSource contains all required information about the source of an application @@ -819,10 +815,11 @@ spec: Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the + source to sync the application to. In case of Git, this + can be commit, tag, or branch. If omitted, will equal + to HEAD. In case of Helm, this is a semver tag for the + Chart's version. type: string required: - repoURL @@ -841,10 +838,10 @@ spec: the sync. properties: force: - description: |- - Force indicates whether or not to supply the --force flag to `kubectl apply`. - The --force flag deletes and re-create the resource, when PATCH encounters conflict and has - retried for 5 times. + description: Force indicates whether or not to supply + the --force flag to `kubectl apply`. The --force flag + deletes and re-create the resource, when PATCH encounters + conflict and has retried for 5 times. type: boolean type: object hook: @@ -852,10 +849,10 @@ spec: perform the sync. This is the default strategy properties: force: - description: |- - Force indicates whether or not to supply the --force flag to `kubectl apply`. - The --force flag deletes and re-create the resource, when PATCH encounters conflict and has - retried for 5 times. + description: Force indicates whether or not to supply + the --force flag to `kubectl apply`. The --force flag + deletes and re-create the resource, when PATCH encounters + conflict and has retried for 5 times. type: boolean type: object type: object @@ -876,9 +873,9 @@ spec: not set. type: string namespace: - description: |- - Namespace specifies the target namespace for the application's resources. - The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace + description: Namespace specifies the target namespace for the + application's resources. The namespace will only be set for + namespace-scoped resources that have not set a value for .metadata.namespace type: string server: description: Server specifies the URL of the target cluster's @@ -907,9 +904,10 @@ spec: kind: type: string managedFieldsManagers: - description: |- - ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the - desired state defined in the SCM and won't be displayed in diffs + description: ManagedFieldsManagers is a list of trusted managers. + Fields mutated by those managers will take precedence over + the desired state defined in the SCM and won't be displayed + in diffs items: type: string type: array @@ -936,17 +934,18 @@ spec: type: object type: array project: - description: |- - Project is a reference to the project this application belongs to. - The empty string means that application belongs to the 'default' project. + description: Project is a reference to the project this application + belongs to. The empty string means that application belongs to the + 'default' project. type: string revisionHistoryLimit: - description: |- - RevisionHistoryLimit limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. - This should only be changed in exceptional circumstances. - Setting to zero will store no history. This will reduce storage used. - Increasing will increase the space used to store the history, so we do not recommend increasing it. - Default is 10. + description: RevisionHistoryLimit limits the number of items kept + in the application's revision history, which is used for informational + purposes as well as for rollbacks to previous versions. This should + only be changed in exceptional circumstances. Setting to zero will + store no history. This will reduce storage used. Increasing will + increase the space used to store the history, so we do not recommend + increasing it. Default is 10. format: int64 type: integer source: @@ -1265,10 +1264,10 @@ spec: that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the source + to sync the application to. In case of Git, this can be commit, + tag, or branch. If omitted, will equal to HEAD. In case of Helm, + this is a semver tag for the Chart's version. type: string required: - repoURL @@ -1597,10 +1596,10 @@ spec: that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the source + to sync the application to. In case of Git, this can be commit, + tag, or branch. If omitted, will equal to HEAD. In case of + Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -2093,10 +2092,11 @@ spec: Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the + source to sync the application to. In case of Git, this + can be commit, tag, or branch. If omitted, will equal + to HEAD. In case of Helm, this is a semver tag for the + Chart's version. type: string required: - repoURL @@ -2438,10 +2438,11 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the + source to sync the application to. In case of Git, this + can be commit, tag, or branch. If omitted, will equal + to HEAD. In case of Helm, this is a semver tag for the + Chart's version. type: string required: - repoURL @@ -2453,9 +2454,9 @@ spec: type: object type: array observedAt: - description: |- - ObservedAt indicates when the application state was updated without querying latest git state - Deprecated: controller no longer updates ObservedAt field + description: 'ObservedAt indicates when the application state was + updated without querying latest git state Deprecated: controller + no longer updates ObservedAt field' format: date-time type: string operationState: @@ -2568,21 +2569,22 @@ spec: type: object type: array revision: - description: |- - Revision is the revision (Git) or chart version (Helm) which to sync the application to - If omitted, will use the revision specified in app spec. + description: Revision is the revision (Git) or chart version + (Helm) which to sync the application to If omitted, + will use the revision specified in app spec. type: string revisions: - description: |- - Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to - If omitted, will use the revision specified in app spec. + description: Revisions is the list of revision (Git) or + chart version (Helm) which to sync each source in sources + field for the application to If omitted, will use the + revision specified in app spec. items: type: string type: array source: - description: |- - Source overrides the source definition set in the application. - This is typically set in a Rollback operation and is nil during a Sync operation + description: Source overrides the source definition set + in the application. This is typically set in a Rollback + operation and is nil during a Sync operation properties: chart: description: Chart is a Helm chart name, and must @@ -2925,18 +2927,19 @@ spec: (Git or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of + the source to sync the application to. In case of + Git, this can be commit, tag, or branch. If omitted, + will equal to HEAD. In case of Helm, this is a semver + tag for the Chart's version. type: string required: - repoURL type: object sources: - description: |- - Sources overrides the source definition set in the application. - This is typically set in a Rollback operation and is nil during a Sync operation + description: Sources overrides the source definition set + in the application. This is typically set in a Rollback + operation and is nil during a Sync operation items: description: ApplicationSource contains all required information about the source of an application @@ -3287,10 +3290,11 @@ spec: (Git or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision + of the source to sync the application to. In case + of Git, this can be commit, tag, or branch. If + omitted, will equal to HEAD. In case of Helm, + this is a semver tag for the Chart's version. type: string required: - repoURL @@ -3311,10 +3315,11 @@ spec: to perform the sync. properties: force: - description: |- - Force indicates whether or not to supply the --force flag to `kubectl apply`. - The --force flag deletes and re-create the resource, when PATCH encounters conflict and has - retried for 5 times. + description: Force indicates whether or not to + supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, + when PATCH encounters conflict and has retried + for 5 times. type: boolean type: object hook: @@ -3322,10 +3327,11 @@ spec: to perform the sync. This is the default strategy properties: force: - description: |- - Force indicates whether or not to supply the --force flag to `kubectl apply`. - The --force flag deletes and re-create the resource, when PATCH encounters conflict and has - retried for 5 times. + description: Force indicates whether or not to + supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, + when PATCH encounters conflict and has retried + for 5 times. type: boolean type: object type: object @@ -3369,9 +3375,9 @@ spec: description: Group specifies the API group of the resource type: string hookPhase: - description: |- - HookPhase contains the state of any operation associated with this resource OR hook - This can also contain values for non-hook resources. + description: HookPhase contains the state of any operation + associated with this resource OR hook This can also + contain values for non-hook resources. type: string hookType: description: HookType specifies the type of the hook. @@ -3756,10 +3762,11 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the + source to sync the application to. In case of Git, this + can be commit, tag, or branch. If omitted, will equal + to HEAD. In case of Helm, this is a semver tag for the + Chart's version. type: string required: - repoURL @@ -4110,10 +4117,11 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of + the source to sync the application to. In case of + Git, this can be commit, tag, or branch. If omitted, + will equal to HEAD. In case of Helm, this is a semver + tag for the Chart's version. type: string required: - repoURL @@ -4140,9 +4148,8 @@ spec: description: Resources is a list of Kubernetes resources managed by this application items: - description: |- - ResourceStatus holds the current sync and health status of a resource - TODO: describe members of this type + description: 'ResourceStatus holds the current sync and health status + of a resource TODO: describe members of this type' properties: group: type: string @@ -4225,9 +4232,10 @@ spec: if Server is not set. type: string namespace: - description: |- - Namespace specifies the target namespace for the application's resources. - The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace + description: Namespace specifies the target namespace + for the application's resources. The namespace will + only be set for namespace-scoped resources that have + not set a value for .metadata.namespace type: string server: description: Server specifies the URL of the target cluster's @@ -4256,9 +4264,10 @@ spec: kind: type: string managedFieldsManagers: - description: |- - ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the - desired state defined in the SCM and won't be displayed in diffs + description: ManagedFieldsManagers is a list of trusted + managers. Fields mutated by those managers will take + precedence over the desired state defined in the SCM + and won't be displayed in diffs items: type: string type: array @@ -4604,10 +4613,11 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the + source to sync the application to. In case of Git, this + can be commit, tag, or branch. If omitted, will equal + to HEAD. In case of Helm, this is a semver tag for the + Chart's version. type: string required: - repoURL @@ -4958,10 +4968,11 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of + the source to sync the application to. In case of + Git, this can be commit, tag, or branch. If omitted, + will equal to HEAD. In case of Helm, this is a semver + tag for the Chart's version. type: string required: - repoURL @@ -5058,7 +5069,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic name: type: string requeueAfterSeconds: @@ -5655,7 +5665,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic template: properties: metadata: @@ -7418,7 +7427,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic name: type: string requeueAfterSeconds: @@ -8015,7 +8023,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic template: properties: metadata: @@ -11881,7 +11888,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic type: object type: array template: @@ -12478,7 +12484,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic name: type: string requeueAfterSeconds: @@ -13075,7 +13080,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic template: properties: metadata: @@ -16941,7 +16945,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic type: object type: array mergeKeys: @@ -19642,7 +19645,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic type: object type: array goTemplate: @@ -20329,37 +20331,6 @@ spec: - type type: object type: array - resources: - items: - properties: - group: - type: string - health: - properties: - message: - type: string - status: - type: string - type: object - hook: - type: boolean - kind: - type: string - name: - type: string - namespace: - type: string - requiresPruning: - type: boolean - status: - type: string - syncWave: - format: int64 - type: integer - version: - type: string - type: object - type: array type: object required: - metadata @@ -20392,28 +20363,22 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: |- - AppProject provides a logical grouping of applications, providing controls for: - * where the apps may deploy to (cluster whitelist) - * what may be deployed (repository whitelist, resource whitelist/blacklist) - * who can access these applications (roles, OIDC group claims bindings) - * and what they can do (RBAC policies) - * automation access to these roles (JWT tokens) + description: 'AppProject provides a logical grouping of applications, providing + controls for: * where the apps may deploy to (cluster whitelist) * what + may be deployed (repository whitelist, resource whitelist/blacklist) * who + can access these applications (roles, OIDC group claims bindings) * and + what they can do (RBAC policies) * automation access to these roles (JWT + tokens)' properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -20424,9 +20389,9 @@ spec: description: ClusterResourceBlacklist contains list of blacklisted cluster level resources items: - description: |- - GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying - concepts during lookup stages without having partially valid types + description: GroupKind specifies a Group and a Kind, but does not + force a version. This is useful for identifying concepts during + lookup stages without having partially valid types properties: group: type: string @@ -20441,9 +20406,9 @@ spec: description: ClusterResourceWhitelist contains list of whitelisted cluster level resources items: - description: |- - GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying - concepts during lookup stages without having partially valid types + description: GroupKind specifies a Group and a Kind, but does not + force a version. This is useful for identifying concepts during + lookup stages without having partially valid types properties: group: type: string @@ -20470,9 +20435,9 @@ spec: not set. type: string namespace: - description: |- - Namespace specifies the target namespace for the application's resources. - The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace + description: Namespace specifies the target namespace for the + application's resources. The namespace will only be set for + namespace-scoped resources that have not set a value for .metadata.namespace type: string server: description: Server specifies the URL of the target cluster's @@ -20485,9 +20450,9 @@ spec: description: NamespaceResourceBlacklist contains list of blacklisted namespace level resources items: - description: |- - GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying - concepts during lookup stages without having partially valid types + description: GroupKind specifies a Group and a Kind, but does not + force a version. This is useful for identifying concepts during + lookup stages without having partially valid types properties: group: type: string @@ -20502,9 +20467,9 @@ spec: description: NamespaceResourceWhitelist contains list of whitelisted namespace level resources items: - description: |- - GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying - concepts during lookup stages without having partially valid types + description: GroupKind specifies a Group and a Kind, but does not + force a version. This is useful for identifying concepts during + lookup stages without having partially valid types properties: group: type: string @@ -20745,6 +20710,8 @@ metadata: app.kubernetes.io/name: argocd-redis-ha app.kubernetes.io/part-of: argocd name: argocd-redis-ha +secrets: +- name: argocd-redis --- apiVersion: v1 kind: ServiceAccount @@ -20975,6 +20942,20 @@ metadata: app.kubernetes.io/part-of: argocd name: argocd-redis-ha-haproxy rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - create +- apiGroups: + - "" + resourceNames: + - argocd-redis + resources: + - secrets + verbs: + - get - apiGroups: - "" resources: @@ -21419,7 +21400,7 @@ data: sentinel_get_master() { set +e if [ "$SENTINEL_PORT" -eq 0 ]; then - redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ + redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ grep -E '((^\s*((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\s*$)|(^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?s*$))' else redis-cli -h "${SERVICE}" -p "${SENTINEL_PORT}" sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ @@ -21528,9 +21509,9 @@ data: redis_ping() { set +e if [ "$REDIS_PORT" -eq 0 ]; then - redis-cli -h "${MASTER}" -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key ping + redis-cli -h "${MASTER}" -a "${AUTH}" --no-auth-warning -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key ping else - redis-cli -h "${MASTER}" -p "${REDIS_PORT}" ping + redis-cli -h "${MASTER}" -a "${AUTH}" --no-auth-warning -p "${REDIS_PORT}" ping fi set -e } @@ -21563,7 +21544,7 @@ data: if [ "$SENTINEL_PORT" -eq 0 ]; then echo " on sentinel (${SERVICE}:${SENTINEL_TLS_PORT}), sentinel grp (${MASTER_GROUP})" - if redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then + if redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then echo " $(date) Failover returned with 'NOGOODSLAVE'" echo "Setting defaults for this pod.." setup_defaults @@ -21628,9 +21609,9 @@ data: redis_role() { set +e if [ "$REDIS_PORT" -eq 0 ]; then - ROLE=$(redis-cli -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key info | grep role | sed 's/role://' | sed 's/\r//') + ROLE=$(redis-cli -a "${AUTH}" --no-auth-warning -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key info | grep role | sed 's/role://' | sed 's/\r//') else - ROLE=$(redis-cli -p "${REDIS_PORT}" info | grep role | sed 's/role://' | sed 's/\r//') + ROLE=$(redis-cli -a "${AUTH}" --no-auth-warning -p "${REDIS_PORT}" info | grep role | sed 's/role://' | sed 's/\r//') fi set -e } @@ -21638,9 +21619,9 @@ data: identify_redis_master() { set +e if [ "$REDIS_PORT" -eq 0 ]; then - REDIS_MASTER=$(redis-cli -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key info | grep master_host | sed 's/master_host://' | sed 's/\r//') + REDIS_MASTER=$(redis-cli -a "${AUTH}" --no-auth-warning -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key info | grep master_host | sed 's/master_host://' | sed 's/\r//') else - REDIS_MASTER=$(redis-cli -p "${REDIS_PORT}" info | grep master_host | sed 's/master_host://' | sed 's/\r//') + REDIS_MASTER=$(redis-cli -a "${AUTH}" --no-auth-warning -p "${REDIS_PORT}" info | grep master_host | sed 's/master_host://' | sed 's/\r//') fi set -e } @@ -21650,9 +21631,9 @@ data: sh /readonly-config/init.sh if [ "$REDIS_PORT" -eq 0 ]; then - echo "shutdown" | redis-cli -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key + echo "shutdown" | redis-cli -a "${AUTH}" --no-auth-warning -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key else - echo "shutdown" | redis-cli -p "${REDIS_PORT}" + echo "shutdown" | redis-cli -a "${AUTH}" --no-auth-warning -p "${REDIS_PORT}" fi set -e } @@ -21665,6 +21646,7 @@ data: identify_announce_ip done + trap "exit 0" TERM while true; do sleep 60 @@ -21707,9 +21689,10 @@ data: decide redis backend to use\n#master\nfrontend ft_redis_master\n bind :6379 \n \ use_backend bk_redis_master\n# Check all redis servers to see if they think they are master\nbackend bk_redis_master\n mode tcp\n option tcp-check\n tcp-check - connect\n tcp-check send PING\\r\\n\n tcp-check expect string +PONG\n tcp-check - send info\\ replication\\r\\n\n tcp-check expect string role:master\n tcp-check - send QUIT\\r\\n\n tcp-check expect string +OK\n use-server R0 if { srv_is_up(R0) + connect\n tcp-check send \"AUTH ${AUTH}\"\\r\\n\n tcp-check expect string +OK\n + \ tcp-check send PING\\r\\n\n tcp-check expect string +PONG\n tcp-check send + info\\ replication\\r\\n\n tcp-check expect string role:master\n tcp-check send + QUIT\\r\\n\n tcp-check expect string +OK\n use-server R0 if { srv_is_up(R0) } { nbsrv(check_if_redis_is_master_0) ge 2 }\n server R0 argocd-redis-ha-announce-0:6379 check inter 3s fall 1 rise 1\n use-server R1 if { srv_is_up(R1) } { nbsrv(check_if_redis_is_master_1) ge 2 }\n server R1 argocd-redis-ha-announce-1:6379 check inter 3s fall 1 rise @@ -21772,7 +21755,7 @@ data: sentinel_get_master() { set +e if [ "$SENTINEL_PORT" -eq 0 ]; then - redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ + redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ grep -E '((^\s*((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\s*$)|(^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?s*$))' else redis-cli -h "${SERVICE}" -p "${SENTINEL_PORT}" sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ @@ -21881,9 +21864,9 @@ data: redis_ping() { set +e if [ "$REDIS_PORT" -eq 0 ]; then - redis-cli -h "${MASTER}" -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key ping + redis-cli -h "${MASTER}" -a "${AUTH}" --no-auth-warning -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key ping else - redis-cli -h "${MASTER}" -p "${REDIS_PORT}" ping + redis-cli -h "${MASTER}" -a "${AUTH}" --no-auth-warning -p "${REDIS_PORT}" ping fi set -e } @@ -21916,7 +21899,7 @@ data: if [ "$SENTINEL_PORT" -eq 0 ]; then echo " on sentinel (${SERVICE}:${SENTINEL_TLS_PORT}), sentinel grp (${MASTER_GROUP})" - if redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then + if redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then echo " $(date) Failover returned with 'NOGOODSLAVE'" echo "Setting defaults for this pod.." setup_defaults @@ -22024,6 +22007,8 @@ data: rdbcompression yes repl-diskless-sync yes save "" + requirepass replace-default-auth + masterauth replace-default-auth sentinel.conf: | dir "/data" port 26379 @@ -22032,10 +22017,12 @@ data: sentinel failover-timeout argocd 180000 maxclients 10000 sentinel parallel-syncs argocd 5 + sentinel auth-pass argocd replace-default-auth trigger-failover-if-master.sh: | get_redis_role() { is_master=$( redis-cli \ + -a "${AUTH}" --no-auth-warning \ -h localhost \ -p 6379 \ info | grep -c 'role:master' || true @@ -22075,6 +22062,7 @@ data: redis_liveness.sh: | response=$( redis-cli \ + -a "${AUTH}" --no-auth-warning \ -h localhost \ -p 6379 \ ping @@ -22087,6 +22075,7 @@ data: redis_readiness.sh: | response=$( redis-cli \ + -a "${AUTH}" --no-auth-warning \ -h localhost \ -p 6379 \ ping @@ -22275,8 +22264,6 @@ spec: apiVersion: v1 kind: Service metadata: - annotations: - service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" labels: app.kubernetes.io/component: redis app.kubernetes.io/name: argocd-redis-ha @@ -22301,8 +22288,6 @@ spec: apiVersion: v1 kind: Service metadata: - annotations: - service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" labels: app.kubernetes.io/component: redis app.kubernetes.io/name: argocd-redis-ha @@ -22327,8 +22312,6 @@ spec: apiVersion: v1 kind: Service metadata: - annotations: - service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" labels: app.kubernetes.io/component: redis app.kubernetes.io/name: argocd-redis-ha @@ -22582,7 +22565,7 @@ spec: key: applicationsetcontroller.enable.scm.providers name: argocd-cmd-params-cm optional: true - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.2 imagePullPolicy: Always name: argocd-applicationset-controller ports: @@ -22705,7 +22688,7 @@ spec: - -n - /usr/local/bin/argocd - /shared/argocd-dex - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.2 imagePullPolicy: Always name: copyutil securityContext: @@ -22787,7 +22770,7 @@ spec: key: notificationscontroller.selfservice.enabled name: argocd-cmd-params-cm optional: true - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.2 imagePullPolicy: Always livenessProbe: tcpSocket: @@ -22845,7 +22828,7 @@ spec: template: metadata: annotations: - checksum/config: 492a6adabb741e0cee39be9aa5155c41a4456629f862d0006a2d892dbecfbcae + checksum/config: e34e8124c38bcfd2f16e75620bbde30158686692b13bc449eecc44c51b207d54 prometheus.io/path: /metrics prometheus.io/port: "9101" prometheus.io/scrape: "true" @@ -22861,7 +22844,13 @@ spec: app.kubernetes.io/name: argocd-redis-ha-haproxy topologyKey: kubernetes.io/hostname containers: - - image: haproxy:2.6.14-alpine + - env: + - name: AUTH + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis + image: haproxy:2.6.14-alpine imagePullPolicy: IfNotPresent lifecycle: {} livenessProbe: @@ -22896,6 +22885,22 @@ spec: - mountPath: /run/haproxy name: shared-socket initContainers: + - command: + - argocd + - admin + - redis-initial-password + image: quay.io/argoproj/argocd:v2.11.2 + imagePullPolicy: IfNotPresent + name: secret-init + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault - args: - /readonly/haproxy_init.sh command: @@ -22968,6 +22973,11 @@ spec: - args: - /usr/local/bin/argocd-repo-server env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis - name: ARGOCD_RECONCILIATION_TIMEOUT valueFrom: configMapKeyRef: @@ -23142,19 +23152,13 @@ spec: key: reposerver.git.request.timeout name: argocd-cmd-params-cm optional: true - - name: ARGOCD_GRPC_MAX_SIZE_MB - valueFrom: - configMapKeyRef: - key: reposerver.grpc.max.size - name: argocd-cmd-params-cm - optional: true - name: HELM_CACHE_HOME value: /helm-working-dir - name: HELM_CONFIG_HOME value: /helm-working-dir - name: HELM_DATA_HOME value: /helm-working-dir - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.2 imagePullPolicy: Always livenessProbe: failureThreshold: 3 @@ -23206,7 +23210,7 @@ spec: - -n - /usr/local/bin/argocd - /var/run/argocd/argocd-cmp-server - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.2 name: copyutil securityContext: allowPrivilegeEscalation: false @@ -23291,6 +23295,11 @@ spec: env: - name: ARGOCD_API_SERVER_REPLICAS value: "2" + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis - name: ARGOCD_SERVER_INSECURE valueFrom: configMapKeyRef: @@ -23525,7 +23534,7 @@ spec: key: server.api.content.types name: argocd-cmd-params-cm optional: true - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.2 imagePullPolicy: Always livenessProbe: httpGet: @@ -23637,6 +23646,11 @@ spec: - args: - /usr/local/bin/argocd-application-controller env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis - name: ARGOCD_CONTROLLER_REPLICAS value: "1" - name: ARGOCD_RECONCILIATION_TIMEOUT @@ -23819,7 +23833,7 @@ spec: key: controller.ignore.normalizer.jq.timeout name: argocd-cmd-params-cm optional: true - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.2 imagePullPolicy: Always name: argocd-application-controller ports: @@ -23879,7 +23893,7 @@ spec: template: metadata: annotations: - checksum/init-config: 69130412bda04eacad3530cb7bcf26cf121401e725e15d0959dd71a7380afe75 + checksum/init-config: 9d3c019a5ea1fd98ab5cde397d8eecd351da884f15e6ba346c607cb2446c2198 labels: app.kubernetes.io/name: argocd-redis-ha spec: @@ -23896,7 +23910,13 @@ spec: - /data/conf/redis.conf command: - redis-server - image: redis:7.0.15-alpine + env: + - name: AUTH + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis + image: redis:7.0.14-alpine imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -23950,7 +23970,13 @@ spec: - /data/conf/sentinel.conf command: - redis-sentinel - image: redis:7.0.15-alpine + env: + - name: AUTH + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis + image: redis:7.0.14-alpine imagePullPolicy: IfNotPresent lifecycle: {} livenessProbe: @@ -24003,7 +24029,12 @@ spec: value: 40000915ab58c3fa8fd888fb8b24711944e6cbb4 - name: SENTINEL_ID_2 value: 2bbec7894d954a8af3bb54d13eaec53cb024e2ca - image: redis:7.0.15-alpine + - name: AUTH + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis + image: redis:7.0.14-alpine imagePullPolicy: IfNotPresent name: split-brain-fix resources: {} @@ -24033,7 +24064,12 @@ spec: value: 40000915ab58c3fa8fd888fb8b24711944e6cbb4 - name: SENTINEL_ID_2 value: 2bbec7894d954a8af3bb54d13eaec53cb024e2ca - image: redis:7.0.15-alpine + - name: AUTH + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis + image: redis:7.0.14-alpine imagePullPolicy: IfNotPresent name: config-init securityContext: @@ -24156,21 +24192,6 @@ kind: NetworkPolicy metadata: name: argocd-redis-ha-proxy-network-policy spec: - egress: - - ports: - - port: 6379 - protocol: TCP - - port: 26379 - protocol: TCP - to: - - podSelector: - matchLabels: - app.kubernetes.io/name: argocd-redis-ha - - ports: - - port: 53 - protocol: UDP - - port: 53 - protocol: TCP ingress: - from: - podSelector: @@ -24192,7 +24213,6 @@ spec: app.kubernetes.io/name: argocd-redis-ha-haproxy policyTypes: - Ingress - - Egress --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy diff --git a/manifests/ha/namespace-install.yaml b/manifests/ha/namespace-install.yaml index a32b5d005a544..7654b66082b0a 100644 --- a/manifests/ha/namespace-install.yaml +++ b/manifests/ha/namespace-install.yaml @@ -43,6 +43,8 @@ metadata: app.kubernetes.io/name: argocd-redis-ha app.kubernetes.io/part-of: argocd name: argocd-redis-ha +secrets: +- name: argocd-redis --- apiVersion: v1 kind: ServiceAccount @@ -273,6 +275,20 @@ metadata: app.kubernetes.io/part-of: argocd name: argocd-redis-ha-haproxy rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - create +- apiGroups: + - "" + resourceNames: + - argocd-redis + resources: + - secrets + verbs: + - get - apiGroups: - "" resources: @@ -505,7 +521,7 @@ data: sentinel_get_master() { set +e if [ "$SENTINEL_PORT" -eq 0 ]; then - redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ + redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ grep -E '((^\s*((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\s*$)|(^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?s*$))' else redis-cli -h "${SERVICE}" -p "${SENTINEL_PORT}" sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ @@ -614,9 +630,9 @@ data: redis_ping() { set +e if [ "$REDIS_PORT" -eq 0 ]; then - redis-cli -h "${MASTER}" -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key ping + redis-cli -h "${MASTER}" -a "${AUTH}" --no-auth-warning -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key ping else - redis-cli -h "${MASTER}" -p "${REDIS_PORT}" ping + redis-cli -h "${MASTER}" -a "${AUTH}" --no-auth-warning -p "${REDIS_PORT}" ping fi set -e } @@ -649,7 +665,7 @@ data: if [ "$SENTINEL_PORT" -eq 0 ]; then echo " on sentinel (${SERVICE}:${SENTINEL_TLS_PORT}), sentinel grp (${MASTER_GROUP})" - if redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then + if redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then echo " $(date) Failover returned with 'NOGOODSLAVE'" echo "Setting defaults for this pod.." setup_defaults @@ -714,9 +730,9 @@ data: redis_role() { set +e if [ "$REDIS_PORT" -eq 0 ]; then - ROLE=$(redis-cli -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key info | grep role | sed 's/role://' | sed 's/\r//') + ROLE=$(redis-cli -a "${AUTH}" --no-auth-warning -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key info | grep role | sed 's/role://' | sed 's/\r//') else - ROLE=$(redis-cli -p "${REDIS_PORT}" info | grep role | sed 's/role://' | sed 's/\r//') + ROLE=$(redis-cli -a "${AUTH}" --no-auth-warning -p "${REDIS_PORT}" info | grep role | sed 's/role://' | sed 's/\r//') fi set -e } @@ -724,9 +740,9 @@ data: identify_redis_master() { set +e if [ "$REDIS_PORT" -eq 0 ]; then - REDIS_MASTER=$(redis-cli -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key info | grep master_host | sed 's/master_host://' | sed 's/\r//') + REDIS_MASTER=$(redis-cli -a "${AUTH}" --no-auth-warning -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key info | grep master_host | sed 's/master_host://' | sed 's/\r//') else - REDIS_MASTER=$(redis-cli -p "${REDIS_PORT}" info | grep master_host | sed 's/master_host://' | sed 's/\r//') + REDIS_MASTER=$(redis-cli -a "${AUTH}" --no-auth-warning -p "${REDIS_PORT}" info | grep master_host | sed 's/master_host://' | sed 's/\r//') fi set -e } @@ -736,9 +752,9 @@ data: sh /readonly-config/init.sh if [ "$REDIS_PORT" -eq 0 ]; then - echo "shutdown" | redis-cli -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key + echo "shutdown" | redis-cli -a "${AUTH}" --no-auth-warning -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key else - echo "shutdown" | redis-cli -p "${REDIS_PORT}" + echo "shutdown" | redis-cli -a "${AUTH}" --no-auth-warning -p "${REDIS_PORT}" fi set -e } @@ -751,6 +767,7 @@ data: identify_announce_ip done + trap "exit 0" TERM while true; do sleep 60 @@ -793,9 +810,10 @@ data: decide redis backend to use\n#master\nfrontend ft_redis_master\n bind :6379 \n \ use_backend bk_redis_master\n# Check all redis servers to see if they think they are master\nbackend bk_redis_master\n mode tcp\n option tcp-check\n tcp-check - connect\n tcp-check send PING\\r\\n\n tcp-check expect string +PONG\n tcp-check - send info\\ replication\\r\\n\n tcp-check expect string role:master\n tcp-check - send QUIT\\r\\n\n tcp-check expect string +OK\n use-server R0 if { srv_is_up(R0) + connect\n tcp-check send \"AUTH ${AUTH}\"\\r\\n\n tcp-check expect string +OK\n + \ tcp-check send PING\\r\\n\n tcp-check expect string +PONG\n tcp-check send + info\\ replication\\r\\n\n tcp-check expect string role:master\n tcp-check send + QUIT\\r\\n\n tcp-check expect string +OK\n use-server R0 if { srv_is_up(R0) } { nbsrv(check_if_redis_is_master_0) ge 2 }\n server R0 argocd-redis-ha-announce-0:6379 check inter 3s fall 1 rise 1\n use-server R1 if { srv_is_up(R1) } { nbsrv(check_if_redis_is_master_1) ge 2 }\n server R1 argocd-redis-ha-announce-1:6379 check inter 3s fall 1 rise @@ -858,7 +876,7 @@ data: sentinel_get_master() { set +e if [ "$SENTINEL_PORT" -eq 0 ]; then - redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ + redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ grep -E '((^\s*((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\s*$)|(^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?s*$))' else redis-cli -h "${SERVICE}" -p "${SENTINEL_PORT}" sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ @@ -967,9 +985,9 @@ data: redis_ping() { set +e if [ "$REDIS_PORT" -eq 0 ]; then - redis-cli -h "${MASTER}" -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key ping + redis-cli -h "${MASTER}" -a "${AUTH}" --no-auth-warning -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key ping else - redis-cli -h "${MASTER}" -p "${REDIS_PORT}" ping + redis-cli -h "${MASTER}" -a "${AUTH}" --no-auth-warning -p "${REDIS_PORT}" ping fi set -e } @@ -1002,7 +1020,7 @@ data: if [ "$SENTINEL_PORT" -eq 0 ]; then echo " on sentinel (${SERVICE}:${SENTINEL_TLS_PORT}), sentinel grp (${MASTER_GROUP})" - if redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then + if redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then echo " $(date) Failover returned with 'NOGOODSLAVE'" echo "Setting defaults for this pod.." setup_defaults @@ -1110,6 +1128,8 @@ data: rdbcompression yes repl-diskless-sync yes save "" + requirepass replace-default-auth + masterauth replace-default-auth sentinel.conf: | dir "/data" port 26379 @@ -1118,10 +1138,12 @@ data: sentinel failover-timeout argocd 180000 maxclients 10000 sentinel parallel-syncs argocd 5 + sentinel auth-pass argocd replace-default-auth trigger-failover-if-master.sh: | get_redis_role() { is_master=$( redis-cli \ + -a "${AUTH}" --no-auth-warning \ -h localhost \ -p 6379 \ info | grep -c 'role:master' || true @@ -1161,6 +1183,7 @@ data: redis_liveness.sh: | response=$( redis-cli \ + -a "${AUTH}" --no-auth-warning \ -h localhost \ -p 6379 \ ping @@ -1173,6 +1196,7 @@ data: redis_readiness.sh: | response=$( redis-cli \ + -a "${AUTH}" --no-auth-warning \ -h localhost \ -p 6379 \ ping @@ -1361,8 +1385,6 @@ spec: apiVersion: v1 kind: Service metadata: - annotations: - service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" labels: app.kubernetes.io/component: redis app.kubernetes.io/name: argocd-redis-ha @@ -1387,8 +1409,6 @@ spec: apiVersion: v1 kind: Service metadata: - annotations: - service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" labels: app.kubernetes.io/component: redis app.kubernetes.io/name: argocd-redis-ha @@ -1413,8 +1433,6 @@ spec: apiVersion: v1 kind: Service metadata: - annotations: - service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" labels: app.kubernetes.io/component: redis app.kubernetes.io/name: argocd-redis-ha @@ -1668,7 +1686,7 @@ spec: key: applicationsetcontroller.enable.scm.providers name: argocd-cmd-params-cm optional: true - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.2 imagePullPolicy: Always name: argocd-applicationset-controller ports: @@ -1791,7 +1809,7 @@ spec: - -n - /usr/local/bin/argocd - /shared/argocd-dex - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.2 imagePullPolicy: Always name: copyutil securityContext: @@ -1873,7 +1891,7 @@ spec: key: notificationscontroller.selfservice.enabled name: argocd-cmd-params-cm optional: true - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.2 imagePullPolicy: Always livenessProbe: tcpSocket: @@ -1931,7 +1949,7 @@ spec: template: metadata: annotations: - checksum/config: 492a6adabb741e0cee39be9aa5155c41a4456629f862d0006a2d892dbecfbcae + checksum/config: e34e8124c38bcfd2f16e75620bbde30158686692b13bc449eecc44c51b207d54 prometheus.io/path: /metrics prometheus.io/port: "9101" prometheus.io/scrape: "true" @@ -1947,7 +1965,13 @@ spec: app.kubernetes.io/name: argocd-redis-ha-haproxy topologyKey: kubernetes.io/hostname containers: - - image: haproxy:2.6.14-alpine + - env: + - name: AUTH + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis + image: haproxy:2.6.14-alpine imagePullPolicy: IfNotPresent lifecycle: {} livenessProbe: @@ -1982,6 +2006,22 @@ spec: - mountPath: /run/haproxy name: shared-socket initContainers: + - command: + - argocd + - admin + - redis-initial-password + image: quay.io/argoproj/argocd:v2.11.2 + imagePullPolicy: IfNotPresent + name: secret-init + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault - args: - /readonly/haproxy_init.sh command: @@ -2054,6 +2094,11 @@ spec: - args: - /usr/local/bin/argocd-repo-server env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis - name: ARGOCD_RECONCILIATION_TIMEOUT valueFrom: configMapKeyRef: @@ -2228,19 +2273,13 @@ spec: key: reposerver.git.request.timeout name: argocd-cmd-params-cm optional: true - - name: ARGOCD_GRPC_MAX_SIZE_MB - valueFrom: - configMapKeyRef: - key: reposerver.grpc.max.size - name: argocd-cmd-params-cm - optional: true - name: HELM_CACHE_HOME value: /helm-working-dir - name: HELM_CONFIG_HOME value: /helm-working-dir - name: HELM_DATA_HOME value: /helm-working-dir - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.2 imagePullPolicy: Always livenessProbe: failureThreshold: 3 @@ -2292,7 +2331,7 @@ spec: - -n - /usr/local/bin/argocd - /var/run/argocd/argocd-cmp-server - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.2 name: copyutil securityContext: allowPrivilegeEscalation: false @@ -2377,6 +2416,11 @@ spec: env: - name: ARGOCD_API_SERVER_REPLICAS value: "2" + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis - name: ARGOCD_SERVER_INSECURE valueFrom: configMapKeyRef: @@ -2611,7 +2655,7 @@ spec: key: server.api.content.types name: argocd-cmd-params-cm optional: true - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.2 imagePullPolicy: Always livenessProbe: httpGet: @@ -2723,6 +2767,11 @@ spec: - args: - /usr/local/bin/argocd-application-controller env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis - name: ARGOCD_CONTROLLER_REPLICAS value: "1" - name: ARGOCD_RECONCILIATION_TIMEOUT @@ -2905,7 +2954,7 @@ spec: key: controller.ignore.normalizer.jq.timeout name: argocd-cmd-params-cm optional: true - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.2 imagePullPolicy: Always name: argocd-application-controller ports: @@ -2965,7 +3014,7 @@ spec: template: metadata: annotations: - checksum/init-config: 69130412bda04eacad3530cb7bcf26cf121401e725e15d0959dd71a7380afe75 + checksum/init-config: 9d3c019a5ea1fd98ab5cde397d8eecd351da884f15e6ba346c607cb2446c2198 labels: app.kubernetes.io/name: argocd-redis-ha spec: @@ -2982,7 +3031,13 @@ spec: - /data/conf/redis.conf command: - redis-server - image: redis:7.0.15-alpine + env: + - name: AUTH + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis + image: redis:7.0.14-alpine imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -3036,7 +3091,13 @@ spec: - /data/conf/sentinel.conf command: - redis-sentinel - image: redis:7.0.15-alpine + env: + - name: AUTH + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis + image: redis:7.0.14-alpine imagePullPolicy: IfNotPresent lifecycle: {} livenessProbe: @@ -3089,7 +3150,12 @@ spec: value: 40000915ab58c3fa8fd888fb8b24711944e6cbb4 - name: SENTINEL_ID_2 value: 2bbec7894d954a8af3bb54d13eaec53cb024e2ca - image: redis:7.0.15-alpine + - name: AUTH + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis + image: redis:7.0.14-alpine imagePullPolicy: IfNotPresent name: split-brain-fix resources: {} @@ -3119,7 +3185,12 @@ spec: value: 40000915ab58c3fa8fd888fb8b24711944e6cbb4 - name: SENTINEL_ID_2 value: 2bbec7894d954a8af3bb54d13eaec53cb024e2ca - image: redis:7.0.15-alpine + - name: AUTH + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis + image: redis:7.0.14-alpine imagePullPolicy: IfNotPresent name: config-init securityContext: @@ -3242,21 +3313,6 @@ kind: NetworkPolicy metadata: name: argocd-redis-ha-proxy-network-policy spec: - egress: - - ports: - - port: 6379 - protocol: TCP - - port: 26379 - protocol: TCP - to: - - podSelector: - matchLabels: - app.kubernetes.io/name: argocd-redis-ha - - ports: - - port: 53 - protocol: UDP - - port: 53 - protocol: TCP ingress: - from: - podSelector: @@ -3278,7 +3334,6 @@ spec: app.kubernetes.io/name: argocd-redis-ha-haproxy policyTypes: - Ingress - - Egress --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy diff --git a/manifests/install.yaml b/manifests/install.yaml index 6f107373ad140..644aafa5de525 100644 --- a/manifests/install.yaml +++ b/manifests/install.yaml @@ -35,19 +35,14 @@ spec: description: Application is a definition of Application resource. properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -145,21 +140,22 @@ spec: type: object type: array revision: - description: |- - Revision is the revision (Git) or chart version (Helm) which to sync the application to - If omitted, will use the revision specified in app spec. + description: Revision is the revision (Git) or chart version (Helm) + which to sync the application to If omitted, will use the revision + specified in app spec. type: string revisions: - description: |- - Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to - If omitted, will use the revision specified in app spec. + description: Revisions is the list of revision (Git) or chart + version (Helm) which to sync each source in sources field for + the application to If omitted, will use the revision specified + in app spec. items: type: string type: array source: - description: |- - Source overrides the source definition set in the application. - This is typically set in a Rollback operation and is nil during a Sync operation + description: Source overrides the source definition set in the + application. This is typically set in a Rollback operation and + is nil during a Sync operation properties: chart: description: Chart is a Helm chart name, and must be specified @@ -480,18 +476,18 @@ spec: Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + description: TargetRevision defines the revision of the source + to sync the application to. In case of Git, this can be + commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL type: object sources: - description: |- - Sources overrides the source definition set in the application. - This is typically set in a Rollback operation and is nil during a Sync operation + description: Sources overrides the source definition set in the + application. This is typically set in a Rollback operation and + is nil during a Sync operation items: description: ApplicationSource contains all required information about the source of an application @@ -819,10 +815,11 @@ spec: Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the + source to sync the application to. In case of Git, this + can be commit, tag, or branch. If omitted, will equal + to HEAD. In case of Helm, this is a semver tag for the + Chart's version. type: string required: - repoURL @@ -841,10 +838,10 @@ spec: the sync. properties: force: - description: |- - Force indicates whether or not to supply the --force flag to `kubectl apply`. - The --force flag deletes and re-create the resource, when PATCH encounters conflict and has - retried for 5 times. + description: Force indicates whether or not to supply + the --force flag to `kubectl apply`. The --force flag + deletes and re-create the resource, when PATCH encounters + conflict and has retried for 5 times. type: boolean type: object hook: @@ -852,10 +849,10 @@ spec: perform the sync. This is the default strategy properties: force: - description: |- - Force indicates whether or not to supply the --force flag to `kubectl apply`. - The --force flag deletes and re-create the resource, when PATCH encounters conflict and has - retried for 5 times. + description: Force indicates whether or not to supply + the --force flag to `kubectl apply`. The --force flag + deletes and re-create the resource, when PATCH encounters + conflict and has retried for 5 times. type: boolean type: object type: object @@ -876,9 +873,9 @@ spec: not set. type: string namespace: - description: |- - Namespace specifies the target namespace for the application's resources. - The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace + description: Namespace specifies the target namespace for the + application's resources. The namespace will only be set for + namespace-scoped resources that have not set a value for .metadata.namespace type: string server: description: Server specifies the URL of the target cluster's @@ -907,9 +904,10 @@ spec: kind: type: string managedFieldsManagers: - description: |- - ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the - desired state defined in the SCM and won't be displayed in diffs + description: ManagedFieldsManagers is a list of trusted managers. + Fields mutated by those managers will take precedence over + the desired state defined in the SCM and won't be displayed + in diffs items: type: string type: array @@ -936,17 +934,18 @@ spec: type: object type: array project: - description: |- - Project is a reference to the project this application belongs to. - The empty string means that application belongs to the 'default' project. + description: Project is a reference to the project this application + belongs to. The empty string means that application belongs to the + 'default' project. type: string revisionHistoryLimit: - description: |- - RevisionHistoryLimit limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. - This should only be changed in exceptional circumstances. - Setting to zero will store no history. This will reduce storage used. - Increasing will increase the space used to store the history, so we do not recommend increasing it. - Default is 10. + description: RevisionHistoryLimit limits the number of items kept + in the application's revision history, which is used for informational + purposes as well as for rollbacks to previous versions. This should + only be changed in exceptional circumstances. Setting to zero will + store no history. This will reduce storage used. Increasing will + increase the space used to store the history, so we do not recommend + increasing it. Default is 10. format: int64 type: integer source: @@ -1265,10 +1264,10 @@ spec: that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the source + to sync the application to. In case of Git, this can be commit, + tag, or branch. If omitted, will equal to HEAD. In case of Helm, + this is a semver tag for the Chart's version. type: string required: - repoURL @@ -1597,10 +1596,10 @@ spec: that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the source + to sync the application to. In case of Git, this can be commit, + tag, or branch. If omitted, will equal to HEAD. In case of + Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -2093,10 +2092,11 @@ spec: Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the + source to sync the application to. In case of Git, this + can be commit, tag, or branch. If omitted, will equal + to HEAD. In case of Helm, this is a semver tag for the + Chart's version. type: string required: - repoURL @@ -2438,10 +2438,11 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the + source to sync the application to. In case of Git, this + can be commit, tag, or branch. If omitted, will equal + to HEAD. In case of Helm, this is a semver tag for the + Chart's version. type: string required: - repoURL @@ -2453,9 +2454,9 @@ spec: type: object type: array observedAt: - description: |- - ObservedAt indicates when the application state was updated without querying latest git state - Deprecated: controller no longer updates ObservedAt field + description: 'ObservedAt indicates when the application state was + updated without querying latest git state Deprecated: controller + no longer updates ObservedAt field' format: date-time type: string operationState: @@ -2568,21 +2569,22 @@ spec: type: object type: array revision: - description: |- - Revision is the revision (Git) or chart version (Helm) which to sync the application to - If omitted, will use the revision specified in app spec. + description: Revision is the revision (Git) or chart version + (Helm) which to sync the application to If omitted, + will use the revision specified in app spec. type: string revisions: - description: |- - Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to - If omitted, will use the revision specified in app spec. + description: Revisions is the list of revision (Git) or + chart version (Helm) which to sync each source in sources + field for the application to If omitted, will use the + revision specified in app spec. items: type: string type: array source: - description: |- - Source overrides the source definition set in the application. - This is typically set in a Rollback operation and is nil during a Sync operation + description: Source overrides the source definition set + in the application. This is typically set in a Rollback + operation and is nil during a Sync operation properties: chart: description: Chart is a Helm chart name, and must @@ -2925,18 +2927,19 @@ spec: (Git or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of + the source to sync the application to. In case of + Git, this can be commit, tag, or branch. If omitted, + will equal to HEAD. In case of Helm, this is a semver + tag for the Chart's version. type: string required: - repoURL type: object sources: - description: |- - Sources overrides the source definition set in the application. - This is typically set in a Rollback operation and is nil during a Sync operation + description: Sources overrides the source definition set + in the application. This is typically set in a Rollback + operation and is nil during a Sync operation items: description: ApplicationSource contains all required information about the source of an application @@ -3287,10 +3290,11 @@ spec: (Git or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision + of the source to sync the application to. In case + of Git, this can be commit, tag, or branch. If + omitted, will equal to HEAD. In case of Helm, + this is a semver tag for the Chart's version. type: string required: - repoURL @@ -3311,10 +3315,11 @@ spec: to perform the sync. properties: force: - description: |- - Force indicates whether or not to supply the --force flag to `kubectl apply`. - The --force flag deletes and re-create the resource, when PATCH encounters conflict and has - retried for 5 times. + description: Force indicates whether or not to + supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, + when PATCH encounters conflict and has retried + for 5 times. type: boolean type: object hook: @@ -3322,10 +3327,11 @@ spec: to perform the sync. This is the default strategy properties: force: - description: |- - Force indicates whether or not to supply the --force flag to `kubectl apply`. - The --force flag deletes and re-create the resource, when PATCH encounters conflict and has - retried for 5 times. + description: Force indicates whether or not to + supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, + when PATCH encounters conflict and has retried + for 5 times. type: boolean type: object type: object @@ -3369,9 +3375,9 @@ spec: description: Group specifies the API group of the resource type: string hookPhase: - description: |- - HookPhase contains the state of any operation associated with this resource OR hook - This can also contain values for non-hook resources. + description: HookPhase contains the state of any operation + associated with this resource OR hook This can also + contain values for non-hook resources. type: string hookType: description: HookType specifies the type of the hook. @@ -3756,10 +3762,11 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the + source to sync the application to. In case of Git, this + can be commit, tag, or branch. If omitted, will equal + to HEAD. In case of Helm, this is a semver tag for the + Chart's version. type: string required: - repoURL @@ -4110,10 +4117,11 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of + the source to sync the application to. In case of + Git, this can be commit, tag, or branch. If omitted, + will equal to HEAD. In case of Helm, this is a semver + tag for the Chart's version. type: string required: - repoURL @@ -4140,9 +4148,8 @@ spec: description: Resources is a list of Kubernetes resources managed by this application items: - description: |- - ResourceStatus holds the current sync and health status of a resource - TODO: describe members of this type + description: 'ResourceStatus holds the current sync and health status + of a resource TODO: describe members of this type' properties: group: type: string @@ -4225,9 +4232,10 @@ spec: if Server is not set. type: string namespace: - description: |- - Namespace specifies the target namespace for the application's resources. - The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace + description: Namespace specifies the target namespace + for the application's resources. The namespace will + only be set for namespace-scoped resources that have + not set a value for .metadata.namespace type: string server: description: Server specifies the URL of the target cluster's @@ -4256,9 +4264,10 @@ spec: kind: type: string managedFieldsManagers: - description: |- - ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the - desired state defined in the SCM and won't be displayed in diffs + description: ManagedFieldsManagers is a list of trusted + managers. Fields mutated by those managers will take + precedence over the desired state defined in the SCM + and won't be displayed in diffs items: type: string type: array @@ -4604,10 +4613,11 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the + source to sync the application to. In case of Git, this + can be commit, tag, or branch. If omitted, will equal + to HEAD. In case of Helm, this is a semver tag for the + Chart's version. type: string required: - repoURL @@ -4958,10 +4968,11 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of + the source to sync the application to. In case of + Git, this can be commit, tag, or branch. If omitted, + will equal to HEAD. In case of Helm, this is a semver + tag for the Chart's version. type: string required: - repoURL @@ -5058,7 +5069,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic name: type: string requeueAfterSeconds: @@ -5655,7 +5665,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic template: properties: metadata: @@ -7418,7 +7427,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic name: type: string requeueAfterSeconds: @@ -8015,7 +8023,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic template: properties: metadata: @@ -11881,7 +11888,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic type: object type: array template: @@ -12478,7 +12484,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic name: type: string requeueAfterSeconds: @@ -13075,7 +13080,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic template: properties: metadata: @@ -16941,7 +16945,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic type: object type: array mergeKeys: @@ -19642,7 +19645,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic type: object type: array goTemplate: @@ -20329,37 +20331,6 @@ spec: - type type: object type: array - resources: - items: - properties: - group: - type: string - health: - properties: - message: - type: string - status: - type: string - type: object - hook: - type: boolean - kind: - type: string - name: - type: string - namespace: - type: string - requiresPruning: - type: boolean - status: - type: string - syncWave: - format: int64 - type: integer - version: - type: string - type: object - type: array type: object required: - metadata @@ -20392,28 +20363,22 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: |- - AppProject provides a logical grouping of applications, providing controls for: - * where the apps may deploy to (cluster whitelist) - * what may be deployed (repository whitelist, resource whitelist/blacklist) - * who can access these applications (roles, OIDC group claims bindings) - * and what they can do (RBAC policies) - * automation access to these roles (JWT tokens) + description: 'AppProject provides a logical grouping of applications, providing + controls for: * where the apps may deploy to (cluster whitelist) * what + may be deployed (repository whitelist, resource whitelist/blacklist) * who + can access these applications (roles, OIDC group claims bindings) * and + what they can do (RBAC policies) * automation access to these roles (JWT + tokens)' properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -20424,9 +20389,9 @@ spec: description: ClusterResourceBlacklist contains list of blacklisted cluster level resources items: - description: |- - GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying - concepts during lookup stages without having partially valid types + description: GroupKind specifies a Group and a Kind, but does not + force a version. This is useful for identifying concepts during + lookup stages without having partially valid types properties: group: type: string @@ -20441,9 +20406,9 @@ spec: description: ClusterResourceWhitelist contains list of whitelisted cluster level resources items: - description: |- - GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying - concepts during lookup stages without having partially valid types + description: GroupKind specifies a Group and a Kind, but does not + force a version. This is useful for identifying concepts during + lookup stages without having partially valid types properties: group: type: string @@ -20470,9 +20435,9 @@ spec: not set. type: string namespace: - description: |- - Namespace specifies the target namespace for the application's resources. - The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace + description: Namespace specifies the target namespace for the + application's resources. The namespace will only be set for + namespace-scoped resources that have not set a value for .metadata.namespace type: string server: description: Server specifies the URL of the target cluster's @@ -20485,9 +20450,9 @@ spec: description: NamespaceResourceBlacklist contains list of blacklisted namespace level resources items: - description: |- - GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying - concepts during lookup stages without having partially valid types + description: GroupKind specifies a Group and a Kind, but does not + force a version. This is useful for identifying concepts during + lookup stages without having partially valid types properties: group: type: string @@ -20502,9 +20467,9 @@ spec: description: NamespaceResourceWhitelist contains list of whitelisted namespace level resources items: - description: |- - GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying - concepts during lookup stages without having partially valid types + description: GroupKind specifies a Group and a Kind, but does not + force a version. This is useful for identifying concepts during + lookup stages without having partially valid types properties: group: type: string @@ -20943,6 +20908,30 @@ rules: --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role +metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis + app.kubernetes.io/part-of: argocd + name: argocd-redis +rules: +- apiGroups: + - "" + resourceNames: + - argocd-redis + resources: + - secrets + verbs: + - get +- apiGroups: + - "" + resources: + - secrets + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role metadata: labels: app.kubernetes.io/component: server @@ -21212,6 +21201,22 @@ subjects: --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis + app.kubernetes.io/part-of: argocd + name: argocd-redis +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argocd-redis +subjects: +- kind: ServiceAccount + name: argocd-redis +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding metadata: labels: app.kubernetes.io/component: server @@ -21677,7 +21682,7 @@ spec: key: applicationsetcontroller.enable.scm.providers name: argocd-cmd-params-cm optional: true - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.2 imagePullPolicy: Always name: argocd-applicationset-controller ports: @@ -21800,7 +21805,7 @@ spec: - -n - /usr/local/bin/argocd - /shared/argocd-dex - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.2 imagePullPolicy: Always name: copyutil securityContext: @@ -21882,7 +21887,7 @@ spec: key: notificationscontroller.selfservice.enabled name: argocd-cmd-params-cm optional: true - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.2 imagePullPolicy: Always livenessProbe: tcpSocket: @@ -21959,7 +21964,14 @@ spec: - "" - --appendonly - "no" - image: redis:7.0.15-alpine + - --requirepass $(REDIS_PASSWORD) + env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis + image: redis:7.0.14-alpine imagePullPolicy: Always name: redis ports: @@ -21970,6 +21982,23 @@ spec: drop: - ALL readOnlyRootFilesystem: true + initContainers: + - command: + - argocd + - admin + - redis-initial-password + image: quay.io/argoproj/argocd:v2.11.2 + imagePullPolicy: IfNotPresent + name: secret-init + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault securityContext: runAsNonRoot: true runAsUser: 999 @@ -22014,6 +22043,11 @@ spec: - args: - /usr/local/bin/argocd-repo-server env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis - name: ARGOCD_RECONCILIATION_TIMEOUT valueFrom: configMapKeyRef: @@ -22188,19 +22222,13 @@ spec: key: reposerver.git.request.timeout name: argocd-cmd-params-cm optional: true - - name: ARGOCD_GRPC_MAX_SIZE_MB - valueFrom: - configMapKeyRef: - key: reposerver.grpc.max.size - name: argocd-cmd-params-cm - optional: true - name: HELM_CACHE_HOME value: /helm-working-dir - name: HELM_CONFIG_HOME value: /helm-working-dir - name: HELM_DATA_HOME value: /helm-working-dir - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.2 imagePullPolicy: Always livenessProbe: failureThreshold: 3 @@ -22252,7 +22280,7 @@ spec: - -n - /usr/local/bin/argocd - /var/run/argocd/argocd-cmp-server - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.2 name: copyutil securityContext: allowPrivilegeEscalation: false @@ -22335,6 +22363,11 @@ spec: - args: - /usr/local/bin/argocd-server env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis - name: ARGOCD_SERVER_INSECURE valueFrom: configMapKeyRef: @@ -22569,7 +22602,7 @@ spec: key: server.api.content.types name: argocd-cmd-params-cm optional: true - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.2 imagePullPolicy: Always livenessProbe: httpGet: @@ -22681,6 +22714,11 @@ spec: - args: - /usr/local/bin/argocd-application-controller env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis - name: ARGOCD_CONTROLLER_REPLICAS value: "1" - name: ARGOCD_RECONCILIATION_TIMEOUT @@ -22863,7 +22901,7 @@ spec: key: controller.ignore.normalizer.jq.timeout name: argocd-cmd-params-cm optional: true - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.2 imagePullPolicy: Always name: argocd-application-controller ports: @@ -22992,12 +23030,6 @@ kind: NetworkPolicy metadata: name: argocd-redis-network-policy spec: - egress: - - ports: - - port: 53 - protocol: UDP - - port: 53 - protocol: TCP ingress: - from: - podSelector: @@ -23017,7 +23049,6 @@ spec: app.kubernetes.io/name: argocd-redis policyTypes: - Ingress - - Egress --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy diff --git a/manifests/namespace-install.yaml b/manifests/namespace-install.yaml index c2acc80e6cd4e..49c8c34a280aa 100644 --- a/manifests/namespace-install.yaml +++ b/manifests/namespace-install.yaml @@ -241,6 +241,30 @@ rules: --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role +metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis + app.kubernetes.io/part-of: argocd + name: argocd-redis +rules: +- apiGroups: + - "" + resourceNames: + - argocd-redis + resources: + - secrets + verbs: + - get +- apiGroups: + - "" + resources: + - secrets + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role metadata: labels: app.kubernetes.io/component: server @@ -349,6 +373,22 @@ subjects: --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis + app.kubernetes.io/part-of: argocd + name: argocd-redis +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argocd-redis +subjects: +- kind: ServiceAccount + name: argocd-redis +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding metadata: labels: app.kubernetes.io/component: server @@ -763,7 +803,7 @@ spec: key: applicationsetcontroller.enable.scm.providers name: argocd-cmd-params-cm optional: true - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.2 imagePullPolicy: Always name: argocd-applicationset-controller ports: @@ -886,7 +926,7 @@ spec: - -n - /usr/local/bin/argocd - /shared/argocd-dex - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.2 imagePullPolicy: Always name: copyutil securityContext: @@ -968,7 +1008,7 @@ spec: key: notificationscontroller.selfservice.enabled name: argocd-cmd-params-cm optional: true - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.2 imagePullPolicy: Always livenessProbe: tcpSocket: @@ -1045,7 +1085,14 @@ spec: - "" - --appendonly - "no" - image: redis:7.0.15-alpine + - --requirepass $(REDIS_PASSWORD) + env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis + image: redis:7.0.14-alpine imagePullPolicy: Always name: redis ports: @@ -1056,6 +1103,23 @@ spec: drop: - ALL readOnlyRootFilesystem: true + initContainers: + - command: + - argocd + - admin + - redis-initial-password + image: quay.io/argoproj/argocd:v2.11.2 + imagePullPolicy: IfNotPresent + name: secret-init + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault securityContext: runAsNonRoot: true runAsUser: 999 @@ -1100,6 +1164,11 @@ spec: - args: - /usr/local/bin/argocd-repo-server env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis - name: ARGOCD_RECONCILIATION_TIMEOUT valueFrom: configMapKeyRef: @@ -1274,19 +1343,13 @@ spec: key: reposerver.git.request.timeout name: argocd-cmd-params-cm optional: true - - name: ARGOCD_GRPC_MAX_SIZE_MB - valueFrom: - configMapKeyRef: - key: reposerver.grpc.max.size - name: argocd-cmd-params-cm - optional: true - name: HELM_CACHE_HOME value: /helm-working-dir - name: HELM_CONFIG_HOME value: /helm-working-dir - name: HELM_DATA_HOME value: /helm-working-dir - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.2 imagePullPolicy: Always livenessProbe: failureThreshold: 3 @@ -1338,7 +1401,7 @@ spec: - -n - /usr/local/bin/argocd - /var/run/argocd/argocd-cmp-server - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.2 name: copyutil securityContext: allowPrivilegeEscalation: false @@ -1421,6 +1484,11 @@ spec: - args: - /usr/local/bin/argocd-server env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis - name: ARGOCD_SERVER_INSECURE valueFrom: configMapKeyRef: @@ -1655,7 +1723,7 @@ spec: key: server.api.content.types name: argocd-cmd-params-cm optional: true - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.2 imagePullPolicy: Always livenessProbe: httpGet: @@ -1767,6 +1835,11 @@ spec: - args: - /usr/local/bin/argocd-application-controller env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis - name: ARGOCD_CONTROLLER_REPLICAS value: "1" - name: ARGOCD_RECONCILIATION_TIMEOUT @@ -1949,7 +2022,7 @@ spec: key: controller.ignore.normalizer.jq.timeout name: argocd-cmd-params-cm optional: true - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.2 imagePullPolicy: Always name: argocd-application-controller ports: @@ -2078,12 +2151,6 @@ kind: NetworkPolicy metadata: name: argocd-redis-network-policy spec: - egress: - - ports: - - port: 53 - protocol: UDP - - port: 53 - protocol: TCP ingress: - from: - podSelector: @@ -2103,7 +2170,6 @@ spec: app.kubernetes.io/name: argocd-redis policyTypes: - Ingress - - Egress --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy diff --git a/pkg/apiclient/apiclient.go b/pkg/apiclient/apiclient.go index 9b22530c45e74..83e841dd99bea 100644 --- a/pkg/apiclient/apiclient.go +++ b/pkg/apiclient/apiclient.go @@ -62,11 +62,13 @@ const ( EnvArgoCDServer = "ARGOCD_SERVER" // EnvArgoCDAuthToken is the environment variable to look for an Argo CD auth token EnvArgoCDAuthToken = "ARGOCD_AUTH_TOKEN" + // EnvArgoCDgRPCMaxSizeMB is the environment variable to look for a max gRPC message size + EnvArgoCDgRPCMaxSizeMB = "ARGOCD_GRPC_MAX_SIZE_MB" ) var ( // MaxGRPCMessageSize contains max grpc message size - MaxGRPCMessageSize = env.ParseNumFromEnv(common.EnvGRPCMaxSizeMB, 200, 0, math.MaxInt32) * 1024 * 1024 + MaxGRPCMessageSize = env.ParseNumFromEnv(EnvArgoCDgRPCMaxSizeMB, 200, 0, math.MaxInt32) * 1024 * 1024 ) // Client defines an interface for interaction with an Argo CD server. diff --git a/pkg/apiclient/applicationset/applicationset.pb.go b/pkg/apiclient/applicationset/applicationset.pb.go index 68db654fe9c4e..8f717d1f6920f 100644 --- a/pkg/apiclient/applicationset/applicationset.pb.go +++ b/pkg/apiclient/applicationset/applicationset.pb.go @@ -322,69 +322,12 @@ func (m *ApplicationSetDeleteRequest) GetAppsetNamespace() string { return "" } -type ApplicationSetTreeQuery struct { - Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` - // The application set namespace. Default empty is argocd control plane namespace - AppsetNamespace string `protobuf:"bytes,2,opt,name=appsetNamespace,proto3" json:"appsetNamespace,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *ApplicationSetTreeQuery) Reset() { *m = ApplicationSetTreeQuery{} } -func (m *ApplicationSetTreeQuery) String() string { return proto.CompactTextString(m) } -func (*ApplicationSetTreeQuery) ProtoMessage() {} -func (*ApplicationSetTreeQuery) Descriptor() ([]byte, []int) { - return fileDescriptor_eacb9df0ce5738fa, []int{5} -} -func (m *ApplicationSetTreeQuery) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *ApplicationSetTreeQuery) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_ApplicationSetTreeQuery.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil - } -} -func (m *ApplicationSetTreeQuery) XXX_Merge(src proto.Message) { - xxx_messageInfo_ApplicationSetTreeQuery.Merge(m, src) -} -func (m *ApplicationSetTreeQuery) XXX_Size() int { - return m.Size() -} -func (m *ApplicationSetTreeQuery) XXX_DiscardUnknown() { - xxx_messageInfo_ApplicationSetTreeQuery.DiscardUnknown(m) -} - -var xxx_messageInfo_ApplicationSetTreeQuery proto.InternalMessageInfo - -func (m *ApplicationSetTreeQuery) GetName() string { - if m != nil { - return m.Name - } - return "" -} - -func (m *ApplicationSetTreeQuery) GetAppsetNamespace() string { - if m != nil { - return m.AppsetNamespace - } - return "" -} - func init() { proto.RegisterType((*ApplicationSetGetQuery)(nil), "applicationset.ApplicationSetGetQuery") proto.RegisterType((*ApplicationSetListQuery)(nil), "applicationset.ApplicationSetListQuery") proto.RegisterType((*ApplicationSetResponse)(nil), "applicationset.ApplicationSetResponse") proto.RegisterType((*ApplicationSetCreateRequest)(nil), "applicationset.ApplicationSetCreateRequest") proto.RegisterType((*ApplicationSetDeleteRequest)(nil), "applicationset.ApplicationSetDeleteRequest") - proto.RegisterType((*ApplicationSetTreeQuery)(nil), "applicationset.ApplicationSetTreeQuery") } func init() { @@ -392,43 +335,40 @@ func init() { } var fileDescriptor_eacb9df0ce5738fa = []byte{ - // 573 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x95, 0x4f, 0x8b, 0x13, 0x3f, - 0x18, 0xc7, 0xc9, 0x76, 0xe9, 0x6f, 0x37, 0x3f, 0x51, 0x08, 0xb8, 0x5b, 0x47, 0xa9, 0x65, 0x0e, - 0x6b, 0x5d, 0xdd, 0x84, 0x56, 0x4f, 0x7a, 0xf2, 0x0f, 0x2c, 0x42, 0x11, 0x9d, 0x15, 0x05, 0x3d, - 0x48, 0x76, 0xfa, 0x30, 0x3b, 0xee, 0x74, 0x12, 0x93, 0x74, 0x40, 0x16, 0x2f, 0x82, 0xaf, 0xc0, - 0x77, 0xa0, 0x17, 0xc1, 0xab, 0x77, 0xaf, 0x1e, 0x05, 0xdf, 0x80, 0x54, 0x5f, 0x88, 0x4c, 0x66, - 0xda, 0xee, 0x84, 0x6e, 0x2b, 0x58, 0x6f, 0x79, 0xf2, 0xe7, 0x79, 0x3e, 0x79, 0x9e, 0xef, 0x93, - 0xe0, 0x6d, 0x0d, 0x2a, 0x03, 0xc5, 0xb8, 0x94, 0x49, 0x1c, 0x72, 0x13, 0x8b, 0x54, 0x83, 0x71, - 0x4c, 0x2a, 0x95, 0x30, 0x82, 0x9c, 0xae, 0xce, 0x7a, 0x17, 0x22, 0x21, 0xa2, 0x04, 0x18, 0x97, - 0x31, 0xe3, 0x69, 0x2a, 0x4c, 0xb1, 0x52, 0xec, 0xf6, 0x7a, 0x51, 0x6c, 0x0e, 0x86, 0xfb, 0x34, - 0x14, 0x03, 0xc6, 0x55, 0x24, 0xa4, 0x12, 0x2f, 0xec, 0x60, 0x27, 0xec, 0xb3, 0xac, 0xcb, 0xe4, - 0x61, 0x94, 0x9f, 0xd4, 0xc7, 0x63, 0xb1, 0xac, 0xc3, 0x13, 0x79, 0xc0, 0x3b, 0x2c, 0x82, 0x14, - 0x14, 0x37, 0xd0, 0x2f, 0xbc, 0xf9, 0x8f, 0xf1, 0xc6, 0xad, 0xe9, 0xbe, 0x3d, 0x30, 0xbb, 0x60, - 0x1e, 0x0e, 0x41, 0xbd, 0x22, 0x04, 0xaf, 0xa6, 0x7c, 0x00, 0x0d, 0xd4, 0x42, 0xed, 0xf5, 0xc0, - 0x8e, 0x49, 0x1b, 0x9f, 0xe1, 0x52, 0x6a, 0x30, 0xf7, 0xf9, 0x00, 0xb4, 0xe4, 0x21, 0x34, 0x56, - 0xec, 0xb2, 0x3b, 0xed, 0x1f, 0xe1, 0xcd, 0xaa, 0xdf, 0x5e, 0xac, 0x4b, 0xc7, 0x1e, 0x5e, 0xcb, - 0x99, 0x21, 0x34, 0xba, 0x81, 0x5a, 0xb5, 0xf6, 0x7a, 0x30, 0xb1, 0xf3, 0x35, 0x0d, 0x09, 0x84, - 0x46, 0xa8, 0xd2, 0xf3, 0xc4, 0x9e, 0x15, 0xbc, 0x36, 0x3b, 0xf8, 0x47, 0xe4, 0xde, 0x2a, 0x00, - 0x2d, 0xf3, 0xe4, 0x92, 0x06, 0xfe, 0xaf, 0x0c, 0x56, 0x5e, 0x6c, 0x6c, 0x12, 0x83, 0x9d, 0x3a, - 0x58, 0x80, 0xff, 0xbb, 0x3d, 0x3a, 0x4d, 0x38, 0x1d, 0x27, 0xdc, 0x0e, 0x9e, 0x87, 0x7d, 0x9a, - 0x75, 0xa9, 0x3c, 0x8c, 0x68, 0x9e, 0x70, 0x7a, 0xec, 0x38, 0x1d, 0x27, 0x9c, 0x3a, 0x1c, 0x4e, - 0x0c, 0xff, 0x13, 0xc2, 0xe7, 0xab, 0x5b, 0xee, 0x28, 0xe0, 0x06, 0x02, 0x78, 0x39, 0x04, 0x3d, - 0x8b, 0x0a, 0xfd, 0x7b, 0x2a, 0xb2, 0x81, 0xeb, 0x43, 0xa9, 0x41, 0x15, 0x39, 0x58, 0x0b, 0x4a, - 0xcb, 0x7f, 0xe6, 0xc2, 0xde, 0x85, 0x04, 0xa6, 0xb0, 0x7f, 0x27, 0x99, 0x27, 0xae, 0x64, 0x1e, - 0x29, 0x80, 0x25, 0x68, 0xb1, 0xfb, 0xb3, 0x8e, 0xcf, 0x56, 0x3d, 0xef, 0x81, 0xca, 0xe2, 0x10, - 0xc8, 0x07, 0x84, 0x6b, 0xbb, 0x60, 0xc8, 0x16, 0x75, 0x1a, 0x73, 0x76, 0x4f, 0x78, 0x4b, 0xcd, - 0xba, 0xbf, 0xf5, 0xe6, 0xfb, 0xaf, 0x77, 0x2b, 0x2d, 0xd2, 0xb4, 0x9d, 0x9e, 0x75, 0x9c, 0xd7, - 0x41, 0xb3, 0xa3, 0xfc, 0xa2, 0xaf, 0xc9, 0x7b, 0x84, 0x57, 0xf3, 0xf6, 0x21, 0x97, 0xe6, 0x63, - 0x4e, 0x5a, 0xcc, 0x7b, 0xb0, 0x4c, 0xce, 0xdc, 0xad, 0x7f, 0xd1, 0xb2, 0x9e, 0x23, 0x9b, 0x27, - 0xb0, 0x92, 0xcf, 0x08, 0xd7, 0x0b, 0xe9, 0x92, 0x2b, 0xf3, 0x31, 0x2b, 0x02, 0x5f, 0x72, 0x4a, - 0x99, 0xc5, 0xbc, 0xec, 0x9f, 0x84, 0x79, 0xc3, 0x55, 0xfa, 0x5b, 0x84, 0xeb, 0x85, 0x88, 0x17, - 0x61, 0x57, 0xa4, 0xee, 0x2d, 0x50, 0xcc, 0xf8, 0xbd, 0x19, 0xd7, 0x78, 0x7b, 0x51, 0x8d, 0xbf, - 0x20, 0x7c, 0x2a, 0x00, 0x2d, 0x86, 0x2a, 0x84, 0x5c, 0xf7, 0x8b, 0x6a, 0x3d, 0xe9, 0x8d, 0xe5, - 0xd6, 0x3a, 0x77, 0xeb, 0x5f, 0xb7, 0xcc, 0x94, 0x5c, 0x9d, 0xcf, 0xcc, 0x54, 0xc9, 0xbb, 0x63, - 0x14, 0xc0, 0xed, 0x7b, 0x5f, 0x47, 0x4d, 0xf4, 0x6d, 0xd4, 0x44, 0x3f, 0x46, 0x4d, 0xf4, 0xf4, - 0xe6, 0x9f, 0xfd, 0x52, 0x61, 0x12, 0x43, 0xea, 0x7e, 0x8b, 0xfb, 0x75, 0xfb, 0x37, 0x5d, 0xfb, - 0x1d, 0x00, 0x00, 0xff, 0xff, 0xfa, 0x8f, 0x0f, 0xad, 0x45, 0x07, 0x00, 0x00, + // 526 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x94, 0xdf, 0x8a, 0x13, 0x31, + 0x14, 0xc6, 0xc9, 0x76, 0xad, 0xbb, 0x11, 0x14, 0x02, 0xee, 0xd6, 0x51, 0x6a, 0x99, 0x8b, 0xb5, + 0xae, 0x98, 0xd0, 0x7a, 0xa7, 0x57, 0xfe, 0x81, 0x45, 0x28, 0xa2, 0xb3, 0xe0, 0x85, 0x5e, 0x48, + 0x76, 0x7a, 0x98, 0x1d, 0x77, 0x3a, 0x89, 0x49, 0x3a, 0x20, 0x8b, 0x37, 0x82, 0x4f, 0xe0, 0x13, + 0xa8, 0x37, 0x82, 0xb7, 0x3e, 0x84, 0x97, 0x82, 0x2f, 0x20, 0xc5, 0x07, 0x91, 0xc9, 0xcc, 0xb4, + 0x3b, 0xa1, 0xdb, 0x0a, 0x76, 0xef, 0x72, 0x26, 0x99, 0x73, 0x7e, 0xf9, 0xf2, 0x9d, 0x83, 0x77, + 0x35, 0xa8, 0x0c, 0x14, 0xe3, 0x52, 0x26, 0x71, 0xc8, 0x4d, 0x2c, 0x52, 0x0d, 0xc6, 0x09, 0xa9, + 0x54, 0xc2, 0x08, 0x72, 0xb1, 0xfe, 0xd5, 0xbb, 0x16, 0x09, 0x11, 0x25, 0xc0, 0xb8, 0x8c, 0x19, + 0x4f, 0x53, 0x61, 0x8a, 0x9d, 0xe2, 0xb4, 0x37, 0x88, 0x62, 0x73, 0x38, 0x3e, 0xa0, 0xa1, 0x18, + 0x31, 0xae, 0x22, 0x21, 0x95, 0x78, 0x6d, 0x17, 0xb7, 0xc3, 0x21, 0xcb, 0xfa, 0x4c, 0x1e, 0x45, + 0xf9, 0x9f, 0xfa, 0x64, 0x2d, 0x96, 0xf5, 0x78, 0x22, 0x0f, 0x79, 0x8f, 0x45, 0x90, 0x82, 0xe2, + 0x06, 0x86, 0x45, 0x36, 0xff, 0x39, 0xde, 0xba, 0x3f, 0x3b, 0xb7, 0x0f, 0x66, 0x0f, 0xcc, 0xb3, + 0x31, 0xa8, 0xb7, 0x84, 0xe0, 0xf5, 0x94, 0x8f, 0xa0, 0x85, 0x3a, 0xa8, 0xbb, 0x19, 0xd8, 0x35, + 0xe9, 0xe2, 0x4b, 0x5c, 0x4a, 0x0d, 0xe6, 0x09, 0x1f, 0x81, 0x96, 0x3c, 0x84, 0xd6, 0x9a, 0xdd, + 0x76, 0x3f, 0xfb, 0xc7, 0x78, 0xbb, 0x9e, 0x77, 0x10, 0xeb, 0x32, 0xb1, 0x87, 0x37, 0x72, 0x66, + 0x08, 0x8d, 0x6e, 0xa1, 0x4e, 0xa3, 0xbb, 0x19, 0x4c, 0xe3, 0x7c, 0x4f, 0x43, 0x02, 0xa1, 0x11, + 0xaa, 0xcc, 0x3c, 0x8d, 0xe7, 0x15, 0x6f, 0xcc, 0x2f, 0xfe, 0x15, 0xb9, 0xb7, 0x0a, 0x40, 0xcb, + 0x5c, 0x5c, 0xd2, 0xc2, 0xe7, 0xcb, 0x62, 0xe5, 0xc5, 0xaa, 0x90, 0x18, 0xec, 0xbc, 0x83, 0x05, + 0xb8, 0xd0, 0x1f, 0xd0, 0x99, 0xe0, 0xb4, 0x12, 0xdc, 0x2e, 0x5e, 0x85, 0x43, 0x9a, 0xf5, 0xa9, + 0x3c, 0x8a, 0x68, 0x2e, 0x38, 0x3d, 0xf1, 0x3b, 0xad, 0x04, 0xa7, 0x0e, 0x87, 0x53, 0xc3, 0xff, + 0x86, 0xf0, 0xd5, 0xfa, 0x91, 0x87, 0x0a, 0xb8, 0x81, 0x00, 0xde, 0x8c, 0x41, 0xcf, 0xa3, 0x42, + 0x67, 0x4f, 0x45, 0xb6, 0x70, 0x73, 0x2c, 0x35, 0xa8, 0x42, 0x83, 0x8d, 0xa0, 0x8c, 0xfc, 0x97, + 0x2e, 0xec, 0x23, 0x48, 0x60, 0x06, 0xfb, 0x5f, 0x96, 0xe9, 0x7f, 0x3a, 0x87, 0x2f, 0xd7, 0xb3, + 0xef, 0x83, 0xca, 0xe2, 0x10, 0xc8, 0x17, 0x84, 0x1b, 0x7b, 0x60, 0xc8, 0x0e, 0x75, 0xfa, 0x67, + 0xbe, 0x75, 0xbd, 0x95, 0x8a, 0xe3, 0xef, 0xbc, 0xff, 0xf5, 0xe7, 0xe3, 0x5a, 0x87, 0xb4, 0x6d, + 0x43, 0x66, 0x3d, 0xa7, 0x89, 0x35, 0x3b, 0xce, 0x2f, 0xfa, 0x8e, 0x7c, 0x46, 0x78, 0x3d, 0x77, + 0x39, 0xb9, 0xb1, 0x18, 0x73, 0xda, 0x09, 0xde, 0xd3, 0x55, 0x72, 0xe6, 0x69, 0xfd, 0xeb, 0x96, + 0xf5, 0x0a, 0xd9, 0x3e, 0x85, 0x95, 0x7c, 0x47, 0xb8, 0x59, 0x38, 0x8c, 0xdc, 0x5a, 0x8c, 0x59, + 0xf3, 0xe1, 0x8a, 0x25, 0x65, 0x16, 0xf3, 0xa6, 0x7f, 0x1a, 0xe6, 0x5d, 0xd7, 0x90, 0x1f, 0x10, + 0x6e, 0x16, 0x5e, 0x5b, 0x86, 0x5d, 0x73, 0xa4, 0xb7, 0xc4, 0x31, 0xd5, 0x58, 0xa8, 0xde, 0x78, + 0x77, 0xc9, 0x1b, 0x3f, 0x78, 0xfc, 0x63, 0xd2, 0x46, 0x3f, 0x27, 0x6d, 0xf4, 0x7b, 0xd2, 0x46, + 0x2f, 0xee, 0xfd, 0xdb, 0x28, 0x0e, 0x93, 0x18, 0x52, 0x77, 0xf6, 0x1f, 0x34, 0xed, 0x00, 0xbe, + 0xf3, 0x37, 0x00, 0x00, 0xff, 0xff, 0x96, 0x3f, 0x16, 0xa7, 0x2a, 0x06, 0x00, 0x00, } // Reference imports to suppress errors if they are not otherwise used. @@ -451,8 +391,6 @@ type ApplicationSetServiceClient interface { Create(ctx context.Context, in *ApplicationSetCreateRequest, opts ...grpc.CallOption) (*v1alpha1.ApplicationSet, error) // Delete deletes an application set Delete(ctx context.Context, in *ApplicationSetDeleteRequest, opts ...grpc.CallOption) (*ApplicationSetResponse, error) - // ResourceTree returns resource tree - ResourceTree(ctx context.Context, in *ApplicationSetTreeQuery, opts ...grpc.CallOption) (*v1alpha1.ApplicationSetTree, error) } type applicationSetServiceClient struct { @@ -499,15 +437,6 @@ func (c *applicationSetServiceClient) Delete(ctx context.Context, in *Applicatio return out, nil } -func (c *applicationSetServiceClient) ResourceTree(ctx context.Context, in *ApplicationSetTreeQuery, opts ...grpc.CallOption) (*v1alpha1.ApplicationSetTree, error) { - out := new(v1alpha1.ApplicationSetTree) - err := c.cc.Invoke(ctx, "/applicationset.ApplicationSetService/ResourceTree", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - // ApplicationSetServiceServer is the server API for ApplicationSetService service. type ApplicationSetServiceServer interface { // Get returns an applicationset by name @@ -518,8 +447,6 @@ type ApplicationSetServiceServer interface { Create(context.Context, *ApplicationSetCreateRequest) (*v1alpha1.ApplicationSet, error) // Delete deletes an application set Delete(context.Context, *ApplicationSetDeleteRequest) (*ApplicationSetResponse, error) - // ResourceTree returns resource tree - ResourceTree(context.Context, *ApplicationSetTreeQuery) (*v1alpha1.ApplicationSetTree, error) } // UnimplementedApplicationSetServiceServer can be embedded to have forward compatible implementations. @@ -538,9 +465,6 @@ func (*UnimplementedApplicationSetServiceServer) Create(ctx context.Context, req func (*UnimplementedApplicationSetServiceServer) Delete(ctx context.Context, req *ApplicationSetDeleteRequest) (*ApplicationSetResponse, error) { return nil, status.Errorf(codes.Unimplemented, "method Delete not implemented") } -func (*UnimplementedApplicationSetServiceServer) ResourceTree(ctx context.Context, req *ApplicationSetTreeQuery) (*v1alpha1.ApplicationSetTree, error) { - return nil, status.Errorf(codes.Unimplemented, "method ResourceTree not implemented") -} func RegisterApplicationSetServiceServer(s *grpc.Server, srv ApplicationSetServiceServer) { s.RegisterService(&_ApplicationSetService_serviceDesc, srv) @@ -618,24 +542,6 @@ func _ApplicationSetService_Delete_Handler(srv interface{}, ctx context.Context, return interceptor(ctx, in, info, handler) } -func _ApplicationSetService_ResourceTree_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(ApplicationSetTreeQuery) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(ApplicationSetServiceServer).ResourceTree(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/applicationset.ApplicationSetService/ResourceTree", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(ApplicationSetServiceServer).ResourceTree(ctx, req.(*ApplicationSetTreeQuery)) - } - return interceptor(ctx, in, info, handler) -} - var _ApplicationSetService_serviceDesc = grpc.ServiceDesc{ ServiceName: "applicationset.ApplicationSetService", HandlerType: (*ApplicationSetServiceServer)(nil), @@ -656,10 +562,6 @@ var _ApplicationSetService_serviceDesc = grpc.ServiceDesc{ MethodName: "Delete", Handler: _ApplicationSetService_Delete_Handler, }, - { - MethodName: "ResourceTree", - Handler: _ApplicationSetService_ResourceTree_Handler, - }, }, Streams: []grpc.StreamDesc{}, Metadata: "server/applicationset/applicationset.proto", @@ -892,47 +794,6 @@ func (m *ApplicationSetDeleteRequest) MarshalToSizedBuffer(dAtA []byte) (int, er return len(dAtA) - i, nil } -func (m *ApplicationSetTreeQuery) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *ApplicationSetTreeQuery) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *ApplicationSetTreeQuery) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if m.XXX_unrecognized != nil { - i -= len(m.XXX_unrecognized) - copy(dAtA[i:], m.XXX_unrecognized) - } - if len(m.AppsetNamespace) > 0 { - i -= len(m.AppsetNamespace) - copy(dAtA[i:], m.AppsetNamespace) - i = encodeVarintApplicationset(dAtA, i, uint64(len(m.AppsetNamespace))) - i-- - dAtA[i] = 0x12 - } - if len(m.Name) > 0 { - i -= len(m.Name) - copy(dAtA[i:], m.Name) - i = encodeVarintApplicationset(dAtA, i, uint64(len(m.Name))) - i-- - dAtA[i] = 0xa - } - return len(dAtA) - i, nil -} - func encodeVarintApplicationset(dAtA []byte, offset int, v uint64) int { offset -= sovApplicationset(v) base := offset @@ -1049,26 +910,6 @@ func (m *ApplicationSetDeleteRequest) Size() (n int) { return n } -func (m *ApplicationSetTreeQuery) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.Name) - if l > 0 { - n += 1 + l + sovApplicationset(uint64(l)) - } - l = len(m.AppsetNamespace) - if l > 0 { - n += 1 + l + sovApplicationset(uint64(l)) - } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) - } - return n -} - func sovApplicationset(x uint64) (n int) { return (math_bits.Len64(x|1) + 6) / 7 } @@ -1678,121 +1519,6 @@ func (m *ApplicationSetDeleteRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *ApplicationSetTreeQuery) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowApplicationset - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: ApplicationSetTreeQuery: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: ApplicationSetTreeQuery: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowApplicationset - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthApplicationset - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthApplicationset - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Name = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field AppsetNamespace", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowApplicationset - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthApplicationset - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthApplicationset - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.AppsetNamespace = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipApplicationset(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthApplicationset - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} func skipApplicationset(dAtA []byte) (n int, err error) { l := len(dAtA) iNdEx := 0 diff --git a/pkg/apiclient/applicationset/applicationset.pb.gw.go b/pkg/apiclient/applicationset/applicationset.pb.gw.go index daad3043c52ca..5e4c73f7add3b 100644 --- a/pkg/apiclient/applicationset/applicationset.pb.gw.go +++ b/pkg/apiclient/applicationset/applicationset.pb.gw.go @@ -265,78 +265,6 @@ func local_request_ApplicationSetService_Delete_0(ctx context.Context, marshaler } -var ( - filter_ApplicationSetService_ResourceTree_0 = &utilities.DoubleArray{Encoding: map[string]int{"name": 0}, Base: []int{1, 1, 0}, Check: []int{0, 1, 2}} -) - -func request_ApplicationSetService_ResourceTree_0(ctx context.Context, marshaler runtime.Marshaler, client ApplicationSetServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { - var protoReq ApplicationSetTreeQuery - var metadata runtime.ServerMetadata - - var ( - val string - ok bool - err error - _ = err - ) - - val, ok = pathParams["name"] - if !ok { - return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "name") - } - - protoReq.Name, err = runtime.String(val) - - if err != nil { - return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "name", err) - } - - if err := req.ParseForm(); err != nil { - return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) - } - if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_ApplicationSetService_ResourceTree_0); err != nil { - return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) - } - - msg, err := client.ResourceTree(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD)) - return msg, metadata, err - -} - -func local_request_ApplicationSetService_ResourceTree_0(ctx context.Context, marshaler runtime.Marshaler, server ApplicationSetServiceServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { - var protoReq ApplicationSetTreeQuery - var metadata runtime.ServerMetadata - - var ( - val string - ok bool - err error - _ = err - ) - - val, ok = pathParams["name"] - if !ok { - return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "name") - } - - protoReq.Name, err = runtime.String(val) - - if err != nil { - return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "name", err) - } - - if err := req.ParseForm(); err != nil { - return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) - } - if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_ApplicationSetService_ResourceTree_0); err != nil { - return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) - } - - msg, err := server.ResourceTree(ctx, &protoReq) - return msg, metadata, err - -} - // RegisterApplicationSetServiceHandlerServer registers the http handlers for service ApplicationSetService to "mux". // UnaryRPC :call ApplicationSetServiceServer directly. // StreamingRPC :currently unsupported pending https://github.com/grpc/grpc-go/issues/906. @@ -435,29 +363,6 @@ func RegisterApplicationSetServiceHandlerServer(ctx context.Context, mux *runtim }) - mux.Handle("GET", pattern_ApplicationSetService_ResourceTree_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { - ctx, cancel := context.WithCancel(req.Context()) - defer cancel() - var stream runtime.ServerTransportStream - ctx = grpc.NewContextWithServerTransportStream(ctx, &stream) - inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) - rctx, err := runtime.AnnotateIncomingContext(ctx, mux, req) - if err != nil { - runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) - return - } - resp, md, err := local_request_ApplicationSetService_ResourceTree_0(rctx, inboundMarshaler, server, req, pathParams) - md.HeaderMD, md.TrailerMD = metadata.Join(md.HeaderMD, stream.Header()), metadata.Join(md.TrailerMD, stream.Trailer()) - ctx = runtime.NewServerMetadataContext(ctx, md) - if err != nil { - runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) - return - } - - forward_ApplicationSetService_ResourceTree_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) - - }) - return nil } @@ -579,26 +484,6 @@ func RegisterApplicationSetServiceHandlerClient(ctx context.Context, mux *runtim }) - mux.Handle("GET", pattern_ApplicationSetService_ResourceTree_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { - ctx, cancel := context.WithCancel(req.Context()) - defer cancel() - inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) - rctx, err := runtime.AnnotateContext(ctx, mux, req) - if err != nil { - runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) - return - } - resp, md, err := request_ApplicationSetService_ResourceTree_0(rctx, inboundMarshaler, client, req, pathParams) - ctx = runtime.NewServerMetadataContext(ctx, md) - if err != nil { - runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) - return - } - - forward_ApplicationSetService_ResourceTree_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) - - }) - return nil } @@ -610,8 +495,6 @@ var ( pattern_ApplicationSetService_Create_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2}, []string{"api", "v1", "applicationsets"}, "", runtime.AssumeColonVerbOpt(true))) pattern_ApplicationSetService_Delete_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 1, 0, 4, 1, 5, 3}, []string{"api", "v1", "applicationsets", "name"}, "", runtime.AssumeColonVerbOpt(true))) - - pattern_ApplicationSetService_ResourceTree_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 1, 0, 4, 1, 5, 3, 2, 4}, []string{"api", "v1", "applicationsets", "name", "resource-tree"}, "", runtime.AssumeColonVerbOpt(true))) ) var ( @@ -622,6 +505,4 @@ var ( forward_ApplicationSetService_Create_0 = runtime.ForwardResponseMessage forward_ApplicationSetService_Delete_0 = runtime.ForwardResponseMessage - - forward_ApplicationSetService_ResourceTree_0 = runtime.ForwardResponseMessage ) diff --git a/pkg/apis/api-rules/violation_exceptions.list b/pkg/apis/api-rules/violation_exceptions.list index 847a3efaf8daa..5630d8d4bceb2 100644 --- a/pkg/apis/api-rules/violation_exceptions.list +++ b/pkg/apis/api-rules/violation_exceptions.list @@ -18,9 +18,7 @@ API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/ap API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSetSpec,GoTemplateOptions API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSetStatus,ApplicationStatus API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSetStatus,Conditions -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSetStatus,Resources API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSetTemplateMeta,Finalizers -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSetTree,Nodes API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSourceHelm,FileParameters API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSourceHelm,Parameters API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSourceHelm,ValueFiles diff --git a/pkg/apis/application/v1alpha1/applicationset_types.go b/pkg/apis/application/v1alpha1/applicationset_types.go index 0715f9c02e96d..389f421fed400 100644 --- a/pkg/apis/application/v1alpha1/applicationset_types.go +++ b/pkg/apis/application/v1alpha1/applicationset_types.go @@ -759,8 +759,6 @@ type ApplicationSetStatus struct { // Important: Run "make" to regenerate code after modifying this file Conditions []ApplicationSetCondition `json:"conditions,omitempty" protobuf:"bytes,1,name=conditions"` ApplicationStatus []ApplicationSetApplicationStatus `json:"applicationStatus,omitempty" protobuf:"bytes,2,name=applicationStatus"` - // Resources is a list of Applications resources managed by this application set. - Resources []ResourceStatus `json:"resources,omitempty" protobuf:"bytes,3,opt,name=resources"` } // ApplicationSetCondition contains details about an applicationset condition, which is usally an error or warning @@ -846,21 +844,6 @@ type ApplicationSetList struct { Items []ApplicationSet `json:"items" protobuf:"bytes,2,rep,name=items"` } -// ApplicationSetTree holds nodes which belongs to the application -// Used to build a tree of an ApplicationSet and its children -type ApplicationSetTree struct { - // Nodes contains list of nodes which are directly managed by the applicationset - Nodes []ResourceNode `json:"nodes,omitempty" protobuf:"bytes,1,rep,name=nodes"` -} - -// Normalize sorts applicationset tree nodes. The persistent order allows to -// effectively compare previously cached app tree and allows to unnecessary Redis requests. -func (t *ApplicationSetTree) Normalize() { - sort.Slice(t.Nodes, func(i, j int) bool { - return t.Nodes[i].FullName() < t.Nodes[j].FullName() - }) -} - // func init() { // SchemeBuilder.Register(&ApplicationSet{}, &ApplicationSetList{}) // } diff --git a/pkg/apis/application/v1alpha1/generated.pb.go b/pkg/apis/application/v1alpha1/generated.pb.go index 24d8e7c920ed2..aed1ef619b350 100644 --- a/pkg/apis/application/v1alpha1/generated.pb.go +++ b/pkg/apis/application/v1alpha1/generated.pb.go @@ -797,38 +797,10 @@ func (m *ApplicationSetTerminalGenerator) XXX_DiscardUnknown() { var xxx_messageInfo_ApplicationSetTerminalGenerator proto.InternalMessageInfo -func (m *ApplicationSetTree) Reset() { *m = ApplicationSetTree{} } -func (*ApplicationSetTree) ProtoMessage() {} -func (*ApplicationSetTree) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{27} -} -func (m *ApplicationSetTree) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *ApplicationSetTree) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil -} -func (m *ApplicationSetTree) XXX_Merge(src proto.Message) { - xxx_messageInfo_ApplicationSetTree.Merge(m, src) -} -func (m *ApplicationSetTree) XXX_Size() int { - return m.Size() -} -func (m *ApplicationSetTree) XXX_DiscardUnknown() { - xxx_messageInfo_ApplicationSetTree.DiscardUnknown(m) -} - -var xxx_messageInfo_ApplicationSetTree proto.InternalMessageInfo - func (m *ApplicationSource) Reset() { *m = ApplicationSource{} } func (*ApplicationSource) ProtoMessage() {} func (*ApplicationSource) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{28} + return fileDescriptor_030104ce3b95bcac, []int{27} } func (m *ApplicationSource) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -856,7 +828,7 @@ var xxx_messageInfo_ApplicationSource proto.InternalMessageInfo func (m *ApplicationSourceDirectory) Reset() { *m = ApplicationSourceDirectory{} } func (*ApplicationSourceDirectory) ProtoMessage() {} func (*ApplicationSourceDirectory) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{29} + return fileDescriptor_030104ce3b95bcac, []int{28} } func (m *ApplicationSourceDirectory) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -884,7 +856,7 @@ var xxx_messageInfo_ApplicationSourceDirectory proto.InternalMessageInfo func (m *ApplicationSourceHelm) Reset() { *m = ApplicationSourceHelm{} } func (*ApplicationSourceHelm) ProtoMessage() {} func (*ApplicationSourceHelm) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{30} + return fileDescriptor_030104ce3b95bcac, []int{29} } func (m *ApplicationSourceHelm) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -912,7 +884,7 @@ var xxx_messageInfo_ApplicationSourceHelm proto.InternalMessageInfo func (m *ApplicationSourceJsonnet) Reset() { *m = ApplicationSourceJsonnet{} } func (*ApplicationSourceJsonnet) ProtoMessage() {} func (*ApplicationSourceJsonnet) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{31} + return fileDescriptor_030104ce3b95bcac, []int{30} } func (m *ApplicationSourceJsonnet) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -940,7 +912,7 @@ var xxx_messageInfo_ApplicationSourceJsonnet proto.InternalMessageInfo func (m *ApplicationSourceKustomize) Reset() { *m = ApplicationSourceKustomize{} } func (*ApplicationSourceKustomize) ProtoMessage() {} func (*ApplicationSourceKustomize) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{32} + return fileDescriptor_030104ce3b95bcac, []int{31} } func (m *ApplicationSourceKustomize) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -968,7 +940,7 @@ var xxx_messageInfo_ApplicationSourceKustomize proto.InternalMessageInfo func (m *ApplicationSourcePlugin) Reset() { *m = ApplicationSourcePlugin{} } func (*ApplicationSourcePlugin) ProtoMessage() {} func (*ApplicationSourcePlugin) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{33} + return fileDescriptor_030104ce3b95bcac, []int{32} } func (m *ApplicationSourcePlugin) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -996,7 +968,7 @@ var xxx_messageInfo_ApplicationSourcePlugin proto.InternalMessageInfo func (m *ApplicationSourcePluginParameter) Reset() { *m = ApplicationSourcePluginParameter{} } func (*ApplicationSourcePluginParameter) ProtoMessage() {} func (*ApplicationSourcePluginParameter) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{34} + return fileDescriptor_030104ce3b95bcac, []int{33} } func (m *ApplicationSourcePluginParameter) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1024,7 +996,7 @@ var xxx_messageInfo_ApplicationSourcePluginParameter proto.InternalMessageInfo func (m *ApplicationSpec) Reset() { *m = ApplicationSpec{} } func (*ApplicationSpec) ProtoMessage() {} func (*ApplicationSpec) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{35} + return fileDescriptor_030104ce3b95bcac, []int{34} } func (m *ApplicationSpec) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1052,7 +1024,7 @@ var xxx_messageInfo_ApplicationSpec proto.InternalMessageInfo func (m *ApplicationStatus) Reset() { *m = ApplicationStatus{} } func (*ApplicationStatus) ProtoMessage() {} func (*ApplicationStatus) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{36} + return fileDescriptor_030104ce3b95bcac, []int{35} } func (m *ApplicationStatus) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1080,7 +1052,7 @@ var xxx_messageInfo_ApplicationStatus proto.InternalMessageInfo func (m *ApplicationSummary) Reset() { *m = ApplicationSummary{} } func (*ApplicationSummary) ProtoMessage() {} func (*ApplicationSummary) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{37} + return fileDescriptor_030104ce3b95bcac, []int{36} } func (m *ApplicationSummary) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1108,7 +1080,7 @@ var xxx_messageInfo_ApplicationSummary proto.InternalMessageInfo func (m *ApplicationTree) Reset() { *m = ApplicationTree{} } func (*ApplicationTree) ProtoMessage() {} func (*ApplicationTree) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{38} + return fileDescriptor_030104ce3b95bcac, []int{37} } func (m *ApplicationTree) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1136,7 +1108,7 @@ var xxx_messageInfo_ApplicationTree proto.InternalMessageInfo func (m *ApplicationWatchEvent) Reset() { *m = ApplicationWatchEvent{} } func (*ApplicationWatchEvent) ProtoMessage() {} func (*ApplicationWatchEvent) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{39} + return fileDescriptor_030104ce3b95bcac, []int{38} } func (m *ApplicationWatchEvent) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1164,7 +1136,7 @@ var xxx_messageInfo_ApplicationWatchEvent proto.InternalMessageInfo func (m *Backoff) Reset() { *m = Backoff{} } func (*Backoff) ProtoMessage() {} func (*Backoff) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{40} + return fileDescriptor_030104ce3b95bcac, []int{39} } func (m *Backoff) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1192,7 +1164,7 @@ var xxx_messageInfo_Backoff proto.InternalMessageInfo func (m *BasicAuthBitbucketServer) Reset() { *m = BasicAuthBitbucketServer{} } func (*BasicAuthBitbucketServer) ProtoMessage() {} func (*BasicAuthBitbucketServer) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{41} + return fileDescriptor_030104ce3b95bcac, []int{40} } func (m *BasicAuthBitbucketServer) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1220,7 +1192,7 @@ var xxx_messageInfo_BasicAuthBitbucketServer proto.InternalMessageInfo func (m *BearerTokenBitbucketCloud) Reset() { *m = BearerTokenBitbucketCloud{} } func (*BearerTokenBitbucketCloud) ProtoMessage() {} func (*BearerTokenBitbucketCloud) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{42} + return fileDescriptor_030104ce3b95bcac, []int{41} } func (m *BearerTokenBitbucketCloud) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1248,7 +1220,7 @@ var xxx_messageInfo_BearerTokenBitbucketCloud proto.InternalMessageInfo func (m *ChartDetails) Reset() { *m = ChartDetails{} } func (*ChartDetails) ProtoMessage() {} func (*ChartDetails) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{43} + return fileDescriptor_030104ce3b95bcac, []int{42} } func (m *ChartDetails) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1276,7 +1248,7 @@ var xxx_messageInfo_ChartDetails proto.InternalMessageInfo func (m *Cluster) Reset() { *m = Cluster{} } func (*Cluster) ProtoMessage() {} func (*Cluster) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{44} + return fileDescriptor_030104ce3b95bcac, []int{43} } func (m *Cluster) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1304,7 +1276,7 @@ var xxx_messageInfo_Cluster proto.InternalMessageInfo func (m *ClusterCacheInfo) Reset() { *m = ClusterCacheInfo{} } func (*ClusterCacheInfo) ProtoMessage() {} func (*ClusterCacheInfo) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{45} + return fileDescriptor_030104ce3b95bcac, []int{44} } func (m *ClusterCacheInfo) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1332,7 +1304,7 @@ var xxx_messageInfo_ClusterCacheInfo proto.InternalMessageInfo func (m *ClusterConfig) Reset() { *m = ClusterConfig{} } func (*ClusterConfig) ProtoMessage() {} func (*ClusterConfig) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{46} + return fileDescriptor_030104ce3b95bcac, []int{45} } func (m *ClusterConfig) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1360,7 +1332,7 @@ var xxx_messageInfo_ClusterConfig proto.InternalMessageInfo func (m *ClusterGenerator) Reset() { *m = ClusterGenerator{} } func (*ClusterGenerator) ProtoMessage() {} func (*ClusterGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{47} + return fileDescriptor_030104ce3b95bcac, []int{46} } func (m *ClusterGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1388,7 +1360,7 @@ var xxx_messageInfo_ClusterGenerator proto.InternalMessageInfo func (m *ClusterInfo) Reset() { *m = ClusterInfo{} } func (*ClusterInfo) ProtoMessage() {} func (*ClusterInfo) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{48} + return fileDescriptor_030104ce3b95bcac, []int{47} } func (m *ClusterInfo) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1416,7 +1388,7 @@ var xxx_messageInfo_ClusterInfo proto.InternalMessageInfo func (m *ClusterList) Reset() { *m = ClusterList{} } func (*ClusterList) ProtoMessage() {} func (*ClusterList) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{49} + return fileDescriptor_030104ce3b95bcac, []int{48} } func (m *ClusterList) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1444,7 +1416,7 @@ var xxx_messageInfo_ClusterList proto.InternalMessageInfo func (m *Command) Reset() { *m = Command{} } func (*Command) ProtoMessage() {} func (*Command) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{50} + return fileDescriptor_030104ce3b95bcac, []int{49} } func (m *Command) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1472,7 +1444,7 @@ var xxx_messageInfo_Command proto.InternalMessageInfo func (m *ComparedTo) Reset() { *m = ComparedTo{} } func (*ComparedTo) ProtoMessage() {} func (*ComparedTo) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{51} + return fileDescriptor_030104ce3b95bcac, []int{50} } func (m *ComparedTo) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1500,7 +1472,7 @@ var xxx_messageInfo_ComparedTo proto.InternalMessageInfo func (m *ComponentParameter) Reset() { *m = ComponentParameter{} } func (*ComponentParameter) ProtoMessage() {} func (*ComponentParameter) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{52} + return fileDescriptor_030104ce3b95bcac, []int{51} } func (m *ComponentParameter) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1528,7 +1500,7 @@ var xxx_messageInfo_ComponentParameter proto.InternalMessageInfo func (m *ConfigManagementPlugin) Reset() { *m = ConfigManagementPlugin{} } func (*ConfigManagementPlugin) ProtoMessage() {} func (*ConfigManagementPlugin) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{53} + return fileDescriptor_030104ce3b95bcac, []int{52} } func (m *ConfigManagementPlugin) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1556,7 +1528,7 @@ var xxx_messageInfo_ConfigManagementPlugin proto.InternalMessageInfo func (m *ConnectionState) Reset() { *m = ConnectionState{} } func (*ConnectionState) ProtoMessage() {} func (*ConnectionState) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{54} + return fileDescriptor_030104ce3b95bcac, []int{53} } func (m *ConnectionState) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1584,7 +1556,7 @@ var xxx_messageInfo_ConnectionState proto.InternalMessageInfo func (m *DuckTypeGenerator) Reset() { *m = DuckTypeGenerator{} } func (*DuckTypeGenerator) ProtoMessage() {} func (*DuckTypeGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{55} + return fileDescriptor_030104ce3b95bcac, []int{54} } func (m *DuckTypeGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1612,7 +1584,7 @@ var xxx_messageInfo_DuckTypeGenerator proto.InternalMessageInfo func (m *EnvEntry) Reset() { *m = EnvEntry{} } func (*EnvEntry) ProtoMessage() {} func (*EnvEntry) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{56} + return fileDescriptor_030104ce3b95bcac, []int{55} } func (m *EnvEntry) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1640,7 +1612,7 @@ var xxx_messageInfo_EnvEntry proto.InternalMessageInfo func (m *ErrApplicationNotAllowedToUseProject) Reset() { *m = ErrApplicationNotAllowedToUseProject{} } func (*ErrApplicationNotAllowedToUseProject) ProtoMessage() {} func (*ErrApplicationNotAllowedToUseProject) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{57} + return fileDescriptor_030104ce3b95bcac, []int{56} } func (m *ErrApplicationNotAllowedToUseProject) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1668,7 +1640,7 @@ var xxx_messageInfo_ErrApplicationNotAllowedToUseProject proto.InternalMessageIn func (m *ExecProviderConfig) Reset() { *m = ExecProviderConfig{} } func (*ExecProviderConfig) ProtoMessage() {} func (*ExecProviderConfig) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{58} + return fileDescriptor_030104ce3b95bcac, []int{57} } func (m *ExecProviderConfig) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1696,7 +1668,7 @@ var xxx_messageInfo_ExecProviderConfig proto.InternalMessageInfo func (m *GitDirectoryGeneratorItem) Reset() { *m = GitDirectoryGeneratorItem{} } func (*GitDirectoryGeneratorItem) ProtoMessage() {} func (*GitDirectoryGeneratorItem) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{59} + return fileDescriptor_030104ce3b95bcac, []int{58} } func (m *GitDirectoryGeneratorItem) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1724,7 +1696,7 @@ var xxx_messageInfo_GitDirectoryGeneratorItem proto.InternalMessageInfo func (m *GitFileGeneratorItem) Reset() { *m = GitFileGeneratorItem{} } func (*GitFileGeneratorItem) ProtoMessage() {} func (*GitFileGeneratorItem) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{60} + return fileDescriptor_030104ce3b95bcac, []int{59} } func (m *GitFileGeneratorItem) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1752,7 +1724,7 @@ var xxx_messageInfo_GitFileGeneratorItem proto.InternalMessageInfo func (m *GitGenerator) Reset() { *m = GitGenerator{} } func (*GitGenerator) ProtoMessage() {} func (*GitGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{61} + return fileDescriptor_030104ce3b95bcac, []int{60} } func (m *GitGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1780,7 +1752,7 @@ var xxx_messageInfo_GitGenerator proto.InternalMessageInfo func (m *GnuPGPublicKey) Reset() { *m = GnuPGPublicKey{} } func (*GnuPGPublicKey) ProtoMessage() {} func (*GnuPGPublicKey) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{62} + return fileDescriptor_030104ce3b95bcac, []int{61} } func (m *GnuPGPublicKey) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1808,7 +1780,7 @@ var xxx_messageInfo_GnuPGPublicKey proto.InternalMessageInfo func (m *GnuPGPublicKeyList) Reset() { *m = GnuPGPublicKeyList{} } func (*GnuPGPublicKeyList) ProtoMessage() {} func (*GnuPGPublicKeyList) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{63} + return fileDescriptor_030104ce3b95bcac, []int{62} } func (m *GnuPGPublicKeyList) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1836,7 +1808,7 @@ var xxx_messageInfo_GnuPGPublicKeyList proto.InternalMessageInfo func (m *HealthStatus) Reset() { *m = HealthStatus{} } func (*HealthStatus) ProtoMessage() {} func (*HealthStatus) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{64} + return fileDescriptor_030104ce3b95bcac, []int{63} } func (m *HealthStatus) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1864,7 +1836,7 @@ var xxx_messageInfo_HealthStatus proto.InternalMessageInfo func (m *HelmFileParameter) Reset() { *m = HelmFileParameter{} } func (*HelmFileParameter) ProtoMessage() {} func (*HelmFileParameter) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{65} + return fileDescriptor_030104ce3b95bcac, []int{64} } func (m *HelmFileParameter) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1892,7 +1864,7 @@ var xxx_messageInfo_HelmFileParameter proto.InternalMessageInfo func (m *HelmOptions) Reset() { *m = HelmOptions{} } func (*HelmOptions) ProtoMessage() {} func (*HelmOptions) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{66} + return fileDescriptor_030104ce3b95bcac, []int{65} } func (m *HelmOptions) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1920,7 +1892,7 @@ var xxx_messageInfo_HelmOptions proto.InternalMessageInfo func (m *HelmParameter) Reset() { *m = HelmParameter{} } func (*HelmParameter) ProtoMessage() {} func (*HelmParameter) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{67} + return fileDescriptor_030104ce3b95bcac, []int{66} } func (m *HelmParameter) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1948,7 +1920,7 @@ var xxx_messageInfo_HelmParameter proto.InternalMessageInfo func (m *HostInfo) Reset() { *m = HostInfo{} } func (*HostInfo) ProtoMessage() {} func (*HostInfo) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{68} + return fileDescriptor_030104ce3b95bcac, []int{67} } func (m *HostInfo) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1976,7 +1948,7 @@ var xxx_messageInfo_HostInfo proto.InternalMessageInfo func (m *HostResourceInfo) Reset() { *m = HostResourceInfo{} } func (*HostResourceInfo) ProtoMessage() {} func (*HostResourceInfo) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{69} + return fileDescriptor_030104ce3b95bcac, []int{68} } func (m *HostResourceInfo) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2004,7 +1976,7 @@ var xxx_messageInfo_HostResourceInfo proto.InternalMessageInfo func (m *Info) Reset() { *m = Info{} } func (*Info) ProtoMessage() {} func (*Info) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{70} + return fileDescriptor_030104ce3b95bcac, []int{69} } func (m *Info) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2032,7 +2004,7 @@ var xxx_messageInfo_Info proto.InternalMessageInfo func (m *InfoItem) Reset() { *m = InfoItem{} } func (*InfoItem) ProtoMessage() {} func (*InfoItem) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{71} + return fileDescriptor_030104ce3b95bcac, []int{70} } func (m *InfoItem) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2060,7 +2032,7 @@ var xxx_messageInfo_InfoItem proto.InternalMessageInfo func (m *JWTToken) Reset() { *m = JWTToken{} } func (*JWTToken) ProtoMessage() {} func (*JWTToken) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{72} + return fileDescriptor_030104ce3b95bcac, []int{71} } func (m *JWTToken) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2088,7 +2060,7 @@ var xxx_messageInfo_JWTToken proto.InternalMessageInfo func (m *JWTTokens) Reset() { *m = JWTTokens{} } func (*JWTTokens) ProtoMessage() {} func (*JWTTokens) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{73} + return fileDescriptor_030104ce3b95bcac, []int{72} } func (m *JWTTokens) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2116,7 +2088,7 @@ var xxx_messageInfo_JWTTokens proto.InternalMessageInfo func (m *JsonnetVar) Reset() { *m = JsonnetVar{} } func (*JsonnetVar) ProtoMessage() {} func (*JsonnetVar) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{74} + return fileDescriptor_030104ce3b95bcac, []int{73} } func (m *JsonnetVar) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2144,7 +2116,7 @@ var xxx_messageInfo_JsonnetVar proto.InternalMessageInfo func (m *KnownTypeField) Reset() { *m = KnownTypeField{} } func (*KnownTypeField) ProtoMessage() {} func (*KnownTypeField) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{75} + return fileDescriptor_030104ce3b95bcac, []int{74} } func (m *KnownTypeField) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2172,7 +2144,7 @@ var xxx_messageInfo_KnownTypeField proto.InternalMessageInfo func (m *KustomizeGvk) Reset() { *m = KustomizeGvk{} } func (*KustomizeGvk) ProtoMessage() {} func (*KustomizeGvk) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{76} + return fileDescriptor_030104ce3b95bcac, []int{75} } func (m *KustomizeGvk) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2200,7 +2172,7 @@ var xxx_messageInfo_KustomizeGvk proto.InternalMessageInfo func (m *KustomizeOptions) Reset() { *m = KustomizeOptions{} } func (*KustomizeOptions) ProtoMessage() {} func (*KustomizeOptions) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{77} + return fileDescriptor_030104ce3b95bcac, []int{76} } func (m *KustomizeOptions) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2228,7 +2200,7 @@ var xxx_messageInfo_KustomizeOptions proto.InternalMessageInfo func (m *KustomizePatch) Reset() { *m = KustomizePatch{} } func (*KustomizePatch) ProtoMessage() {} func (*KustomizePatch) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{78} + return fileDescriptor_030104ce3b95bcac, []int{77} } func (m *KustomizePatch) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2256,7 +2228,7 @@ var xxx_messageInfo_KustomizePatch proto.InternalMessageInfo func (m *KustomizeReplica) Reset() { *m = KustomizeReplica{} } func (*KustomizeReplica) ProtoMessage() {} func (*KustomizeReplica) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{79} + return fileDescriptor_030104ce3b95bcac, []int{78} } func (m *KustomizeReplica) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2284,7 +2256,7 @@ var xxx_messageInfo_KustomizeReplica proto.InternalMessageInfo func (m *KustomizeResId) Reset() { *m = KustomizeResId{} } func (*KustomizeResId) ProtoMessage() {} func (*KustomizeResId) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{80} + return fileDescriptor_030104ce3b95bcac, []int{79} } func (m *KustomizeResId) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2312,7 +2284,7 @@ var xxx_messageInfo_KustomizeResId proto.InternalMessageInfo func (m *KustomizeSelector) Reset() { *m = KustomizeSelector{} } func (*KustomizeSelector) ProtoMessage() {} func (*KustomizeSelector) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{81} + return fileDescriptor_030104ce3b95bcac, []int{80} } func (m *KustomizeSelector) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2340,7 +2312,7 @@ var xxx_messageInfo_KustomizeSelector proto.InternalMessageInfo func (m *ListGenerator) Reset() { *m = ListGenerator{} } func (*ListGenerator) ProtoMessage() {} func (*ListGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{82} + return fileDescriptor_030104ce3b95bcac, []int{81} } func (m *ListGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2368,7 +2340,7 @@ var xxx_messageInfo_ListGenerator proto.InternalMessageInfo func (m *ManagedNamespaceMetadata) Reset() { *m = ManagedNamespaceMetadata{} } func (*ManagedNamespaceMetadata) ProtoMessage() {} func (*ManagedNamespaceMetadata) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{83} + return fileDescriptor_030104ce3b95bcac, []int{82} } func (m *ManagedNamespaceMetadata) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2396,7 +2368,7 @@ var xxx_messageInfo_ManagedNamespaceMetadata proto.InternalMessageInfo func (m *MatrixGenerator) Reset() { *m = MatrixGenerator{} } func (*MatrixGenerator) ProtoMessage() {} func (*MatrixGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{84} + return fileDescriptor_030104ce3b95bcac, []int{83} } func (m *MatrixGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2424,7 +2396,7 @@ var xxx_messageInfo_MatrixGenerator proto.InternalMessageInfo func (m *MergeGenerator) Reset() { *m = MergeGenerator{} } func (*MergeGenerator) ProtoMessage() {} func (*MergeGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{85} + return fileDescriptor_030104ce3b95bcac, []int{84} } func (m *MergeGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2452,7 +2424,7 @@ var xxx_messageInfo_MergeGenerator proto.InternalMessageInfo func (m *NestedMatrixGenerator) Reset() { *m = NestedMatrixGenerator{} } func (*NestedMatrixGenerator) ProtoMessage() {} func (*NestedMatrixGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{86} + return fileDescriptor_030104ce3b95bcac, []int{85} } func (m *NestedMatrixGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2480,7 +2452,7 @@ var xxx_messageInfo_NestedMatrixGenerator proto.InternalMessageInfo func (m *NestedMergeGenerator) Reset() { *m = NestedMergeGenerator{} } func (*NestedMergeGenerator) ProtoMessage() {} func (*NestedMergeGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{87} + return fileDescriptor_030104ce3b95bcac, []int{86} } func (m *NestedMergeGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2508,7 +2480,7 @@ var xxx_messageInfo_NestedMergeGenerator proto.InternalMessageInfo func (m *Operation) Reset() { *m = Operation{} } func (*Operation) ProtoMessage() {} func (*Operation) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{88} + return fileDescriptor_030104ce3b95bcac, []int{87} } func (m *Operation) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2536,7 +2508,7 @@ var xxx_messageInfo_Operation proto.InternalMessageInfo func (m *OperationInitiator) Reset() { *m = OperationInitiator{} } func (*OperationInitiator) ProtoMessage() {} func (*OperationInitiator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{89} + return fileDescriptor_030104ce3b95bcac, []int{88} } func (m *OperationInitiator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2564,7 +2536,7 @@ var xxx_messageInfo_OperationInitiator proto.InternalMessageInfo func (m *OperationState) Reset() { *m = OperationState{} } func (*OperationState) ProtoMessage() {} func (*OperationState) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{90} + return fileDescriptor_030104ce3b95bcac, []int{89} } func (m *OperationState) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2592,7 +2564,7 @@ var xxx_messageInfo_OperationState proto.InternalMessageInfo func (m *OptionalArray) Reset() { *m = OptionalArray{} } func (*OptionalArray) ProtoMessage() {} func (*OptionalArray) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{91} + return fileDescriptor_030104ce3b95bcac, []int{90} } func (m *OptionalArray) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2620,7 +2592,7 @@ var xxx_messageInfo_OptionalArray proto.InternalMessageInfo func (m *OptionalMap) Reset() { *m = OptionalMap{} } func (*OptionalMap) ProtoMessage() {} func (*OptionalMap) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{92} + return fileDescriptor_030104ce3b95bcac, []int{91} } func (m *OptionalMap) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2648,7 +2620,7 @@ var xxx_messageInfo_OptionalMap proto.InternalMessageInfo func (m *OrphanedResourceKey) Reset() { *m = OrphanedResourceKey{} } func (*OrphanedResourceKey) ProtoMessage() {} func (*OrphanedResourceKey) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{93} + return fileDescriptor_030104ce3b95bcac, []int{92} } func (m *OrphanedResourceKey) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2676,7 +2648,7 @@ var xxx_messageInfo_OrphanedResourceKey proto.InternalMessageInfo func (m *OrphanedResourcesMonitorSettings) Reset() { *m = OrphanedResourcesMonitorSettings{} } func (*OrphanedResourcesMonitorSettings) ProtoMessage() {} func (*OrphanedResourcesMonitorSettings) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{94} + return fileDescriptor_030104ce3b95bcac, []int{93} } func (m *OrphanedResourcesMonitorSettings) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2704,7 +2676,7 @@ var xxx_messageInfo_OrphanedResourcesMonitorSettings proto.InternalMessageInfo func (m *OverrideIgnoreDiff) Reset() { *m = OverrideIgnoreDiff{} } func (*OverrideIgnoreDiff) ProtoMessage() {} func (*OverrideIgnoreDiff) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{95} + return fileDescriptor_030104ce3b95bcac, []int{94} } func (m *OverrideIgnoreDiff) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2732,7 +2704,7 @@ var xxx_messageInfo_OverrideIgnoreDiff proto.InternalMessageInfo func (m *PluginConfigMapRef) Reset() { *m = PluginConfigMapRef{} } func (*PluginConfigMapRef) ProtoMessage() {} func (*PluginConfigMapRef) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{96} + return fileDescriptor_030104ce3b95bcac, []int{95} } func (m *PluginConfigMapRef) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2760,7 +2732,7 @@ var xxx_messageInfo_PluginConfigMapRef proto.InternalMessageInfo func (m *PluginGenerator) Reset() { *m = PluginGenerator{} } func (*PluginGenerator) ProtoMessage() {} func (*PluginGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{97} + return fileDescriptor_030104ce3b95bcac, []int{96} } func (m *PluginGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2788,7 +2760,7 @@ var xxx_messageInfo_PluginGenerator proto.InternalMessageInfo func (m *PluginInput) Reset() { *m = PluginInput{} } func (*PluginInput) ProtoMessage() {} func (*PluginInput) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{98} + return fileDescriptor_030104ce3b95bcac, []int{97} } func (m *PluginInput) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2816,7 +2788,7 @@ var xxx_messageInfo_PluginInput proto.InternalMessageInfo func (m *ProjectRole) Reset() { *m = ProjectRole{} } func (*ProjectRole) ProtoMessage() {} func (*ProjectRole) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{99} + return fileDescriptor_030104ce3b95bcac, []int{98} } func (m *ProjectRole) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2844,7 +2816,7 @@ var xxx_messageInfo_ProjectRole proto.InternalMessageInfo func (m *PullRequestGenerator) Reset() { *m = PullRequestGenerator{} } func (*PullRequestGenerator) ProtoMessage() {} func (*PullRequestGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{100} + return fileDescriptor_030104ce3b95bcac, []int{99} } func (m *PullRequestGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2872,7 +2844,7 @@ var xxx_messageInfo_PullRequestGenerator proto.InternalMessageInfo func (m *PullRequestGeneratorAzureDevOps) Reset() { *m = PullRequestGeneratorAzureDevOps{} } func (*PullRequestGeneratorAzureDevOps) ProtoMessage() {} func (*PullRequestGeneratorAzureDevOps) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{101} + return fileDescriptor_030104ce3b95bcac, []int{100} } func (m *PullRequestGeneratorAzureDevOps) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2900,7 +2872,7 @@ var xxx_messageInfo_PullRequestGeneratorAzureDevOps proto.InternalMessageInfo func (m *PullRequestGeneratorBitbucket) Reset() { *m = PullRequestGeneratorBitbucket{} } func (*PullRequestGeneratorBitbucket) ProtoMessage() {} func (*PullRequestGeneratorBitbucket) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{102} + return fileDescriptor_030104ce3b95bcac, []int{101} } func (m *PullRequestGeneratorBitbucket) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2928,7 +2900,7 @@ var xxx_messageInfo_PullRequestGeneratorBitbucket proto.InternalMessageInfo func (m *PullRequestGeneratorBitbucketServer) Reset() { *m = PullRequestGeneratorBitbucketServer{} } func (*PullRequestGeneratorBitbucketServer) ProtoMessage() {} func (*PullRequestGeneratorBitbucketServer) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{103} + return fileDescriptor_030104ce3b95bcac, []int{102} } func (m *PullRequestGeneratorBitbucketServer) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2956,7 +2928,7 @@ var xxx_messageInfo_PullRequestGeneratorBitbucketServer proto.InternalMessageInf func (m *PullRequestGeneratorFilter) Reset() { *m = PullRequestGeneratorFilter{} } func (*PullRequestGeneratorFilter) ProtoMessage() {} func (*PullRequestGeneratorFilter) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{104} + return fileDescriptor_030104ce3b95bcac, []int{103} } func (m *PullRequestGeneratorFilter) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2984,7 +2956,7 @@ var xxx_messageInfo_PullRequestGeneratorFilter proto.InternalMessageInfo func (m *PullRequestGeneratorGitLab) Reset() { *m = PullRequestGeneratorGitLab{} } func (*PullRequestGeneratorGitLab) ProtoMessage() {} func (*PullRequestGeneratorGitLab) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{105} + return fileDescriptor_030104ce3b95bcac, []int{104} } func (m *PullRequestGeneratorGitLab) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3012,7 +2984,7 @@ var xxx_messageInfo_PullRequestGeneratorGitLab proto.InternalMessageInfo func (m *PullRequestGeneratorGitea) Reset() { *m = PullRequestGeneratorGitea{} } func (*PullRequestGeneratorGitea) ProtoMessage() {} func (*PullRequestGeneratorGitea) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{106} + return fileDescriptor_030104ce3b95bcac, []int{105} } func (m *PullRequestGeneratorGitea) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3040,7 +3012,7 @@ var xxx_messageInfo_PullRequestGeneratorGitea proto.InternalMessageInfo func (m *PullRequestGeneratorGithub) Reset() { *m = PullRequestGeneratorGithub{} } func (*PullRequestGeneratorGithub) ProtoMessage() {} func (*PullRequestGeneratorGithub) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{107} + return fileDescriptor_030104ce3b95bcac, []int{106} } func (m *PullRequestGeneratorGithub) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3068,7 +3040,7 @@ var xxx_messageInfo_PullRequestGeneratorGithub proto.InternalMessageInfo func (m *RefTarget) Reset() { *m = RefTarget{} } func (*RefTarget) ProtoMessage() {} func (*RefTarget) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{108} + return fileDescriptor_030104ce3b95bcac, []int{107} } func (m *RefTarget) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3096,7 +3068,7 @@ var xxx_messageInfo_RefTarget proto.InternalMessageInfo func (m *RepoCreds) Reset() { *m = RepoCreds{} } func (*RepoCreds) ProtoMessage() {} func (*RepoCreds) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{109} + return fileDescriptor_030104ce3b95bcac, []int{108} } func (m *RepoCreds) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3124,7 +3096,7 @@ var xxx_messageInfo_RepoCreds proto.InternalMessageInfo func (m *RepoCredsList) Reset() { *m = RepoCredsList{} } func (*RepoCredsList) ProtoMessage() {} func (*RepoCredsList) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{110} + return fileDescriptor_030104ce3b95bcac, []int{109} } func (m *RepoCredsList) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3152,7 +3124,7 @@ var xxx_messageInfo_RepoCredsList proto.InternalMessageInfo func (m *Repository) Reset() { *m = Repository{} } func (*Repository) ProtoMessage() {} func (*Repository) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{111} + return fileDescriptor_030104ce3b95bcac, []int{110} } func (m *Repository) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3180,7 +3152,7 @@ var xxx_messageInfo_Repository proto.InternalMessageInfo func (m *RepositoryCertificate) Reset() { *m = RepositoryCertificate{} } func (*RepositoryCertificate) ProtoMessage() {} func (*RepositoryCertificate) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{112} + return fileDescriptor_030104ce3b95bcac, []int{111} } func (m *RepositoryCertificate) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3208,7 +3180,7 @@ var xxx_messageInfo_RepositoryCertificate proto.InternalMessageInfo func (m *RepositoryCertificateList) Reset() { *m = RepositoryCertificateList{} } func (*RepositoryCertificateList) ProtoMessage() {} func (*RepositoryCertificateList) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{113} + return fileDescriptor_030104ce3b95bcac, []int{112} } func (m *RepositoryCertificateList) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3236,7 +3208,7 @@ var xxx_messageInfo_RepositoryCertificateList proto.InternalMessageInfo func (m *RepositoryList) Reset() { *m = RepositoryList{} } func (*RepositoryList) ProtoMessage() {} func (*RepositoryList) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{114} + return fileDescriptor_030104ce3b95bcac, []int{113} } func (m *RepositoryList) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3264,7 +3236,7 @@ var xxx_messageInfo_RepositoryList proto.InternalMessageInfo func (m *ResourceAction) Reset() { *m = ResourceAction{} } func (*ResourceAction) ProtoMessage() {} func (*ResourceAction) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{115} + return fileDescriptor_030104ce3b95bcac, []int{114} } func (m *ResourceAction) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3292,7 +3264,7 @@ var xxx_messageInfo_ResourceAction proto.InternalMessageInfo func (m *ResourceActionDefinition) Reset() { *m = ResourceActionDefinition{} } func (*ResourceActionDefinition) ProtoMessage() {} func (*ResourceActionDefinition) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{116} + return fileDescriptor_030104ce3b95bcac, []int{115} } func (m *ResourceActionDefinition) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3320,7 +3292,7 @@ var xxx_messageInfo_ResourceActionDefinition proto.InternalMessageInfo func (m *ResourceActionParam) Reset() { *m = ResourceActionParam{} } func (*ResourceActionParam) ProtoMessage() {} func (*ResourceActionParam) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{117} + return fileDescriptor_030104ce3b95bcac, []int{116} } func (m *ResourceActionParam) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3348,7 +3320,7 @@ var xxx_messageInfo_ResourceActionParam proto.InternalMessageInfo func (m *ResourceActions) Reset() { *m = ResourceActions{} } func (*ResourceActions) ProtoMessage() {} func (*ResourceActions) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{118} + return fileDescriptor_030104ce3b95bcac, []int{117} } func (m *ResourceActions) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3376,7 +3348,7 @@ var xxx_messageInfo_ResourceActions proto.InternalMessageInfo func (m *ResourceDiff) Reset() { *m = ResourceDiff{} } func (*ResourceDiff) ProtoMessage() {} func (*ResourceDiff) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{119} + return fileDescriptor_030104ce3b95bcac, []int{118} } func (m *ResourceDiff) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3404,7 +3376,7 @@ var xxx_messageInfo_ResourceDiff proto.InternalMessageInfo func (m *ResourceIgnoreDifferences) Reset() { *m = ResourceIgnoreDifferences{} } func (*ResourceIgnoreDifferences) ProtoMessage() {} func (*ResourceIgnoreDifferences) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{120} + return fileDescriptor_030104ce3b95bcac, []int{119} } func (m *ResourceIgnoreDifferences) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3432,7 +3404,7 @@ var xxx_messageInfo_ResourceIgnoreDifferences proto.InternalMessageInfo func (m *ResourceNetworkingInfo) Reset() { *m = ResourceNetworkingInfo{} } func (*ResourceNetworkingInfo) ProtoMessage() {} func (*ResourceNetworkingInfo) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{121} + return fileDescriptor_030104ce3b95bcac, []int{120} } func (m *ResourceNetworkingInfo) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3460,7 +3432,7 @@ var xxx_messageInfo_ResourceNetworkingInfo proto.InternalMessageInfo func (m *ResourceNode) Reset() { *m = ResourceNode{} } func (*ResourceNode) ProtoMessage() {} func (*ResourceNode) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{122} + return fileDescriptor_030104ce3b95bcac, []int{121} } func (m *ResourceNode) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3488,7 +3460,7 @@ var xxx_messageInfo_ResourceNode proto.InternalMessageInfo func (m *ResourceOverride) Reset() { *m = ResourceOverride{} } func (*ResourceOverride) ProtoMessage() {} func (*ResourceOverride) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{123} + return fileDescriptor_030104ce3b95bcac, []int{122} } func (m *ResourceOverride) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3516,7 +3488,7 @@ var xxx_messageInfo_ResourceOverride proto.InternalMessageInfo func (m *ResourceRef) Reset() { *m = ResourceRef{} } func (*ResourceRef) ProtoMessage() {} func (*ResourceRef) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{124} + return fileDescriptor_030104ce3b95bcac, []int{123} } func (m *ResourceRef) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3544,7 +3516,7 @@ var xxx_messageInfo_ResourceRef proto.InternalMessageInfo func (m *ResourceResult) Reset() { *m = ResourceResult{} } func (*ResourceResult) ProtoMessage() {} func (*ResourceResult) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{125} + return fileDescriptor_030104ce3b95bcac, []int{124} } func (m *ResourceResult) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3572,7 +3544,7 @@ var xxx_messageInfo_ResourceResult proto.InternalMessageInfo func (m *ResourceStatus) Reset() { *m = ResourceStatus{} } func (*ResourceStatus) ProtoMessage() {} func (*ResourceStatus) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{126} + return fileDescriptor_030104ce3b95bcac, []int{125} } func (m *ResourceStatus) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3600,7 +3572,7 @@ var xxx_messageInfo_ResourceStatus proto.InternalMessageInfo func (m *RetryStrategy) Reset() { *m = RetryStrategy{} } func (*RetryStrategy) ProtoMessage() {} func (*RetryStrategy) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{127} + return fileDescriptor_030104ce3b95bcac, []int{126} } func (m *RetryStrategy) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3628,7 +3600,7 @@ var xxx_messageInfo_RetryStrategy proto.InternalMessageInfo func (m *RevisionHistory) Reset() { *m = RevisionHistory{} } func (*RevisionHistory) ProtoMessage() {} func (*RevisionHistory) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{128} + return fileDescriptor_030104ce3b95bcac, []int{127} } func (m *RevisionHistory) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3656,7 +3628,7 @@ var xxx_messageInfo_RevisionHistory proto.InternalMessageInfo func (m *RevisionMetadata) Reset() { *m = RevisionMetadata{} } func (*RevisionMetadata) ProtoMessage() {} func (*RevisionMetadata) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{129} + return fileDescriptor_030104ce3b95bcac, []int{128} } func (m *RevisionMetadata) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3684,7 +3656,7 @@ var xxx_messageInfo_RevisionMetadata proto.InternalMessageInfo func (m *SCMProviderGenerator) Reset() { *m = SCMProviderGenerator{} } func (*SCMProviderGenerator) ProtoMessage() {} func (*SCMProviderGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{130} + return fileDescriptor_030104ce3b95bcac, []int{129} } func (m *SCMProviderGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3712,7 +3684,7 @@ var xxx_messageInfo_SCMProviderGenerator proto.InternalMessageInfo func (m *SCMProviderGeneratorAWSCodeCommit) Reset() { *m = SCMProviderGeneratorAWSCodeCommit{} } func (*SCMProviderGeneratorAWSCodeCommit) ProtoMessage() {} func (*SCMProviderGeneratorAWSCodeCommit) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{131} + return fileDescriptor_030104ce3b95bcac, []int{130} } func (m *SCMProviderGeneratorAWSCodeCommit) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3740,7 +3712,7 @@ var xxx_messageInfo_SCMProviderGeneratorAWSCodeCommit proto.InternalMessageInfo func (m *SCMProviderGeneratorAzureDevOps) Reset() { *m = SCMProviderGeneratorAzureDevOps{} } func (*SCMProviderGeneratorAzureDevOps) ProtoMessage() {} func (*SCMProviderGeneratorAzureDevOps) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{132} + return fileDescriptor_030104ce3b95bcac, []int{131} } func (m *SCMProviderGeneratorAzureDevOps) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3768,7 +3740,7 @@ var xxx_messageInfo_SCMProviderGeneratorAzureDevOps proto.InternalMessageInfo func (m *SCMProviderGeneratorBitbucket) Reset() { *m = SCMProviderGeneratorBitbucket{} } func (*SCMProviderGeneratorBitbucket) ProtoMessage() {} func (*SCMProviderGeneratorBitbucket) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{133} + return fileDescriptor_030104ce3b95bcac, []int{132} } func (m *SCMProviderGeneratorBitbucket) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3796,7 +3768,7 @@ var xxx_messageInfo_SCMProviderGeneratorBitbucket proto.InternalMessageInfo func (m *SCMProviderGeneratorBitbucketServer) Reset() { *m = SCMProviderGeneratorBitbucketServer{} } func (*SCMProviderGeneratorBitbucketServer) ProtoMessage() {} func (*SCMProviderGeneratorBitbucketServer) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{134} + return fileDescriptor_030104ce3b95bcac, []int{133} } func (m *SCMProviderGeneratorBitbucketServer) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3824,7 +3796,7 @@ var xxx_messageInfo_SCMProviderGeneratorBitbucketServer proto.InternalMessageInf func (m *SCMProviderGeneratorFilter) Reset() { *m = SCMProviderGeneratorFilter{} } func (*SCMProviderGeneratorFilter) ProtoMessage() {} func (*SCMProviderGeneratorFilter) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{135} + return fileDescriptor_030104ce3b95bcac, []int{134} } func (m *SCMProviderGeneratorFilter) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3852,7 +3824,7 @@ var xxx_messageInfo_SCMProviderGeneratorFilter proto.InternalMessageInfo func (m *SCMProviderGeneratorGitea) Reset() { *m = SCMProviderGeneratorGitea{} } func (*SCMProviderGeneratorGitea) ProtoMessage() {} func (*SCMProviderGeneratorGitea) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{136} + return fileDescriptor_030104ce3b95bcac, []int{135} } func (m *SCMProviderGeneratorGitea) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3880,7 +3852,7 @@ var xxx_messageInfo_SCMProviderGeneratorGitea proto.InternalMessageInfo func (m *SCMProviderGeneratorGithub) Reset() { *m = SCMProviderGeneratorGithub{} } func (*SCMProviderGeneratorGithub) ProtoMessage() {} func (*SCMProviderGeneratorGithub) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{137} + return fileDescriptor_030104ce3b95bcac, []int{136} } func (m *SCMProviderGeneratorGithub) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3908,7 +3880,7 @@ var xxx_messageInfo_SCMProviderGeneratorGithub proto.InternalMessageInfo func (m *SCMProviderGeneratorGitlab) Reset() { *m = SCMProviderGeneratorGitlab{} } func (*SCMProviderGeneratorGitlab) ProtoMessage() {} func (*SCMProviderGeneratorGitlab) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{138} + return fileDescriptor_030104ce3b95bcac, []int{137} } func (m *SCMProviderGeneratorGitlab) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3936,7 +3908,7 @@ var xxx_messageInfo_SCMProviderGeneratorGitlab proto.InternalMessageInfo func (m *SecretRef) Reset() { *m = SecretRef{} } func (*SecretRef) ProtoMessage() {} func (*SecretRef) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{139} + return fileDescriptor_030104ce3b95bcac, []int{138} } func (m *SecretRef) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3964,7 +3936,7 @@ var xxx_messageInfo_SecretRef proto.InternalMessageInfo func (m *SignatureKey) Reset() { *m = SignatureKey{} } func (*SignatureKey) ProtoMessage() {} func (*SignatureKey) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{140} + return fileDescriptor_030104ce3b95bcac, []int{139} } func (m *SignatureKey) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3992,7 +3964,7 @@ var xxx_messageInfo_SignatureKey proto.InternalMessageInfo func (m *SyncOperation) Reset() { *m = SyncOperation{} } func (*SyncOperation) ProtoMessage() {} func (*SyncOperation) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{141} + return fileDescriptor_030104ce3b95bcac, []int{140} } func (m *SyncOperation) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4020,7 +3992,7 @@ var xxx_messageInfo_SyncOperation proto.InternalMessageInfo func (m *SyncOperationResource) Reset() { *m = SyncOperationResource{} } func (*SyncOperationResource) ProtoMessage() {} func (*SyncOperationResource) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{142} + return fileDescriptor_030104ce3b95bcac, []int{141} } func (m *SyncOperationResource) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4048,7 +4020,7 @@ var xxx_messageInfo_SyncOperationResource proto.InternalMessageInfo func (m *SyncOperationResult) Reset() { *m = SyncOperationResult{} } func (*SyncOperationResult) ProtoMessage() {} func (*SyncOperationResult) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{143} + return fileDescriptor_030104ce3b95bcac, []int{142} } func (m *SyncOperationResult) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4076,7 +4048,7 @@ var xxx_messageInfo_SyncOperationResult proto.InternalMessageInfo func (m *SyncPolicy) Reset() { *m = SyncPolicy{} } func (*SyncPolicy) ProtoMessage() {} func (*SyncPolicy) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{144} + return fileDescriptor_030104ce3b95bcac, []int{143} } func (m *SyncPolicy) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4104,7 +4076,7 @@ var xxx_messageInfo_SyncPolicy proto.InternalMessageInfo func (m *SyncPolicyAutomated) Reset() { *m = SyncPolicyAutomated{} } func (*SyncPolicyAutomated) ProtoMessage() {} func (*SyncPolicyAutomated) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{145} + return fileDescriptor_030104ce3b95bcac, []int{144} } func (m *SyncPolicyAutomated) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4132,7 +4104,7 @@ var xxx_messageInfo_SyncPolicyAutomated proto.InternalMessageInfo func (m *SyncStatus) Reset() { *m = SyncStatus{} } func (*SyncStatus) ProtoMessage() {} func (*SyncStatus) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{146} + return fileDescriptor_030104ce3b95bcac, []int{145} } func (m *SyncStatus) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4160,7 +4132,7 @@ var xxx_messageInfo_SyncStatus proto.InternalMessageInfo func (m *SyncStrategy) Reset() { *m = SyncStrategy{} } func (*SyncStrategy) ProtoMessage() {} func (*SyncStrategy) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{147} + return fileDescriptor_030104ce3b95bcac, []int{146} } func (m *SyncStrategy) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4188,7 +4160,7 @@ var xxx_messageInfo_SyncStrategy proto.InternalMessageInfo func (m *SyncStrategyApply) Reset() { *m = SyncStrategyApply{} } func (*SyncStrategyApply) ProtoMessage() {} func (*SyncStrategyApply) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{148} + return fileDescriptor_030104ce3b95bcac, []int{147} } func (m *SyncStrategyApply) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4216,7 +4188,7 @@ var xxx_messageInfo_SyncStrategyApply proto.InternalMessageInfo func (m *SyncStrategyHook) Reset() { *m = SyncStrategyHook{} } func (*SyncStrategyHook) ProtoMessage() {} func (*SyncStrategyHook) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{149} + return fileDescriptor_030104ce3b95bcac, []int{148} } func (m *SyncStrategyHook) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4244,7 +4216,7 @@ var xxx_messageInfo_SyncStrategyHook proto.InternalMessageInfo func (m *SyncWindow) Reset() { *m = SyncWindow{} } func (*SyncWindow) ProtoMessage() {} func (*SyncWindow) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{150} + return fileDescriptor_030104ce3b95bcac, []int{149} } func (m *SyncWindow) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4272,7 +4244,7 @@ var xxx_messageInfo_SyncWindow proto.InternalMessageInfo func (m *TLSClientConfig) Reset() { *m = TLSClientConfig{} } func (*TLSClientConfig) ProtoMessage() {} func (*TLSClientConfig) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{151} + return fileDescriptor_030104ce3b95bcac, []int{150} } func (m *TLSClientConfig) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4300,7 +4272,7 @@ var xxx_messageInfo_TLSClientConfig proto.InternalMessageInfo func (m *TagFilter) Reset() { *m = TagFilter{} } func (*TagFilter) ProtoMessage() {} func (*TagFilter) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{152} + return fileDescriptor_030104ce3b95bcac, []int{151} } func (m *TagFilter) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4356,7 +4328,6 @@ func init() { proto.RegisterMapType((map[string]string)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.ApplicationSetTemplateMeta.AnnotationsEntry") proto.RegisterMapType((map[string]string)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.ApplicationSetTemplateMeta.LabelsEntry") proto.RegisterType((*ApplicationSetTerminalGenerator)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.ApplicationSetTerminalGenerator") - proto.RegisterType((*ApplicationSetTree)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.ApplicationSetTree") proto.RegisterType((*ApplicationSource)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.ApplicationSource") proto.RegisterType((*ApplicationSourceDirectory)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.ApplicationSourceDirectory") proto.RegisterType((*ApplicationSourceHelm)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.ApplicationSourceHelm") @@ -4506,700 +4477,698 @@ func init() { } var fileDescriptor_030104ce3b95bcac = []byte{ - // 11073 bytes of a gzipped FileDescriptorProto + // 11054 bytes of a gzipped FileDescriptorProto 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x7d, 0x6d, 0x70, 0x24, 0xc7, 0x75, 0x98, 0x66, 0x17, 0x0b, 0xec, 0x3e, 0x7c, 0xdc, 0x5d, 0xdf, 0x1d, 0x09, 0x9e, 0x48, 0xe2, 0x3c, 0xb4, 0x29, 0x2a, 0x22, 0x01, 0xf3, 0x44, 0xca, 0x8c, 0x68, 0x4b, 0xc6, 0x02, 0x77, 0x38, 0xdc, 0x01, 0x07, 0xb0, 0x81, 0xbb, 0x93, 0x28, 0x53, 0xd4, 0x60, 0xb7, 0xb1, 0x98, 0xc3, 0xec, - 0xcc, 0x70, 0x66, 0x16, 0x07, 0xd0, 0x92, 0x2c, 0x59, 0x92, 0xad, 0x44, 0x1f, 0x54, 0xa4, 0xa4, + 0xcc, 0x70, 0x66, 0x16, 0x07, 0xd0, 0x92, 0x2c, 0x59, 0xb2, 0xad, 0x44, 0x1f, 0x54, 0xa4, 0xa4, 0x4c, 0x27, 0x96, 0x22, 0x5b, 0x4e, 0x2a, 0xae, 0x44, 0x15, 0x27, 0xf9, 0x11, 0x27, 0x4e, 0xca, - 0x65, 0x3b, 0x95, 0x52, 0xe2, 0xa4, 0xec, 0x72, 0xb9, 0x2c, 0x27, 0xb1, 0x11, 0xe9, 0x52, 0xa9, - 0xa4, 0x52, 0x15, 0x57, 0x39, 0xf1, 0x8f, 0xe4, 0x92, 0x1f, 0xa9, 0xfe, 0xee, 0x99, 0x9d, 0x05, - 0x16, 0xc0, 0xe0, 0xee, 0xa4, 0xf0, 0xdf, 0x6e, 0xbf, 0x37, 0xef, 0xf5, 0xf4, 0x74, 0xbf, 0xf7, - 0xfa, 0xf5, 0x7b, 0xaf, 0x61, 0xa1, 0xe5, 0x26, 0x1b, 0x9d, 0xb5, 0xc9, 0x46, 0xd0, 0x9e, 0x72, - 0xa2, 0x56, 0x10, 0x46, 0xc1, 0x2d, 0xf6, 0xe3, 0x99, 0x46, 0x73, 0x6a, 0xeb, 0xc2, 0x54, 0xb8, - 0xd9, 0x9a, 0x72, 0x42, 0x37, 0x9e, 0x72, 0xc2, 0xd0, 0x73, 0x1b, 0x4e, 0xe2, 0x06, 0xfe, 0xd4, - 0xd6, 0xb3, 0x8e, 0x17, 0x6e, 0x38, 0xcf, 0x4e, 0xb5, 0x88, 0x4f, 0x22, 0x27, 0x21, 0xcd, 0xc9, - 0x30, 0x0a, 0x92, 0x00, 0xfd, 0xa8, 0xa6, 0x36, 0x29, 0xa9, 0xb1, 0x1f, 0xaf, 0x36, 0x9a, 0x93, - 0x5b, 0x17, 0x26, 0xc3, 0xcd, 0xd6, 0x24, 0xa5, 0x36, 0x69, 0x50, 0x9b, 0x94, 0xd4, 0xce, 0x3d, - 0x63, 0xf4, 0xa5, 0x15, 0xb4, 0x82, 0x29, 0x46, 0x74, 0xad, 0xb3, 0xce, 0xfe, 0xb1, 0x3f, 0xec, - 0x17, 0x67, 0x76, 0xce, 0xde, 0x7c, 0x21, 0x9e, 0x74, 0x03, 0xda, 0xbd, 0xa9, 0x46, 0x10, 0x91, - 0xa9, 0xad, 0xae, 0x0e, 0x9d, 0xbb, 0xac, 0x71, 0xc8, 0x76, 0x42, 0xfc, 0xd8, 0x0d, 0xfc, 0xf8, - 0x19, 0xda, 0x05, 0x12, 0x6d, 0x91, 0xc8, 0x7c, 0x3d, 0x03, 0x21, 0x8f, 0xd2, 0x73, 0x9a, 0x52, - 0xdb, 0x69, 0x6c, 0xb8, 0x3e, 0x89, 0x76, 0xf4, 0xe3, 0x6d, 0x92, 0x38, 0x79, 0x4f, 0x4d, 0xf5, - 0x7a, 0x2a, 0xea, 0xf8, 0x89, 0xdb, 0x26, 0x5d, 0x0f, 0xbc, 0x67, 0xbf, 0x07, 0xe2, 0xc6, 0x06, - 0x69, 0x3b, 0x5d, 0xcf, 0xbd, 0xbb, 0xd7, 0x73, 0x9d, 0xc4, 0xf5, 0xa6, 0x5c, 0x3f, 0x89, 0x93, - 0x28, 0xfb, 0x90, 0xfd, 0x0b, 0x16, 0x8c, 0x4e, 0xdf, 0x5c, 0x99, 0xee, 0x24, 0x1b, 0x33, 0x81, - 0xbf, 0xee, 0xb6, 0xd0, 0xf3, 0x30, 0xdc, 0xf0, 0x3a, 0x71, 0x42, 0xa2, 0x6b, 0x4e, 0x9b, 0x8c, - 0x5b, 0xe7, 0xad, 0xa7, 0x6a, 0xf5, 0xd3, 0xdf, 0xda, 0x9d, 0x78, 0xdb, 0x9d, 0xdd, 0x89, 0xe1, - 0x19, 0x0d, 0xc2, 0x26, 0x1e, 0x7a, 0x27, 0x0c, 0x45, 0x81, 0x47, 0xa6, 0xf1, 0xb5, 0xf1, 0x12, - 0x7b, 0xe4, 0x84, 0x78, 0x64, 0x08, 0xf3, 0x66, 0x2c, 0xe1, 0x14, 0x35, 0x8c, 0x82, 0x75, 0xd7, - 0x23, 0xe3, 0xe5, 0x34, 0xea, 0x32, 0x6f, 0xc6, 0x12, 0x6e, 0xff, 0x61, 0x09, 0x60, 0x3a, 0x0c, - 0x97, 0xa3, 0xe0, 0x16, 0x69, 0x24, 0xe8, 0x23, 0x50, 0xa5, 0xc3, 0xdc, 0x74, 0x12, 0x87, 0x75, - 0x6c, 0xf8, 0xc2, 0x0f, 0x4f, 0xf2, 0xb7, 0x9e, 0x34, 0xdf, 0x5a, 0x4f, 0x32, 0x8a, 0x3d, 0xb9, - 0xf5, 0xec, 0xe4, 0xd2, 0x1a, 0x7d, 0x7e, 0x91, 0x24, 0x4e, 0x1d, 0x09, 0x66, 0xa0, 0xdb, 0xb0, - 0xa2, 0x8a, 0x7c, 0x18, 0x88, 0x43, 0xd2, 0x60, 0xef, 0x30, 0x7c, 0x61, 0x61, 0xf2, 0x28, 0xb3, - 0x79, 0x52, 0xf7, 0x7c, 0x25, 0x24, 0x8d, 0xfa, 0x88, 0xe0, 0x3c, 0x40, 0xff, 0x61, 0xc6, 0x07, - 0x6d, 0xc1, 0x60, 0x9c, 0x38, 0x49, 0x27, 0x66, 0x43, 0x31, 0x7c, 0xe1, 0x5a, 0x61, 0x1c, 0x19, - 0xd5, 0xfa, 0x98, 0xe0, 0x39, 0xc8, 0xff, 0x63, 0xc1, 0xcd, 0xfe, 0x13, 0x0b, 0xc6, 0x34, 0xf2, - 0x82, 0x1b, 0x27, 0xe8, 0x27, 0xba, 0x06, 0x77, 0xb2, 0xbf, 0xc1, 0xa5, 0x4f, 0xb3, 0xa1, 0x3d, - 0x29, 0x98, 0x55, 0x65, 0x8b, 0x31, 0xb0, 0x6d, 0xa8, 0xb8, 0x09, 0x69, 0xc7, 0xe3, 0xa5, 0xf3, - 0xe5, 0xa7, 0x86, 0x2f, 0x5c, 0x2e, 0xea, 0x3d, 0xeb, 0xa3, 0x82, 0x69, 0x65, 0x9e, 0x92, 0xc7, - 0x9c, 0x8b, 0xfd, 0x2b, 0x23, 0xe6, 0xfb, 0xd1, 0x01, 0x47, 0xcf, 0xc2, 0x70, 0x1c, 0x74, 0xa2, - 0x06, 0xc1, 0x24, 0x0c, 0xe2, 0x71, 0xeb, 0x7c, 0x99, 0x4e, 0x3d, 0x3a, 0xa9, 0x57, 0x74, 0x33, - 0x36, 0x71, 0xd0, 0x17, 0x2d, 0x18, 0x69, 0x92, 0x38, 0x71, 0x7d, 0xc6, 0x5f, 0x76, 0x7e, 0xf5, - 0xc8, 0x9d, 0x97, 0x8d, 0xb3, 0x9a, 0x78, 0xfd, 0x8c, 0x78, 0x91, 0x11, 0xa3, 0x31, 0xc6, 0x29, - 0xfe, 0x74, 0x71, 0x36, 0x49, 0xdc, 0x88, 0xdc, 0x90, 0xfe, 0x17, 0xcb, 0x47, 0x2d, 0xce, 0x59, - 0x0d, 0xc2, 0x26, 0x1e, 0xf2, 0xa1, 0x42, 0x17, 0x5f, 0x3c, 0x3e, 0xc0, 0xfa, 0x3f, 0x7f, 0xb4, - 0xfe, 0x8b, 0x41, 0xa5, 0xeb, 0x5a, 0x8f, 0x3e, 0xfd, 0x17, 0x63, 0xce, 0x06, 0x7d, 0xc1, 0x82, - 0x71, 0x21, 0x1c, 0x30, 0xe1, 0x03, 0x7a, 0x73, 0xc3, 0x4d, 0x88, 0xe7, 0xc6, 0xc9, 0x78, 0x85, - 0xf5, 0x61, 0xaa, 0xbf, 0xb9, 0x35, 0x17, 0x05, 0x9d, 0xf0, 0xaa, 0xeb, 0x37, 0xeb, 0xe7, 0x05, - 0xa7, 0xf1, 0x99, 0x1e, 0x84, 0x71, 0x4f, 0x96, 0xe8, 0x2b, 0x16, 0x9c, 0xf3, 0x9d, 0x36, 0x89, - 0x43, 0x87, 0x7e, 0x5a, 0x0e, 0xae, 0x7b, 0x4e, 0x63, 0x93, 0xf5, 0x68, 0xf0, 0x70, 0x3d, 0xb2, - 0x45, 0x8f, 0xce, 0x5d, 0xeb, 0x49, 0x1a, 0xef, 0xc1, 0x16, 0x7d, 0xc3, 0x82, 0x53, 0x41, 0x14, - 0x6e, 0x38, 0x3e, 0x69, 0x4a, 0x68, 0x3c, 0x3e, 0xc4, 0x96, 0xde, 0x87, 0x8f, 0xf6, 0x89, 0x96, - 0xb2, 0x64, 0x17, 0x03, 0xdf, 0x4d, 0x82, 0x68, 0x85, 0x24, 0x89, 0xeb, 0xb7, 0xe2, 0xfa, 0xd9, - 0x3b, 0xbb, 0x13, 0xa7, 0xba, 0xb0, 0x70, 0x77, 0x7f, 0xd0, 0x4f, 0xc2, 0x70, 0xbc, 0xe3, 0x37, - 0x6e, 0xba, 0x7e, 0x33, 0xb8, 0x1d, 0x8f, 0x57, 0x8b, 0x58, 0xbe, 0x2b, 0x8a, 0xa0, 0x58, 0x80, - 0x9a, 0x01, 0x36, 0xb9, 0xe5, 0x7f, 0x38, 0x3d, 0x95, 0x6a, 0x45, 0x7f, 0x38, 0x3d, 0x99, 0xf6, - 0x60, 0x8b, 0x7e, 0xd6, 0x82, 0xd1, 0xd8, 0x6d, 0xf9, 0x4e, 0xd2, 0x89, 0xc8, 0x55, 0xb2, 0x13, - 0x8f, 0x03, 0xeb, 0xc8, 0x95, 0x23, 0x8e, 0x8a, 0x41, 0xb2, 0x7e, 0x56, 0xf4, 0x71, 0xd4, 0x6c, - 0x8d, 0x71, 0x9a, 0x6f, 0xde, 0x42, 0xd3, 0xd3, 0x7a, 0xb8, 0xd8, 0x85, 0xa6, 0x27, 0x75, 0x4f, - 0x96, 0xe8, 0xc7, 0xe1, 0x24, 0x6f, 0x52, 0x23, 0x1b, 0x8f, 0x8f, 0x30, 0x41, 0x7b, 0xe6, 0xce, - 0xee, 0xc4, 0xc9, 0x95, 0x0c, 0x0c, 0x77, 0x61, 0xa3, 0xd7, 0x60, 0x22, 0x24, 0x51, 0xdb, 0x4d, - 0x96, 0x7c, 0x6f, 0x47, 0x8a, 0xef, 0x46, 0x10, 0x92, 0xa6, 0xe8, 0x4e, 0x3c, 0x3e, 0x7a, 0xde, - 0x7a, 0xaa, 0x5a, 0x7f, 0x87, 0xe8, 0xe6, 0xc4, 0xf2, 0xde, 0xe8, 0x78, 0x3f, 0x7a, 0xf6, 0xbf, - 0x2a, 0xc1, 0xc9, 0xac, 0xe2, 0x44, 0x7f, 0xdb, 0x82, 0x13, 0xb7, 0x6e, 0x27, 0xab, 0xc1, 0x26, - 0xf1, 0xe3, 0xfa, 0x0e, 0x15, 0x6f, 0x4c, 0x65, 0x0c, 0x5f, 0x68, 0x14, 0xab, 0xa2, 0x27, 0xaf, - 0xa4, 0xb9, 0x5c, 0xf4, 0x93, 0x68, 0xa7, 0xfe, 0xb0, 0x78, 0xbb, 0x13, 0x57, 0x6e, 0xae, 0x9a, - 0x50, 0x9c, 0xed, 0xd4, 0xb9, 0xcf, 0x59, 0x70, 0x26, 0x8f, 0x04, 0x3a, 0x09, 0xe5, 0x4d, 0xb2, - 0xc3, 0x0d, 0x38, 0x4c, 0x7f, 0xa2, 0x57, 0xa0, 0xb2, 0xe5, 0x78, 0x1d, 0x22, 0xac, 0x9b, 0xb9, - 0xa3, 0xbd, 0x88, 0xea, 0x19, 0xe6, 0x54, 0xdf, 0x5b, 0x7a, 0xc1, 0xb2, 0x7f, 0xb7, 0x0c, 0xc3, - 0x86, 0x7e, 0xbb, 0x07, 0x16, 0x5b, 0x90, 0xb2, 0xd8, 0x16, 0x0b, 0x53, 0xcd, 0x3d, 0x4d, 0xb6, - 0xdb, 0x19, 0x93, 0x6d, 0xa9, 0x38, 0x96, 0x7b, 0xda, 0x6c, 0x28, 0x81, 0x5a, 0x10, 0x52, 0xeb, - 0x9d, 0xaa, 0xfe, 0x81, 0x22, 0x3e, 0xe1, 0x92, 0x24, 0x57, 0x1f, 0xbd, 0xb3, 0x3b, 0x51, 0x53, - 0x7f, 0xb1, 0x66, 0x64, 0x7f, 0xdb, 0x82, 0x33, 0x46, 0x1f, 0x67, 0x02, 0xbf, 0xe9, 0xb2, 0x4f, - 0x7b, 0x1e, 0x06, 0x92, 0x9d, 0x50, 0xee, 0x10, 0xd4, 0x48, 0xad, 0xee, 0x84, 0x04, 0x33, 0x08, - 0x35, 0xf4, 0xdb, 0x24, 0x8e, 0x9d, 0x16, 0xc9, 0xee, 0x09, 0x16, 0x79, 0x33, 0x96, 0x70, 0x14, - 0x01, 0xf2, 0x9c, 0x38, 0x59, 0x8d, 0x1c, 0x3f, 0x66, 0xe4, 0x57, 0xdd, 0x36, 0x11, 0x03, 0xfc, - 0x17, 0xfa, 0x9b, 0x31, 0xf4, 0x89, 0xfa, 0x43, 0x77, 0x76, 0x27, 0xd0, 0x42, 0x17, 0x25, 0x9c, - 0x43, 0xdd, 0xfe, 0x8a, 0x05, 0x0f, 0xe5, 0xdb, 0x62, 0xe8, 0x49, 0x18, 0xe4, 0xdb, 0x43, 0xf1, - 0x76, 0xfa, 0x93, 0xb0, 0x56, 0x2c, 0xa0, 0x68, 0x0a, 0x6a, 0x4a, 0x4f, 0x88, 0x77, 0x3c, 0x25, - 0x50, 0x6b, 0x5a, 0xb9, 0x68, 0x1c, 0x3a, 0x68, 0xf4, 0x8f, 0xb0, 0xdc, 0xd4, 0xa0, 0xb1, 0xfd, - 0x14, 0x83, 0xd8, 0xff, 0xd1, 0x82, 0x13, 0x46, 0xaf, 0xee, 0x81, 0x69, 0xee, 0xa7, 0x4d, 0xf3, - 0xf9, 0xc2, 0xe6, 0x73, 0x0f, 0xdb, 0xfc, 0x0b, 0x16, 0x9c, 0x33, 0xb0, 0x16, 0x9d, 0xa4, 0xb1, - 0x71, 0x71, 0x3b, 0x8c, 0x48, 0x4c, 0xb7, 0xde, 0xe8, 0x31, 0x43, 0x6e, 0xd5, 0x87, 0x05, 0x85, - 0xf2, 0x55, 0xb2, 0xc3, 0x85, 0xd8, 0xd3, 0x50, 0xe5, 0x93, 0x33, 0x88, 0xc4, 0x88, 0xab, 0x77, - 0x5b, 0x12, 0xed, 0x58, 0x61, 0x20, 0x1b, 0x06, 0x99, 0x70, 0xa2, 0x8b, 0x95, 0xaa, 0x21, 0xa0, - 0x1f, 0xf1, 0x06, 0x6b, 0xc1, 0x02, 0x62, 0xc7, 0xa9, 0xee, 0x2c, 0x47, 0x84, 0x7d, 0xdc, 0xe6, - 0x25, 0x97, 0x78, 0xcd, 0x98, 0x6e, 0x1b, 0x1c, 0xdf, 0x0f, 0x12, 0xb1, 0x03, 0x30, 0xb6, 0x0d, - 0xd3, 0xba, 0x19, 0x9b, 0x38, 0x94, 0xa9, 0xe7, 0xac, 0x11, 0x8f, 0x8f, 0xa8, 0x60, 0xba, 0xc0, - 0x5a, 0xb0, 0x80, 0xd8, 0x77, 0x4a, 0x6c, 0x83, 0xa2, 0x96, 0x3e, 0xb9, 0x17, 0xbb, 0xdb, 0x28, - 0x25, 0x2b, 0x97, 0x8b, 0x13, 0x5c, 0xa4, 0xf7, 0x0e, 0xf7, 0xf5, 0x8c, 0xb8, 0xc4, 0x85, 0x72, - 0xdd, 0x7b, 0x97, 0xfb, 0x9b, 0x25, 0x98, 0x48, 0x3f, 0xd0, 0x25, 0x6d, 0xe9, 0x96, 0xca, 0x60, - 0x94, 0xf5, 0x77, 0x18, 0xf8, 0xd8, 0xc4, 0xeb, 0x21, 0xb0, 0x4a, 0xc7, 0x29, 0xb0, 0x4c, 0x79, - 0x5a, 0xde, 0x47, 0x9e, 0x3e, 0xa9, 0x46, 0x7d, 0x20, 0x23, 0xc0, 0xd2, 0x3a, 0xe5, 0x3c, 0x0c, - 0xc4, 0x09, 0x09, 0xc7, 0x2b, 0x69, 0x79, 0xb4, 0x92, 0x90, 0x10, 0x33, 0x88, 0xfd, 0xdf, 0x4a, - 0xf0, 0x70, 0x7a, 0x0c, 0xb5, 0x0a, 0x78, 0x7f, 0x4a, 0x05, 0xbc, 0xcb, 0x54, 0x01, 0x77, 0x77, - 0x27, 0xde, 0xde, 0xe3, 0xb1, 0xef, 0x19, 0x0d, 0x81, 0xe6, 0x32, 0xa3, 0x38, 0x95, 0x1e, 0xc5, - 0xbb, 0xbb, 0x13, 0x8f, 0xf5, 0x78, 0xc7, 0xcc, 0x30, 0x3f, 0x09, 0x83, 0x11, 0x71, 0xe2, 0xc0, - 0x17, 0x03, 0xad, 0x3e, 0x07, 0x66, 0xad, 0x58, 0x40, 0xed, 0xdf, 0xaf, 0x65, 0x07, 0x7b, 0x8e, - 0x3b, 0xec, 0x82, 0x08, 0xb9, 0x30, 0xc0, 0xcc, 0x7a, 0x2e, 0x1a, 0xae, 0x1e, 0x6d, 0x19, 0x51, - 0x35, 0xa0, 0x48, 0xd7, 0xab, 0xf4, 0xab, 0xd1, 0x26, 0xcc, 0x58, 0xa0, 0x6d, 0xa8, 0x36, 0xa4, - 0xb5, 0x5d, 0x2a, 0xc2, 0x2f, 0x25, 0x6c, 0x6d, 0xcd, 0x71, 0x84, 0xca, 0x6b, 0x65, 0xa2, 0x2b, - 0x6e, 0x88, 0x40, 0xb9, 0xe5, 0x26, 0xe2, 0xb3, 0x1e, 0x71, 0x3f, 0x35, 0xe7, 0x1a, 0xaf, 0x38, - 0x44, 0x95, 0xc8, 0x9c, 0x9b, 0x60, 0x4a, 0x1f, 0x7d, 0xc6, 0x82, 0xe1, 0xb8, 0xd1, 0x5e, 0x8e, - 0x82, 0x2d, 0xb7, 0x49, 0x22, 0x61, 0x4d, 0x1d, 0x51, 0x34, 0xad, 0xcc, 0x2c, 0x4a, 0x82, 0x9a, - 0x2f, 0xdf, 0xdf, 0x6a, 0x08, 0x36, 0xf9, 0xd2, 0x5d, 0xc6, 0xc3, 0xe2, 0xdd, 0x67, 0x49, 0xc3, - 0xa5, 0xfa, 0x4f, 0x6e, 0xaa, 0xd8, 0x4c, 0x39, 0xb2, 0x75, 0x39, 0xdb, 0x69, 0x6c, 0xd2, 0xf5, - 0xa6, 0x3b, 0xf4, 0xf6, 0x3b, 0xbb, 0x13, 0x0f, 0xcf, 0xe4, 0xf3, 0xc4, 0xbd, 0x3a, 0xc3, 0x06, - 0x2c, 0xec, 0x78, 0x1e, 0x26, 0xaf, 0x75, 0x08, 0x73, 0x99, 0x14, 0x30, 0x60, 0xcb, 0x9a, 0x60, - 0x66, 0xc0, 0x0c, 0x08, 0x36, 0xf9, 0xa2, 0xd7, 0x60, 0xb0, 0xed, 0x24, 0x91, 0xbb, 0x2d, 0xfc, - 0x24, 0x47, 0xb4, 0xf7, 0x17, 0x19, 0x2d, 0xcd, 0x9c, 0x69, 0x6a, 0xde, 0x88, 0x05, 0x23, 0xd4, - 0x86, 0x4a, 0x9b, 0x44, 0x2d, 0x32, 0x5e, 0x2d, 0xc2, 0x27, 0xbc, 0x48, 0x49, 0x69, 0x86, 0x35, - 0x6a, 0x1d, 0xb1, 0x36, 0xcc, 0xb9, 0xa0, 0x57, 0xa0, 0x1a, 0x13, 0x8f, 0x34, 0xa8, 0x7d, 0x53, - 0x63, 0x1c, 0xdf, 0xdd, 0xa7, 0xad, 0x47, 0x0d, 0x8b, 0x15, 0xf1, 0x28, 0x5f, 0x60, 0xf2, 0x1f, - 0x56, 0x24, 0xe9, 0x00, 0x86, 0x5e, 0xa7, 0xe5, 0xfa, 0xe3, 0x50, 0xc4, 0x00, 0x2e, 0x33, 0x5a, - 0x99, 0x01, 0xe4, 0x8d, 0x58, 0x30, 0xb2, 0xff, 0xb3, 0x05, 0x28, 0x2d, 0xd4, 0xee, 0x81, 0x51, - 0xfb, 0x5a, 0xda, 0xa8, 0x5d, 0x28, 0xd2, 0xea, 0xe8, 0x61, 0xd7, 0xfe, 0x7a, 0x0d, 0x32, 0xea, - 0xe0, 0x1a, 0x89, 0x13, 0xd2, 0x7c, 0x4b, 0x84, 0xbf, 0x25, 0xc2, 0xdf, 0x12, 0xe1, 0x4a, 0x84, - 0xaf, 0x65, 0x44, 0xf8, 0xfb, 0x8c, 0x55, 0xaf, 0x0f, 0x60, 0x5f, 0x55, 0x27, 0xb4, 0x66, 0x0f, - 0x0c, 0x04, 0x2a, 0x09, 0xae, 0xac, 0x2c, 0x5d, 0xcb, 0x95, 0xd9, 0xaf, 0xa6, 0x65, 0xf6, 0x51, - 0x59, 0xfc, 0xff, 0x20, 0xa5, 0xff, 0xa5, 0x05, 0xef, 0x48, 0x4b, 0x2f, 0x39, 0x73, 0xe6, 0x5b, - 0x7e, 0x10, 0x91, 0x59, 0x77, 0x7d, 0x9d, 0x44, 0xc4, 0x6f, 0x90, 0x58, 0x79, 0x31, 0xac, 0x5e, - 0x5e, 0x0c, 0xf4, 0x1c, 0x8c, 0xdc, 0x8a, 0x03, 0x7f, 0x39, 0x70, 0x7d, 0x21, 0x82, 0xe8, 0x46, - 0xf8, 0xe4, 0x9d, 0xdd, 0x89, 0x11, 0x3a, 0xa2, 0xb2, 0x1d, 0xa7, 0xb0, 0xd0, 0x0c, 0x9c, 0xba, - 0xf5, 0xda, 0xb2, 0x93, 0x18, 0xee, 0x00, 0xb9, 0x71, 0x67, 0x07, 0x16, 0x57, 0x5e, 0xca, 0x00, - 0x71, 0x37, 0xbe, 0xfd, 0x37, 0x4a, 0xf0, 0x48, 0xe6, 0x45, 0x02, 0xcf, 0x0b, 0x3a, 0x09, 0xdd, - 0xd4, 0xa0, 0xaf, 0x59, 0x70, 0xb2, 0x9d, 0xf6, 0x38, 0xc4, 0xc2, 0xb1, 0xfb, 0x81, 0xc2, 0x74, - 0x44, 0xc6, 0xa5, 0x51, 0x1f, 0x17, 0x23, 0x74, 0x32, 0x03, 0x88, 0x71, 0x57, 0x5f, 0xd0, 0x2b, - 0x50, 0x6b, 0x3b, 0xdb, 0xd7, 0xc3, 0xa6, 0x93, 0xc8, 0xfd, 0x64, 0x6f, 0x37, 0x40, 0x27, 0x71, - 0xbd, 0x49, 0x7e, 0xb4, 0x3f, 0x39, 0xef, 0x27, 0x4b, 0xd1, 0x4a, 0x12, 0xb9, 0x7e, 0x8b, 0xbb, - 0xf3, 0x16, 0x25, 0x19, 0xac, 0x29, 0xda, 0x5f, 0xb5, 0xb2, 0x4a, 0x4a, 0x8d, 0x4e, 0xe4, 0x24, - 0xa4, 0xb5, 0x83, 0x3e, 0x0a, 0x15, 0xba, 0xf1, 0x93, 0xa3, 0x72, 0xb3, 0x48, 0xcd, 0x69, 0x7c, - 0x09, 0xad, 0x44, 0xe9, 0xbf, 0x18, 0x73, 0xa6, 0xf6, 0xd7, 0x6a, 0x59, 0x63, 0x81, 0x1d, 0xde, - 0x5e, 0x00, 0x68, 0x05, 0xab, 0xa4, 0x1d, 0x7a, 0x74, 0x58, 0x2c, 0x76, 0x02, 0xa0, 0x7c, 0x1d, - 0x73, 0x0a, 0x82, 0x0d, 0x2c, 0xf4, 0x97, 0x2c, 0x80, 0x96, 0x9c, 0xf3, 0xd2, 0x10, 0xb8, 0x5e, - 0xe4, 0xeb, 0xe8, 0x15, 0xa5, 0xfb, 0xa2, 0x18, 0x62, 0x83, 0x39, 0xfa, 0x69, 0x0b, 0xaa, 0x89, - 0xec, 0x3e, 0x57, 0x8d, 0xab, 0x45, 0xf6, 0x44, 0xbe, 0xb4, 0xb6, 0x89, 0xd4, 0x90, 0x28, 0xbe, - 0xe8, 0x67, 0x2c, 0x80, 0x78, 0xc7, 0x6f, 0x2c, 0x07, 0x9e, 0xdb, 0xd8, 0x11, 0x1a, 0xf3, 0x46, - 0xa1, 0xfe, 0x18, 0x45, 0xbd, 0x3e, 0x46, 0x47, 0x43, 0xff, 0xc7, 0x06, 0x67, 0xf4, 0x71, 0xa8, - 0xc6, 0x62, 0xba, 0x09, 0x1d, 0xb9, 0x5a, 0xac, 0x57, 0x88, 0xd3, 0x16, 0xe2, 0x55, 0xfc, 0xc3, - 0x8a, 0x27, 0xfa, 0x39, 0x0b, 0x4e, 0x84, 0x69, 0x3f, 0x9f, 0x50, 0x87, 0xc5, 0xc9, 0x80, 0x8c, - 0x1f, 0xb1, 0x7e, 0xfa, 0xce, 0xee, 0xc4, 0x89, 0x4c, 0x23, 0xce, 0xf6, 0x82, 0x4a, 0x40, 0x3d, - 0x83, 0x97, 0x42, 0xee, 0x73, 0x1c, 0xd2, 0x12, 0x70, 0x2e, 0x0b, 0xc4, 0xdd, 0xf8, 0x68, 0x19, - 0xce, 0xd0, 0xde, 0xed, 0x70, 0xf3, 0x53, 0xaa, 0x97, 0x98, 0x29, 0xc3, 0x6a, 0xfd, 0x51, 0x31, - 0x43, 0x98, 0x57, 0x3f, 0x8b, 0x83, 0x73, 0x9f, 0x44, 0xbf, 0x6b, 0xc1, 0xa3, 0x2e, 0x53, 0x03, - 0xa6, 0xc3, 0x5c, 0x6b, 0x04, 0x71, 0x12, 0x4b, 0x0a, 0x95, 0x15, 0xbd, 0xd4, 0x4f, 0xfd, 0x07, - 0xc5, 0x1b, 0x3c, 0x3a, 0xbf, 0x47, 0x97, 0xf0, 0x9e, 0x1d, 0x46, 0x3f, 0x02, 0xa3, 0x72, 0x5d, - 0x2c, 0x53, 0x11, 0xcc, 0x14, 0x6d, 0xad, 0x7e, 0xea, 0xce, 0xee, 0xc4, 0xe8, 0xaa, 0x09, 0xc0, - 0x69, 0x3c, 0xfb, 0x5f, 0x97, 0x53, 0xe7, 0x21, 0xca, 0x09, 0xc9, 0xc4, 0x4d, 0x43, 0xfa, 0x7f, - 0xa4, 0xf4, 0x2c, 0x54, 0xdc, 0x28, 0xef, 0x92, 0x16, 0x37, 0xaa, 0x29, 0xc6, 0x06, 0x73, 0x6a, - 0x94, 0x9e, 0x72, 0xb2, 0xae, 0x4e, 0x21, 0x01, 0x5f, 0x29, 0xb2, 0x4b, 0xdd, 0xa7, 0x57, 0x8f, - 0x88, 0xae, 0x9d, 0xea, 0x02, 0xe1, 0xee, 0x2e, 0xa1, 0x8f, 0x41, 0x2d, 0x52, 0xa1, 0x0f, 0xe5, - 0x22, 0xb6, 0x6a, 0x72, 0xda, 0x88, 0xee, 0xa8, 0xe3, 0x18, 0x1d, 0xe4, 0xa0, 0x39, 0xda, 0xbf, - 0x93, 0x3e, 0x02, 0x32, 0x64, 0x47, 0x1f, 0xc7, 0x5b, 0x5f, 0xb4, 0x60, 0x38, 0x0a, 0x3c, 0xcf, - 0xf5, 0x5b, 0x54, 0xce, 0x09, 0x65, 0xfd, 0xa1, 0x63, 0xd1, 0x97, 0x42, 0xa0, 0x31, 0xcb, 0x1a, - 0x6b, 0x9e, 0xd8, 0xec, 0x80, 0xfd, 0x27, 0x16, 0x8c, 0xf7, 0x92, 0xc7, 0x88, 0xc0, 0xdb, 0xa5, - 0xb0, 0x51, 0x43, 0xb1, 0xe4, 0xcf, 0x12, 0x8f, 0x28, 0xbf, 0x77, 0xb5, 0xfe, 0x84, 0x78, 0xcd, - 0xb7, 0x2f, 0xf7, 0x46, 0xc5, 0x7b, 0xd1, 0x41, 0x2f, 0xc3, 0x49, 0xe3, 0xbd, 0x62, 0x35, 0x30, - 0xb5, 0xfa, 0x24, 0x35, 0x80, 0xa6, 0x33, 0xb0, 0xbb, 0xbb, 0x13, 0x0f, 0x65, 0xdb, 0x84, 0xc2, - 0xe8, 0xa2, 0x63, 0xff, 0x72, 0x29, 0xfb, 0xb5, 0x94, 0xae, 0x7f, 0xd3, 0xea, 0xf2, 0x26, 0x7c, - 0xe0, 0x38, 0xf4, 0x2b, 0xf3, 0x3b, 0xa8, 0xf8, 0x91, 0xde, 0x38, 0xf7, 0xf1, 0x80, 0xda, 0xfe, - 0x37, 0x03, 0xb0, 0x47, 0xcf, 0xfa, 0x30, 0xde, 0x0f, 0x7c, 0xaa, 0xf9, 0x79, 0x4b, 0x9d, 0x78, - 0xf1, 0x35, 0xdc, 0x3c, 0xae, 0xb1, 0xe7, 0xfb, 0xa7, 0x98, 0x07, 0x49, 0x28, 0x2f, 0x7a, 0xfa, - 0x6c, 0x0d, 0x7d, 0xdd, 0x4a, 0x9f, 0xd9, 0xf1, 0xa8, 0x37, 0xf7, 0xd8, 0xfa, 0x64, 0x1c, 0x04, - 0xf2, 0x8e, 0xe9, 0xe3, 0xa3, 0x5e, 0x47, 0x84, 0x93, 0x00, 0xeb, 0xae, 0xef, 0x78, 0xee, 0xeb, - 0x74, 0x77, 0x54, 0x61, 0x0a, 0x9e, 0x59, 0x4c, 0x97, 0x54, 0x2b, 0x36, 0x30, 0xce, 0xfd, 0x45, - 0x18, 0x36, 0xde, 0x3c, 0x27, 0xb6, 0xe3, 0x8c, 0x19, 0xdb, 0x51, 0x33, 0x42, 0x32, 0xce, 0xbd, - 0x0f, 0x4e, 0x66, 0x3b, 0x78, 0x90, 0xe7, 0xed, 0xff, 0x35, 0x94, 0x3d, 0x44, 0x5b, 0x25, 0x51, - 0x9b, 0x76, 0xed, 0x2d, 0xc7, 0xd6, 0x5b, 0x8e, 0xad, 0xb7, 0x1c, 0x5b, 0xe6, 0xd9, 0x84, 0x70, - 0xda, 0x0c, 0xdd, 0x23, 0xa7, 0x4d, 0xca, 0x0d, 0x55, 0x2d, 0xdc, 0x0d, 0x65, 0x7f, 0xa6, 0xcb, - 0x73, 0xbf, 0x1a, 0x11, 0x82, 0x02, 0xa8, 0xf8, 0x41, 0x93, 0x48, 0x1b, 0xf7, 0x4a, 0x31, 0x06, - 0xdb, 0xb5, 0xa0, 0x69, 0xc4, 0x13, 0xd3, 0x7f, 0x31, 0xe6, 0x7c, 0xec, 0x3b, 0x15, 0x48, 0x99, - 0x93, 0xfc, 0xbb, 0xbf, 0x13, 0x86, 0x22, 0x12, 0x06, 0xd7, 0xf1, 0x82, 0xd0, 0x65, 0x3a, 0xe5, - 0x80, 0x37, 0x63, 0x09, 0xa7, 0x3a, 0x2f, 0x74, 0x92, 0x0d, 0xa1, 0xcc, 0x94, 0xce, 0x5b, 0x76, - 0x92, 0x0d, 0xcc, 0x20, 0xe8, 0x7d, 0x30, 0x96, 0x38, 0x51, 0x8b, 0x6e, 0x3b, 0xb6, 0xd8, 0xf4, - 0x12, 0x47, 0xbe, 0x0f, 0x09, 0xdc, 0xb1, 0xd5, 0x14, 0x14, 0x67, 0xb0, 0xd1, 0x6b, 0x30, 0xb0, - 0x41, 0xbc, 0xb6, 0xf8, 0xf4, 0x2b, 0xc5, 0xe9, 0x1a, 0xf6, 0xae, 0x97, 0x89, 0xd7, 0xe6, 0x92, - 0x90, 0xfe, 0xc2, 0x8c, 0x15, 0x9d, 0xf7, 0xb5, 0xcd, 0x4e, 0x9c, 0x04, 0x6d, 0xf7, 0x75, 0xe9, - 0xe9, 0xfc, 0x40, 0xc1, 0x8c, 0xaf, 0x4a, 0xfa, 0xdc, 0xa5, 0xa4, 0xfe, 0x62, 0xcd, 0x99, 0xf5, - 0xa3, 0xe9, 0x46, 0x6c, 0xca, 0xec, 0x08, 0x87, 0x65, 0xd1, 0xfd, 0x98, 0x95, 0xf4, 0x79, 0x3f, - 0xd4, 0x5f, 0xac, 0x39, 0xa3, 0x1d, 0xb5, 0xfe, 0x86, 0x59, 0x1f, 0xae, 0x17, 0xdc, 0x07, 0xbe, - 0xf6, 0x72, 0xd7, 0xe1, 0x13, 0x50, 0x69, 0x6c, 0x38, 0x51, 0x32, 0x3e, 0xc2, 0x26, 0x8d, 0x9a, - 0xc5, 0x33, 0xb4, 0x11, 0x73, 0x18, 0x7a, 0x0c, 0xca, 0x11, 0x59, 0x67, 0xe1, 0xab, 0x46, 0x60, - 0x13, 0x26, 0xeb, 0x98, 0xb6, 0xdb, 0xbf, 0x58, 0x4a, 0x9b, 0x6d, 0xe9, 0xf7, 0xe6, 0xb3, 0xbd, - 0xd1, 0x89, 0x62, 0xe9, 0xfe, 0x32, 0x66, 0x3b, 0x6b, 0xc6, 0x12, 0x8e, 0x3e, 0x69, 0xc1, 0xd0, - 0xad, 0x38, 0xf0, 0x7d, 0x92, 0x08, 0x15, 0x79, 0xa3, 0xe0, 0xa1, 0xb8, 0xc2, 0xa9, 0xeb, 0x3e, - 0x88, 0x06, 0x2c, 0xf9, 0xd2, 0xee, 0x92, 0xed, 0x86, 0xd7, 0x69, 0x76, 0xc5, 0xaa, 0x5c, 0xe4, - 0xcd, 0x58, 0xc2, 0x29, 0xaa, 0xeb, 0x73, 0xd4, 0x81, 0x34, 0xea, 0xbc, 0x2f, 0x50, 0x05, 0xdc, - 0xfe, 0x6b, 0x83, 0x70, 0x36, 0x77, 0x71, 0x50, 0x83, 0x8a, 0x99, 0x2c, 0x97, 0x5c, 0x8f, 0xc8, - 0x28, 0x2d, 0x66, 0x50, 0xdd, 0x50, 0xad, 0xd8, 0xc0, 0x40, 0x3f, 0x05, 0x10, 0x3a, 0x91, 0xd3, - 0x26, 0xca, 0x3d, 0x7d, 0x64, 0xbb, 0x85, 0xf6, 0x63, 0x59, 0xd2, 0xd4, 0x5b, 0x74, 0xd5, 0x14, - 0x63, 0x83, 0x25, 0x7a, 0x1e, 0x86, 0x23, 0xe2, 0x11, 0x27, 0x66, 0xd1, 0xcf, 0xd9, 0x54, 0x0e, - 0xac, 0x41, 0xd8, 0xc4, 0x43, 0x4f, 0xaa, 0x80, 0xb6, 0x4c, 0x60, 0x4f, 0x3a, 0xa8, 0x0d, 0xbd, - 0x61, 0xc1, 0xd8, 0xba, 0xeb, 0x11, 0xcd, 0x5d, 0x24, 0x5e, 0x2c, 0x1d, 0xfd, 0x25, 0x2f, 0x99, - 0x74, 0xb5, 0x84, 0x4c, 0x35, 0xc7, 0x38, 0xc3, 0x9e, 0x7e, 0xe6, 0x2d, 0x12, 0x31, 0xd1, 0x3a, - 0x98, 0xfe, 0xcc, 0x37, 0x78, 0x33, 0x96, 0x70, 0x34, 0x0d, 0x27, 0x42, 0x27, 0x8e, 0x67, 0x22, - 0xd2, 0x24, 0x7e, 0xe2, 0x3a, 0x1e, 0x4f, 0x8b, 0xa8, 0xea, 0xb0, 0xe8, 0xe5, 0x34, 0x18, 0x67, - 0xf1, 0xd1, 0x07, 0xe1, 0x61, 0xee, 0xff, 0x59, 0x74, 0xe3, 0xd8, 0xf5, 0x5b, 0x7a, 0x1a, 0x08, - 0x37, 0xd8, 0x84, 0x20, 0xf5, 0xf0, 0x7c, 0x3e, 0x1a, 0xee, 0xf5, 0x3c, 0x7a, 0x1a, 0xaa, 0xf1, - 0xa6, 0x1b, 0xce, 0x44, 0xcd, 0x98, 0x9d, 0xfd, 0x54, 0xb5, 0xd3, 0x75, 0x45, 0xb4, 0x63, 0x85, - 0x81, 0x1a, 0x30, 0xc2, 0x3f, 0x09, 0x8f, 0xc8, 0x13, 0xf2, 0xf1, 0x99, 0x9e, 0x6a, 0x5a, 0x64, - 0xf9, 0x4d, 0x62, 0xe7, 0xf6, 0x45, 0x79, 0x12, 0xc5, 0x0f, 0x4e, 0x6e, 0x18, 0x64, 0x70, 0x8a, - 0xa8, 0xfd, 0xf3, 0xa5, 0xf4, 0xce, 0xdf, 0x5c, 0xa4, 0x28, 0xa6, 0x4b, 0x31, 0xb9, 0xe1, 0x44, - 0x52, 0x61, 0x1f, 0x31, 0x7b, 0x43, 0xd0, 0xbd, 0xe1, 0x44, 0xe6, 0xa2, 0x66, 0x0c, 0xb0, 0xe4, - 0x84, 0x6e, 0xc1, 0x40, 0xe2, 0x39, 0x05, 0xa5, 0x7b, 0x19, 0x1c, 0xb5, 0x23, 0x66, 0x61, 0x3a, - 0xc6, 0x8c, 0x07, 0x7a, 0x94, 0xee, 0x3e, 0xd6, 0xe4, 0x49, 0x91, 0xd8, 0x30, 0xac, 0xc5, 0x98, - 0xb5, 0xda, 0x77, 0x21, 0x47, 0xae, 0x2a, 0x45, 0x86, 0x2e, 0x00, 0xd0, 0x8d, 0xec, 0x72, 0x44, - 0xd6, 0xdd, 0x6d, 0x61, 0x48, 0xa8, 0xb5, 0x7b, 0x4d, 0x41, 0xb0, 0x81, 0x25, 0x9f, 0x59, 0xe9, - 0xac, 0xd3, 0x67, 0x4a, 0xdd, 0xcf, 0x70, 0x08, 0x36, 0xb0, 0xd0, 0x73, 0x30, 0xe8, 0xb6, 0x9d, - 0x96, 0x8a, 0x44, 0x7d, 0x94, 0x2e, 0xda, 0x79, 0xd6, 0x72, 0x77, 0x77, 0x62, 0x4c, 0x75, 0x88, - 0x35, 0x61, 0x81, 0x8b, 0x7e, 0xd9, 0x82, 0x91, 0x46, 0xd0, 0x6e, 0x07, 0x3e, 0xdf, 0xfe, 0x89, - 0xbd, 0xec, 0xad, 0xe3, 0x52, 0xf3, 0x93, 0x33, 0x06, 0x33, 0xbe, 0x99, 0x55, 0x79, 0x69, 0x26, - 0x08, 0xa7, 0x7a, 0x65, 0xae, 0xed, 0xca, 0x3e, 0x6b, 0xfb, 0xd7, 0x2c, 0x38, 0xc5, 0x9f, 0x35, - 0x76, 0xa5, 0x22, 0x05, 0x2b, 0x38, 0xe6, 0xd7, 0xea, 0xda, 0xa8, 0x2b, 0x67, 0x65, 0x17, 0x1c, - 0x77, 0x77, 0x12, 0xcd, 0xc1, 0xa9, 0xf5, 0x20, 0x6a, 0x10, 0x73, 0x20, 0x84, 0x60, 0x52, 0x84, - 0x2e, 0x65, 0x11, 0x70, 0xf7, 0x33, 0xe8, 0x06, 0x3c, 0x64, 0x34, 0x9a, 0xe3, 0xc0, 0x65, 0xd3, - 0xe3, 0x82, 0xda, 0x43, 0x97, 0x72, 0xb1, 0x70, 0x8f, 0xa7, 0xd3, 0x8e, 0x9b, 0x5a, 0x1f, 0x8e, - 0x9b, 0x57, 0xe1, 0x91, 0x46, 0xf7, 0xc8, 0x6c, 0xc5, 0x9d, 0xb5, 0x98, 0x4b, 0xaa, 0x6a, 0xfd, - 0x07, 0x04, 0x81, 0x47, 0x66, 0x7a, 0x21, 0xe2, 0xde, 0x34, 0xd0, 0x47, 0xa1, 0x1a, 0x11, 0xf6, - 0x55, 0x62, 0x91, 0x8f, 0x74, 0xc4, 0xdd, 0xba, 0xb6, 0x40, 0x39, 0x59, 0x2d, 0x7b, 0x45, 0x43, - 0x8c, 0x15, 0x47, 0x74, 0x1b, 0x86, 0x42, 0x27, 0x69, 0x6c, 0x88, 0x2c, 0xa4, 0x23, 0xfb, 0x96, - 0x15, 0x73, 0x76, 0x14, 0x60, 0xe4, 0x2d, 0x73, 0x26, 0x58, 0x72, 0xa3, 0xd6, 0x48, 0x23, 0x68, - 0x87, 0x81, 0x4f, 0xfc, 0x24, 0x1e, 0x1f, 0xd5, 0xd6, 0xc8, 0x8c, 0x6a, 0xc5, 0x06, 0x06, 0x5a, - 0x86, 0x33, 0xcc, 0x77, 0x75, 0xd3, 0x4d, 0x36, 0x82, 0x4e, 0x22, 0xb7, 0x62, 0xe3, 0x63, 0xe9, - 0x13, 0x9b, 0x85, 0x1c, 0x1c, 0x9c, 0xfb, 0xe4, 0xb9, 0xf7, 0xc3, 0xa9, 0xae, 0xa5, 0x7c, 0x20, - 0xb7, 0xd1, 0x2c, 0x3c, 0x94, 0xbf, 0x68, 0x0e, 0xe4, 0x3c, 0xfa, 0x47, 0x99, 0xe8, 0x61, 0xc3, - 0x90, 0xee, 0xc3, 0x11, 0xe9, 0x40, 0x99, 0xf8, 0x5b, 0x42, 0x87, 0x5c, 0x3a, 0xda, 0xb7, 0xbb, - 0xe8, 0x6f, 0xf1, 0x35, 0xcf, 0xbc, 0x2d, 0x17, 0xfd, 0x2d, 0x4c, 0x69, 0xa3, 0x2f, 0x5b, 0x29, - 0x43, 0x90, 0xbb, 0x2f, 0x3f, 0x7c, 0x2c, 0x3b, 0x87, 0xbe, 0x6d, 0x43, 0xfb, 0xdf, 0x96, 0xe0, - 0xfc, 0x7e, 0x44, 0xfa, 0x18, 0xbe, 0x27, 0x60, 0x30, 0x66, 0xf1, 0x00, 0x42, 0x28, 0x0f, 0xd3, - 0xb9, 0xca, 0x23, 0x04, 0x5e, 0xc5, 0x02, 0x84, 0x3c, 0x28, 0xb7, 0x9d, 0x50, 0x78, 0xb5, 0xe6, - 0x8f, 0x9a, 0x4f, 0x44, 0xff, 0x3b, 0xde, 0xa2, 0x13, 0x72, 0x5f, 0x89, 0xd1, 0x80, 0x29, 0x1b, - 0x94, 0x40, 0xc5, 0x89, 0x22, 0x47, 0x1e, 0x3e, 0x5f, 0x2d, 0x86, 0xdf, 0x34, 0x25, 0xc9, 0xcf, - 0xee, 0x52, 0x4d, 0x98, 0x33, 0xb3, 0x3f, 0x3f, 0x94, 0xca, 0xa9, 0x61, 0x11, 0x05, 0x31, 0x0c, - 0x0a, 0x67, 0x96, 0x55, 0x74, 0x1a, 0x17, 0x4f, 0x8a, 0x64, 0xfb, 0x44, 0x91, 0x5a, 0x2e, 0x58, - 0xa1, 0xcf, 0x59, 0x2c, 0x81, 0x5b, 0xe6, 0x19, 0x89, 0xdd, 0xd9, 0xf1, 0xe4, 0x93, 0x9b, 0x69, - 0xe1, 0xb2, 0x11, 0x9b, 0xdc, 0x45, 0x21, 0x06, 0x66, 0x95, 0x76, 0x17, 0x62, 0x60, 0x56, 0xa6, - 0x84, 0xa3, 0xed, 0x9c, 0xc8, 0x81, 0x02, 0x92, 0x80, 0xfb, 0x88, 0x15, 0xf8, 0xba, 0x05, 0xa7, - 0xdc, 0xec, 0x11, 0xb0, 0xd8, 0xcb, 0xdc, 0x2c, 0xc6, 0xf3, 0xd4, 0x7d, 0xc2, 0xac, 0xd4, 0x79, - 0x17, 0x08, 0x77, 0x77, 0x06, 0x35, 0x61, 0xc0, 0xf5, 0xd7, 0x03, 0x61, 0xc4, 0xd4, 0x8f, 0xd6, - 0xa9, 0x79, 0x7f, 0x3d, 0xd0, 0xab, 0x99, 0xfe, 0xc3, 0x8c, 0x3a, 0x5a, 0x80, 0x33, 0x91, 0xf0, - 0x36, 0x5d, 0x76, 0xe3, 0x24, 0x88, 0x76, 0x16, 0xdc, 0xb6, 0x9b, 0x30, 0x03, 0xa4, 0x5c, 0x1f, - 0xa7, 0xfa, 0x01, 0xe7, 0xc0, 0x71, 0xee, 0x53, 0xe8, 0x75, 0x18, 0x92, 0xc7, 0xae, 0xd5, 0x22, - 0xf6, 0x85, 0xdd, 0xf3, 0x5f, 0x4d, 0xa6, 0x15, 0x71, 0xee, 0x2a, 0x19, 0xda, 0x6f, 0x0c, 0x43, - 0xf7, 0xe9, 0x70, 0xfa, 0x28, 0xd8, 0xba, 0xd7, 0x47, 0xc1, 0x74, 0xc3, 0x12, 0xeb, 0x53, 0xdc, - 0x02, 0xe6, 0xb6, 0xe0, 0xaa, 0x4f, 0xe8, 0x76, 0xfc, 0x06, 0x66, 0x3c, 0x50, 0x04, 0x83, 0x1b, - 0xc4, 0xf1, 0x92, 0x8d, 0x62, 0x0e, 0x13, 0x2e, 0x33, 0x5a, 0xd9, 0x5c, 0x28, 0xde, 0x8a, 0x05, - 0x27, 0xb4, 0x0d, 0x43, 0x1b, 0x7c, 0x02, 0x88, 0x3d, 0xc4, 0xe2, 0x51, 0x07, 0x37, 0x35, 0xab, - 0xf4, 0xe7, 0x16, 0x0d, 0x58, 0xb2, 0x63, 0x61, 0x47, 0x46, 0x60, 0x04, 0x5f, 0xba, 0xc5, 0xa5, - 0x81, 0xf5, 0x1f, 0x15, 0xf1, 0x11, 0x18, 0x89, 0x48, 0x23, 0xf0, 0x1b, 0xae, 0x47, 0x9a, 0xd3, - 0xf2, 0xa0, 0xe0, 0x20, 0xc9, 0x43, 0x6c, 0x1f, 0x8e, 0x0d, 0x1a, 0x38, 0x45, 0x11, 0x7d, 0xd6, - 0x82, 0x31, 0x95, 0x3a, 0x4b, 0x3f, 0x08, 0x11, 0x0e, 0xe1, 0x85, 0x82, 0x12, 0x75, 0x19, 0xcd, - 0x3a, 0xba, 0xb3, 0x3b, 0x31, 0x96, 0x6e, 0xc3, 0x19, 0xbe, 0xe8, 0x65, 0x80, 0x60, 0x8d, 0xc7, - 0x16, 0x4d, 0x27, 0xc2, 0x3b, 0x7c, 0x90, 0x57, 0x1d, 0xe3, 0x59, 0x84, 0x92, 0x02, 0x36, 0xa8, - 0xa1, 0xab, 0x00, 0x7c, 0xd9, 0xac, 0xee, 0x84, 0x72, 0xa3, 0x21, 0xb3, 0xbf, 0x60, 0x45, 0x41, - 0xee, 0xee, 0x4e, 0x74, 0x7b, 0xeb, 0x58, 0x00, 0x85, 0xf1, 0x38, 0xfa, 0x49, 0x18, 0x8a, 0x3b, - 0xed, 0xb6, 0xa3, 0x7c, 0xc7, 0x05, 0xe6, 0x25, 0x72, 0xba, 0x86, 0x28, 0xe2, 0x0d, 0x58, 0x72, - 0x44, 0xb7, 0xa8, 0x50, 0x8d, 0x85, 0x1b, 0x91, 0xad, 0x22, 0x6e, 0x13, 0x0c, 0xb3, 0x77, 0x7a, - 0x8f, 0x34, 0xbc, 0x71, 0x0e, 0xce, 0xdd, 0xdd, 0x89, 0x87, 0xd2, 0xed, 0x0b, 0x81, 0xc8, 0x14, - 0xcc, 0xa5, 0x89, 0xae, 0xc8, 0x02, 0x34, 0xf4, 0xb5, 0x65, 0x5d, 0x84, 0xa7, 0x74, 0x01, 0x1a, - 0xd6, 0xdc, 0x7b, 0xcc, 0xcc, 0x87, 0xd1, 0x22, 0x9c, 0x6e, 0x04, 0x7e, 0x12, 0x05, 0x9e, 0xc7, - 0x0b, 0x30, 0xf1, 0x3d, 0x1f, 0xf7, 0x2d, 0xbf, 0x5d, 0x74, 0xfb, 0xf4, 0x4c, 0x37, 0x0a, 0xce, - 0x7b, 0xce, 0xf6, 0xd3, 0xe7, 0x3c, 0x62, 0x70, 0x9e, 0x83, 0x11, 0xb2, 0x9d, 0x90, 0xc8, 0x77, - 0xbc, 0xeb, 0x78, 0x41, 0x7a, 0x55, 0xd9, 0x1a, 0xb8, 0x68, 0xb4, 0xe3, 0x14, 0x16, 0xb2, 0x95, - 0xa3, 0xc3, 0xc8, 0x7e, 0xe5, 0x8e, 0x0e, 0xe9, 0xd6, 0xb0, 0xff, 0x77, 0x29, 0x65, 0x90, 0xdd, - 0x97, 0x53, 0x25, 0x56, 0xc6, 0x43, 0xd6, 0x3b, 0x61, 0x00, 0xb1, 0xd1, 0x28, 0x92, 0xb3, 0x2a, - 0xe3, 0xb1, 0x64, 0x32, 0xc2, 0x69, 0xbe, 0x68, 0x13, 0x2a, 0x1b, 0x41, 0x9c, 0xc8, 0xed, 0xc7, - 0x11, 0x77, 0x3a, 0x97, 0x83, 0x38, 0x61, 0x56, 0x84, 0x7a, 0x6d, 0xda, 0x12, 0x63, 0xce, 0xc3, - 0xfe, 0x2f, 0x56, 0xca, 0x87, 0x7e, 0x93, 0x05, 0x20, 0x6f, 0x11, 0x9f, 0x2e, 0x6b, 0x33, 0xe4, - 0xe9, 0x47, 0x32, 0xe9, 0x9c, 0xef, 0xe8, 0x55, 0x5f, 0xec, 0x36, 0xa5, 0x30, 0xc9, 0x48, 0x18, - 0xd1, 0x51, 0x9f, 0xb0, 0xd2, 0x89, 0xb5, 0xa5, 0x22, 0x36, 0x18, 0x66, 0x72, 0xf9, 0xbe, 0x39, - 0xba, 0xf6, 0x97, 0x2d, 0x18, 0xaa, 0x3b, 0x8d, 0xcd, 0x60, 0x7d, 0x1d, 0x3d, 0x0d, 0xd5, 0x66, - 0x27, 0x32, 0x73, 0x7c, 0x95, 0xe3, 0x60, 0x56, 0xb4, 0x63, 0x85, 0x41, 0xe7, 0xf0, 0xba, 0xd3, - 0x90, 0x29, 0xe6, 0x65, 0x3e, 0x87, 0x2f, 0xb1, 0x16, 0x2c, 0x20, 0xe8, 0x79, 0x18, 0x6e, 0x3b, - 0xdb, 0xf2, 0xe1, 0xac, 0x03, 0x7f, 0x51, 0x83, 0xb0, 0x89, 0x67, 0xff, 0x0b, 0x0b, 0xc6, 0xeb, - 0x4e, 0xec, 0x36, 0xa6, 0x3b, 0xc9, 0x46, 0xdd, 0x4d, 0xd6, 0x3a, 0x8d, 0x4d, 0x92, 0xf0, 0xba, - 0x02, 0xb4, 0x97, 0x9d, 0x98, 0x2e, 0x25, 0xb5, 0xaf, 0x53, 0xbd, 0xbc, 0x2e, 0xda, 0xb1, 0xc2, - 0x40, 0xaf, 0xc3, 0x70, 0xe8, 0xc4, 0xf1, 0xed, 0x20, 0x6a, 0x62, 0xb2, 0x5e, 0x4c, 0x55, 0x8f, - 0x15, 0xd2, 0x88, 0x48, 0x82, 0xc9, 0xba, 0x38, 0xec, 0xd6, 0xf4, 0xb1, 0xc9, 0xcc, 0xfe, 0xa2, - 0x05, 0x8f, 0xd4, 0x89, 0x13, 0x91, 0x88, 0x15, 0x01, 0x51, 0x2f, 0x32, 0xe3, 0x05, 0x9d, 0x26, - 0x7a, 0x0d, 0xaa, 0x09, 0x6d, 0xa6, 0xdd, 0xb2, 0x8a, 0xed, 0x16, 0x3b, 0xab, 0x5e, 0x15, 0xc4, - 0xb1, 0x62, 0x63, 0xff, 0x75, 0x0b, 0x46, 0xd8, 0x71, 0xdb, 0x2c, 0x49, 0x1c, 0xd7, 0xeb, 0xaa, - 0x95, 0x65, 0xf5, 0x59, 0x2b, 0xeb, 0x3c, 0x0c, 0x6c, 0x04, 0x6d, 0x92, 0x3d, 0x2a, 0xbe, 0x1c, - 0xd0, 0x6d, 0x35, 0x85, 0xa0, 0x67, 0xe9, 0x87, 0x77, 0xfd, 0xc4, 0xa1, 0x4b, 0x40, 0xba, 0x73, - 0x4f, 0xf0, 0x8f, 0xae, 0x9a, 0xb1, 0x89, 0x63, 0xff, 0x66, 0x0d, 0x86, 0x44, 0x5c, 0x43, 0xdf, - 0xb5, 0x25, 0xe4, 0xfe, 0xbe, 0xd4, 0x73, 0x7f, 0x1f, 0xc3, 0x60, 0x83, 0x15, 0xed, 0x13, 0x66, - 0xe4, 0xd5, 0x42, 0x02, 0x61, 0x78, 0x1d, 0x40, 0xdd, 0x2d, 0xfe, 0x1f, 0x0b, 0x56, 0xe8, 0x4b, - 0x16, 0x9c, 0x68, 0x04, 0xbe, 0x4f, 0x1a, 0xda, 0xc6, 0x19, 0x28, 0x22, 0xde, 0x61, 0x26, 0x4d, - 0x54, 0x9f, 0xf5, 0x64, 0x00, 0x38, 0xcb, 0x1e, 0xbd, 0x08, 0xa3, 0x7c, 0xcc, 0x6e, 0xa4, 0x7c, - 0xd0, 0xba, 0x84, 0x92, 0x09, 0xc4, 0x69, 0x5c, 0x34, 0xc9, 0x7d, 0xf9, 0xa2, 0x58, 0xd1, 0xa0, - 0x76, 0xd5, 0x19, 0x65, 0x8a, 0x0c, 0x0c, 0x14, 0x01, 0x8a, 0xc8, 0x7a, 0x44, 0xe2, 0x0d, 0x11, - 0xf7, 0xc1, 0xec, 0xab, 0xa1, 0xc3, 0xe5, 0xa1, 0xe3, 0x2e, 0x4a, 0x38, 0x87, 0x3a, 0xda, 0x14, - 0x1b, 0xcc, 0x6a, 0x11, 0x32, 0x54, 0x7c, 0xe6, 0x9e, 0xfb, 0xcc, 0x09, 0xa8, 0xc4, 0x1b, 0x4e, - 0xd4, 0x64, 0x76, 0x5d, 0x99, 0xe7, 0x3e, 0xad, 0xd0, 0x06, 0xcc, 0xdb, 0xd1, 0x2c, 0x9c, 0xcc, - 0x14, 0x80, 0x8a, 0x85, 0xaf, 0x58, 0xe5, 0xb9, 0x64, 0x4a, 0x47, 0xc5, 0xb8, 0xeb, 0x09, 0xd3, - 0xf9, 0x30, 0xbc, 0x8f, 0xf3, 0x61, 0x47, 0x45, 0x17, 0x72, 0x2f, 0xee, 0x4b, 0x85, 0x0c, 0x40, - 0x5f, 0xa1, 0x84, 0x5f, 0xc8, 0x84, 0x12, 0x8e, 0xb2, 0x0e, 0xdc, 0x28, 0xa6, 0x03, 0x07, 0x8f, - 0x1b, 0xbc, 0x9f, 0x71, 0x80, 0x7f, 0x6e, 0x81, 0xfc, 0xae, 0x33, 0x4e, 0x63, 0x83, 0xd0, 0x29, - 0x83, 0xde, 0x07, 0x63, 0x6a, 0x0b, 0x3d, 0x13, 0x74, 0x7c, 0x1e, 0x02, 0x58, 0xd6, 0x87, 0xc2, - 0x38, 0x05, 0xc5, 0x19, 0x6c, 0x34, 0x05, 0x35, 0x3a, 0x4e, 0xfc, 0x51, 0xae, 0x6b, 0xd5, 0x36, - 0x7d, 0x7a, 0x79, 0x5e, 0x3c, 0xa5, 0x71, 0x50, 0x00, 0xa7, 0x3c, 0x27, 0x4e, 0x58, 0x0f, 0xe8, - 0x8e, 0xfa, 0x90, 0x55, 0x20, 0x58, 0x32, 0xc5, 0x42, 0x96, 0x10, 0xee, 0xa6, 0x6d, 0x7f, 0x7b, - 0x00, 0x46, 0x53, 0x92, 0xf1, 0x80, 0x4a, 0xfa, 0x69, 0xa8, 0x4a, 0xbd, 0x99, 0xad, 0x57, 0xa3, - 0x94, 0xab, 0xc2, 0xa0, 0x4a, 0x6b, 0x4d, 0x6b, 0xd5, 0xac, 0x51, 0x61, 0x28, 0x5c, 0x6c, 0xe2, - 0x31, 0xa1, 0x9c, 0x78, 0xf1, 0x8c, 0xe7, 0x12, 0x3f, 0xe1, 0xdd, 0x2c, 0x46, 0x28, 0xaf, 0x2e, - 0xac, 0x98, 0x44, 0xb5, 0x50, 0xce, 0x00, 0x70, 0x96, 0x3d, 0xfa, 0xb4, 0x05, 0xa3, 0xce, 0xed, - 0x58, 0x57, 0x96, 0x15, 0x41, 0x83, 0x47, 0x54, 0x52, 0xa9, 0x62, 0xb5, 0xdc, 0xe5, 0x9b, 0x6a, - 0xc2, 0x69, 0xa6, 0xe8, 0x4d, 0x0b, 0x10, 0xd9, 0x26, 0x0d, 0x19, 0xd6, 0x28, 0xfa, 0x32, 0x58, - 0xc4, 0x4e, 0xf3, 0x62, 0x17, 0x5d, 0x2e, 0xd5, 0xbb, 0xdb, 0x71, 0x4e, 0x1f, 0xec, 0x7f, 0x5a, - 0x56, 0x0b, 0x4a, 0x47, 0xd2, 0x3a, 0x46, 0x44, 0x9f, 0x75, 0xf8, 0x88, 0x3e, 0x1d, 0x91, 0xd0, - 0x9d, 0x5c, 0x9a, 0xca, 0x45, 0x2b, 0xdd, 0xa7, 0x5c, 0xb4, 0x9f, 0xb6, 0x52, 0x95, 0x99, 0x86, - 0x2f, 0xbc, 0x5c, 0x6c, 0x14, 0xef, 0x24, 0x8f, 0x96, 0xc8, 0x48, 0xf7, 0x74, 0x90, 0x0c, 0x95, - 0xa6, 0x06, 0xda, 0x81, 0xa4, 0xe1, 0xbf, 0x2f, 0xc3, 0xb0, 0xa1, 0x49, 0x73, 0xcd, 0x22, 0xeb, - 0x01, 0x33, 0x8b, 0x4a, 0x07, 0x30, 0x8b, 0x7e, 0x0a, 0x6a, 0x0d, 0x29, 0xe5, 0x8b, 0xa9, 0x4d, - 0x9c, 0xd5, 0x1d, 0x5a, 0xd0, 0xab, 0x26, 0xac, 0x79, 0xa2, 0xb9, 0x54, 0x06, 0x93, 0xd0, 0x10, - 0x03, 0x4c, 0x43, 0xe4, 0xa5, 0x18, 0x09, 0x4d, 0xd1, 0xfd, 0x0c, 0x2b, 0xe0, 0x15, 0xba, 0xe2, - 0xbd, 0x64, 0xac, 0x3d, 0x2f, 0xe0, 0xb5, 0x3c, 0x2f, 0x9b, 0xb1, 0x89, 0x63, 0x7f, 0xdb, 0x52, - 0x1f, 0xf7, 0x1e, 0x94, 0xaa, 0xb8, 0x95, 0x2e, 0x55, 0x71, 0xb1, 0x90, 0x61, 0xee, 0x51, 0xa3, - 0xe2, 0x1a, 0x0c, 0xcd, 0x04, 0xed, 0xb6, 0xe3, 0x37, 0xd1, 0x0f, 0xc1, 0x50, 0x83, 0xff, 0x14, - 0x8e, 0x1d, 0x76, 0x3c, 0x28, 0xa0, 0x58, 0xc2, 0xd0, 0xa3, 0x30, 0xe0, 0x44, 0x2d, 0xe9, 0xcc, - 0x61, 0xc1, 0x35, 0xd3, 0x51, 0x2b, 0xc6, 0xac, 0xd5, 0xfe, 0x87, 0x03, 0xc0, 0xce, 0xb4, 0x9d, - 0x88, 0x34, 0x57, 0x03, 0x56, 0x1b, 0xf1, 0x58, 0x0f, 0xd5, 0xf4, 0x66, 0xe9, 0x41, 0x3e, 0x58, - 0x33, 0x0e, 0x57, 0xca, 0xf7, 0xf8, 0x70, 0xa5, 0xc7, 0x79, 0xd9, 0xc0, 0x03, 0x74, 0x5e, 0x66, - 0x7f, 0xde, 0x02, 0xa4, 0x02, 0x21, 0xf4, 0x81, 0xf6, 0x14, 0xd4, 0x54, 0x48, 0x84, 0x30, 0xac, - 0xb4, 0x88, 0x90, 0x00, 0xac, 0x71, 0xfa, 0xd8, 0x21, 0x3f, 0x21, 0xe5, 0x77, 0x39, 0x1d, 0x97, - 0xcb, 0xa4, 0xbe, 0x10, 0xe7, 0xf6, 0x6f, 0x95, 0xe0, 0x21, 0xae, 0x92, 0x17, 0x1d, 0xdf, 0x69, - 0x91, 0x36, 0xed, 0x55, 0xbf, 0x21, 0x0a, 0x0d, 0xba, 0x35, 0x73, 0x65, 0x9c, 0xed, 0x51, 0xd7, - 0x2e, 0x5f, 0x73, 0x7c, 0x95, 0xcd, 0xfb, 0x6e, 0x82, 0x19, 0x71, 0x14, 0x43, 0x55, 0x16, 0xee, - 0x17, 0xb2, 0xb8, 0x20, 0x46, 0x4a, 0x2c, 0x09, 0xbd, 0x49, 0xb0, 0x62, 0x44, 0x0d, 0x57, 0x2f, - 0x68, 0x6c, 0x62, 0x12, 0x06, 0x4c, 0xee, 0x1a, 0x61, 0x8e, 0x0b, 0xa2, 0x1d, 0x2b, 0x0c, 0xfb, - 0xb7, 0x2c, 0xc8, 0x6a, 0x24, 0xa3, 0x08, 0x9d, 0xb5, 0x67, 0x11, 0xba, 0x03, 0x54, 0x81, 0xfb, - 0x09, 0x18, 0x76, 0x12, 0x6a, 0x44, 0xf0, 0x6d, 0x77, 0xf9, 0x70, 0xc7, 0x1a, 0x8b, 0x41, 0xd3, - 0x5d, 0x77, 0xd9, 0x76, 0xdb, 0x24, 0x67, 0xff, 0x8f, 0x01, 0x38, 0xd5, 0x95, 0x95, 0x82, 0x5e, - 0x80, 0x91, 0x86, 0x98, 0x1e, 0xa1, 0x74, 0x68, 0xd5, 0xcc, 0xb0, 0x38, 0x0d, 0xc3, 0x29, 0xcc, - 0x3e, 0x26, 0xe8, 0x3c, 0x9c, 0x8e, 0xe8, 0x46, 0xbf, 0x43, 0xa6, 0xd7, 0x13, 0x12, 0xad, 0x90, - 0x46, 0xe0, 0x37, 0x79, 0xa9, 0xc4, 0x72, 0xfd, 0xe1, 0x3b, 0xbb, 0x13, 0xa7, 0x71, 0x37, 0x18, - 0xe7, 0x3d, 0x83, 0x42, 0x18, 0xf5, 0x4c, 0x1b, 0x50, 0x6c, 0x00, 0x0e, 0x65, 0x3e, 0x2a, 0x1b, - 0x21, 0xd5, 0x8c, 0xd3, 0x0c, 0xd2, 0x86, 0x64, 0xe5, 0x3e, 0x19, 0x92, 0x9f, 0xd2, 0x86, 0x24, - 0x3f, 0x7f, 0xff, 0x50, 0xc1, 0x59, 0x49, 0xc7, 0x6d, 0x49, 0xbe, 0x04, 0x55, 0x19, 0x9b, 0xd4, - 0x57, 0x4c, 0x8f, 0x49, 0xa7, 0x87, 0x44, 0x7b, 0x12, 0x7e, 0xf0, 0x62, 0x14, 0x19, 0x83, 0x79, - 0x2d, 0x48, 0xa6, 0x3d, 0x2f, 0xb8, 0x4d, 0x95, 0xf4, 0xf5, 0x98, 0x08, 0x0f, 0x8b, 0x7d, 0xb7, - 0x04, 0x39, 0x9b, 0x15, 0xba, 0x1e, 0xb5, 0x65, 0x90, 0x5a, 0x8f, 0x07, 0xb3, 0x0e, 0xd0, 0x36, - 0x8f, 0xdf, 0xe2, 0x3a, 0xf0, 0x83, 0x45, 0x6f, 0xb6, 0x74, 0x48, 0x97, 0x4a, 0xa6, 0x50, 0x61, - 0x5d, 0x17, 0x00, 0xb4, 0x41, 0x27, 0x42, 0xe5, 0xd5, 0xf1, 0xb0, 0xb6, 0xfb, 0xb0, 0x81, 0x45, - 0xf7, 0xde, 0xae, 0x1f, 0x27, 0x8e, 0xe7, 0x5d, 0x76, 0xfd, 0x44, 0x38, 0x11, 0x95, 0xb2, 0x9f, - 0xd7, 0x20, 0x6c, 0xe2, 0x9d, 0x7b, 0x8f, 0xf1, 0xfd, 0x0e, 0xf2, 0xdd, 0x37, 0xe0, 0x91, 0x39, - 0x37, 0x51, 0x09, 0x1e, 0x6a, 0xbe, 0x51, 0x7b, 0x4d, 0x25, 0x2c, 0x59, 0x3d, 0x13, 0x96, 0x8c, - 0x04, 0x8b, 0x52, 0x3a, 0x1f, 0x24, 0x9b, 0x60, 0x61, 0xbf, 0x00, 0x67, 0xe6, 0xdc, 0xe4, 0x92, - 0xeb, 0x91, 0x03, 0x32, 0xb1, 0x7f, 0x63, 0x10, 0x46, 0xcc, 0x54, 0xc5, 0x83, 0xe4, 0x5c, 0x7d, - 0x91, 0x9a, 0x64, 0xe2, 0xed, 0x5c, 0x75, 0xb8, 0x76, 0xf3, 0xc8, 0x79, 0x93, 0xf9, 0x23, 0x66, - 0x58, 0x65, 0x9a, 0x27, 0x36, 0x3b, 0x80, 0x6e, 0x43, 0x65, 0x9d, 0x25, 0x00, 0x94, 0x8b, 0x88, - 0x40, 0xc8, 0x1b, 0x51, 0xbd, 0x1c, 0x79, 0x0a, 0x01, 0xe7, 0x47, 0x35, 0x69, 0x94, 0xce, 0x2a, - 0x33, 0x82, 0x56, 0x45, 0x3e, 0x99, 0xc2, 0xe8, 0xa5, 0x12, 0x2a, 0x87, 0x50, 0x09, 0x29, 0x01, - 0x3d, 0x78, 0x9f, 0x04, 0x34, 0x4b, 0xe6, 0x48, 0x36, 0x98, 0x9d, 0x27, 0xa2, 0xec, 0x87, 0xd8, - 0x20, 0x18, 0xc9, 0x1c, 0x29, 0x30, 0xce, 0xe2, 0xa3, 0x8f, 0x2b, 0x11, 0x5f, 0x2d, 0xc2, 0xff, - 0x6a, 0xce, 0xe8, 0xe3, 0x96, 0xee, 0x9f, 0x2f, 0xc1, 0xd8, 0x9c, 0xdf, 0x59, 0x9e, 0x5b, 0xee, - 0xac, 0x79, 0x6e, 0xe3, 0x2a, 0xd9, 0xa1, 0x22, 0x7c, 0x93, 0xec, 0xcc, 0xcf, 0x8a, 0x15, 0xa4, - 0xe6, 0xcc, 0x55, 0xda, 0x88, 0x39, 0x8c, 0x0a, 0xa3, 0x75, 0xd7, 0x6f, 0x91, 0x28, 0x8c, 0x5c, - 0xe1, 0x1a, 0x35, 0x84, 0xd1, 0x25, 0x0d, 0xc2, 0x26, 0x1e, 0xa5, 0x1d, 0xdc, 0xf6, 0x49, 0x94, - 0x35, 0x78, 0x97, 0x68, 0x23, 0xe6, 0x30, 0x8a, 0x94, 0x44, 0x9d, 0x38, 0x11, 0x93, 0x51, 0x21, - 0xad, 0xd2, 0x46, 0xcc, 0x61, 0x74, 0xa5, 0xc7, 0x9d, 0x35, 0x16, 0xe0, 0x91, 0x09, 0xe9, 0x5f, - 0xe1, 0xcd, 0x58, 0xc2, 0x29, 0xea, 0x26, 0xd9, 0x99, 0xa5, 0xbb, 0xe3, 0x4c, 0x66, 0xcf, 0x55, - 0xde, 0x8c, 0x25, 0x9c, 0xd5, 0x82, 0x4c, 0x0f, 0xc7, 0xf7, 0x5c, 0x2d, 0xc8, 0x74, 0xf7, 0x7b, - 0xec, 0xb3, 0x7f, 0xc9, 0x82, 0x11, 0x33, 0x2c, 0x0b, 0xb5, 0x32, 0xb6, 0xf0, 0x52, 0x57, 0x29, - 0xe1, 0x1f, 0xcb, 0xbb, 0x87, 0xad, 0xe5, 0x26, 0x41, 0x18, 0x3f, 0x43, 0xfc, 0x96, 0xeb, 0x13, - 0x76, 0xda, 0xce, 0xc3, 0xb9, 0x52, 0x31, 0x5f, 0x33, 0x41, 0x93, 0x1c, 0xc2, 0x98, 0xb6, 0x6f, - 0xc2, 0xa9, 0xae, 0x74, 0xae, 0x3e, 0x4c, 0x90, 0x7d, 0x93, 0x69, 0x6d, 0x0c, 0xc3, 0x94, 0xb0, - 0xac, 0x47, 0x34, 0x03, 0xa7, 0xf8, 0x42, 0xa2, 0x9c, 0x56, 0x1a, 0x1b, 0xa4, 0xad, 0x52, 0xf4, - 0x98, 0x1f, 0xfe, 0x46, 0x16, 0x88, 0xbb, 0xf1, 0xed, 0x2f, 0x58, 0x30, 0x9a, 0xca, 0xb0, 0x2b, - 0xc8, 0x58, 0x62, 0x2b, 0x2d, 0x60, 0x51, 0x82, 0x2c, 0x54, 0xba, 0xcc, 0x94, 0xa9, 0x5e, 0x69, - 0x1a, 0x84, 0x4d, 0x3c, 0xfb, 0xcb, 0x25, 0xa8, 0xca, 0x48, 0x8b, 0x3e, 0xba, 0xf2, 0x39, 0x0b, - 0x46, 0xd5, 0xd9, 0x07, 0x73, 0xaa, 0x95, 0x8a, 0x48, 0x87, 0xa0, 0x3d, 0x50, 0xdb, 0x72, 0x7f, - 0x3d, 0xd0, 0x96, 0x3b, 0x36, 0x99, 0xe1, 0x34, 0x6f, 0x74, 0x03, 0x20, 0xde, 0x89, 0x13, 0xd2, - 0x36, 0xdc, 0x7b, 0xb6, 0xb1, 0xe2, 0x26, 0x1b, 0x41, 0x44, 0xe8, 0xfa, 0xba, 0x16, 0x34, 0xc9, - 0x8a, 0xc2, 0xd4, 0x26, 0x94, 0x6e, 0xc3, 0x06, 0x25, 0xfb, 0xef, 0x97, 0xe0, 0x64, 0xb6, 0x4b, - 0xe8, 0x43, 0x30, 0x22, 0xb9, 0x1b, 0x57, 0xca, 0xc9, 0xf0, 0x92, 0x11, 0x6c, 0xc0, 0xee, 0xee, - 0x4e, 0x4c, 0x74, 0xdf, 0xe9, 0x37, 0x69, 0xa2, 0xe0, 0x14, 0x31, 0x7e, 0x00, 0x25, 0x4e, 0x4a, - 0xeb, 0x3b, 0xd3, 0x61, 0x28, 0x4e, 0x91, 0x8c, 0x03, 0x28, 0x13, 0x8a, 0x33, 0xd8, 0x68, 0x19, - 0xce, 0x18, 0x2d, 0xd7, 0x88, 0xdb, 0xda, 0x58, 0x0b, 0x22, 0xb9, 0x03, 0x7b, 0x54, 0x07, 0x80, - 0x75, 0xe3, 0xe0, 0xdc, 0x27, 0xa9, 0xb6, 0x6f, 0x38, 0xa1, 0xd3, 0x70, 0x93, 0x1d, 0xe1, 0xaf, - 0x54, 0xb2, 0x69, 0x46, 0xb4, 0x63, 0x85, 0x61, 0x2f, 0xc2, 0x40, 0x9f, 0x33, 0xa8, 0x2f, 0xcb, - 0xff, 0x25, 0xa8, 0x52, 0x72, 0xd2, 0xbc, 0x2b, 0x82, 0x64, 0x00, 0x55, 0x79, 0xd5, 0x0b, 0xb2, - 0xa1, 0xec, 0x3a, 0xf2, 0x8c, 0x4f, 0xbd, 0xd6, 0x7c, 0x1c, 0x77, 0xd8, 0x66, 0x9a, 0x02, 0xd1, - 0x13, 0x50, 0x26, 0xdb, 0x61, 0xf6, 0x30, 0xef, 0xe2, 0x76, 0xe8, 0x46, 0x24, 0xa6, 0x48, 0x64, - 0x3b, 0x44, 0xe7, 0xa0, 0xe4, 0x36, 0x85, 0x92, 0x02, 0x81, 0x53, 0x9a, 0x9f, 0xc5, 0x25, 0xb7, - 0x69, 0x6f, 0x43, 0x4d, 0xdd, 0x2d, 0x83, 0x36, 0xa5, 0xec, 0xb6, 0x8a, 0x08, 0x8d, 0x92, 0x74, - 0x7b, 0x48, 0xed, 0x0e, 0x80, 0x4e, 0x35, 0x2c, 0x4a, 0xbe, 0x9c, 0x87, 0x81, 0x46, 0x20, 0xd2, - 0xa0, 0xab, 0x9a, 0x0c, 0x13, 0xda, 0x0c, 0x62, 0xdf, 0x84, 0xb1, 0xab, 0x7e, 0x70, 0x9b, 0x15, - 0xc6, 0x67, 0x75, 0xe0, 0x28, 0xe1, 0x75, 0xfa, 0x23, 0x6b, 0x22, 0x30, 0x28, 0xe6, 0x30, 0x55, - 0xa1, 0xaa, 0xd4, 0xab, 0x42, 0x95, 0xfd, 0x09, 0x0b, 0x46, 0x54, 0xce, 0xd2, 0xdc, 0xd6, 0x26, - 0xa5, 0xdb, 0x8a, 0x82, 0x4e, 0x98, 0xa5, 0xcb, 0x6e, 0x7f, 0xc2, 0x1c, 0x66, 0x26, 0xf3, 0x95, - 0xf6, 0x49, 0xe6, 0x3b, 0x0f, 0x03, 0x9b, 0xae, 0xdf, 0xcc, 0x5e, 0x67, 0x72, 0xd5, 0xf5, 0x9b, - 0x98, 0x41, 0x68, 0x17, 0x4e, 0xaa, 0x2e, 0x48, 0x85, 0xf0, 0x02, 0x8c, 0xac, 0x75, 0x5c, 0xaf, - 0x29, 0x0b, 0xdc, 0x65, 0x3c, 0x2a, 0x75, 0x03, 0x86, 0x53, 0x98, 0x74, 0x5f, 0xb7, 0xe6, 0xfa, - 0x4e, 0xb4, 0xb3, 0xac, 0x35, 0x90, 0x12, 0x4a, 0x75, 0x05, 0xc1, 0x06, 0x96, 0xfd, 0x46, 0x19, - 0xc6, 0xd2, 0x99, 0x5b, 0x7d, 0x6c, 0xaf, 0x9e, 0x80, 0x0a, 0x4b, 0xe6, 0xca, 0x7e, 0x5a, 0x5e, - 0x13, 0x8e, 0xc3, 0x50, 0x0c, 0x83, 0xbc, 0x0c, 0x44, 0x31, 0x57, 0x01, 0xa9, 0x4e, 0x2a, 0x3f, - 0x0c, 0x8b, 0x3b, 0x13, 0x95, 0x27, 0x04, 0x2b, 0xf4, 0x69, 0x0b, 0x86, 0x82, 0xd0, 0xac, 0x6c, - 0xf4, 0xc1, 0x22, 0xb3, 0xda, 0x44, 0x52, 0x8d, 0xb0, 0x88, 0xd5, 0xa7, 0x97, 0x9f, 0x43, 0xb2, - 0x3e, 0xf7, 0x5e, 0x18, 0x31, 0x31, 0xf7, 0x33, 0x8a, 0xab, 0xa6, 0x51, 0xfc, 0x39, 0x73, 0x52, - 0x88, 0xbc, 0xbd, 0x3e, 0x96, 0xdb, 0x75, 0xa8, 0x34, 0x54, 0xa0, 0xc0, 0xa1, 0xca, 0xa2, 0xaa, - 0xba, 0x0c, 0xec, 0xb0, 0x88, 0x53, 0xb3, 0xbf, 0x6d, 0x19, 0xf3, 0x03, 0x93, 0x78, 0xbe, 0x89, - 0x22, 0x28, 0xb7, 0xb6, 0x36, 0x85, 0x29, 0x7a, 0xa5, 0xa0, 0xe1, 0x9d, 0xdb, 0xda, 0xd4, 0x73, - 0xdc, 0x6c, 0xc5, 0x94, 0x59, 0x1f, 0xce, 0xc2, 0x54, 0x7a, 0x67, 0x79, 0xff, 0xf4, 0x4e, 0xfb, - 0xcd, 0x12, 0x9c, 0xea, 0x9a, 0x54, 0xe8, 0x75, 0xa8, 0x44, 0xf4, 0x2d, 0xc5, 0xeb, 0x2d, 0x14, - 0x96, 0x90, 0x19, 0xcf, 0x37, 0xb5, 0xde, 0x4d, 0xb7, 0x63, 0xce, 0x12, 0x5d, 0x01, 0xa4, 0xc3, - 0x59, 0x94, 0xa7, 0x92, 0xbf, 0xf2, 0x39, 0xf1, 0x28, 0x9a, 0xee, 0xc2, 0xc0, 0x39, 0x4f, 0xa1, - 0x17, 0xb3, 0x0e, 0xcf, 0x72, 0xfa, 0x7c, 0x73, 0x2f, 0xdf, 0xa5, 0xfd, 0xcf, 0x4a, 0x30, 0x9a, - 0x2a, 0x34, 0x85, 0x3c, 0xa8, 0x12, 0x8f, 0x39, 0xff, 0xa5, 0xb2, 0x39, 0x6a, 0xd9, 0x68, 0xa5, - 0x20, 0x2f, 0x0a, 0xba, 0x58, 0x71, 0x78, 0x30, 0x0e, 0xe1, 0x5f, 0x80, 0x11, 0xd9, 0xa1, 0x0f, - 0x3a, 0x6d, 0x4f, 0x0c, 0xa0, 0x9a, 0xa3, 0x17, 0x0d, 0x18, 0x4e, 0x61, 0xda, 0xbf, 0x5d, 0x86, - 0x71, 0x7e, 0x5a, 0xd2, 0x54, 0x33, 0x6f, 0x51, 0xee, 0xb7, 0xfe, 0xb2, 0x2e, 0x07, 0xc7, 0x07, - 0x72, 0xed, 0xa8, 0xb7, 0x34, 0xe4, 0x33, 0xea, 0x2b, 0x82, 0xeb, 0x6b, 0x99, 0x08, 0x2e, 0x6e, - 0x76, 0xb7, 0x8e, 0xa9, 0x47, 0xdf, 0x5b, 0x21, 0x5d, 0x7f, 0xa7, 0x04, 0x27, 0x32, 0x57, 0x60, - 0xa0, 0x37, 0xd2, 0x55, 0x93, 0xad, 0x22, 0x7c, 0xea, 0x7b, 0xde, 0x8a, 0x70, 0xb0, 0xda, 0xc9, - 0xf7, 0x69, 0xa9, 0xd8, 0x7f, 0x50, 0x82, 0xb1, 0xf4, 0xdd, 0x1d, 0x0f, 0xe0, 0x48, 0xbd, 0x0b, - 0x6a, 0xac, 0x3c, 0x3d, 0xbb, 0x93, 0x94, 0xbb, 0xe4, 0x79, 0x25, 0x70, 0xd9, 0x88, 0x35, 0xfc, - 0x81, 0x28, 0x49, 0x6d, 0xff, 0x5d, 0x0b, 0xce, 0xf2, 0xb7, 0xcc, 0xce, 0xc3, 0xbf, 0x92, 0x37, - 0xba, 0xaf, 0x14, 0xdb, 0xc1, 0x4c, 0x19, 0xc3, 0xfd, 0xc6, 0x97, 0xdd, 0x85, 0x28, 0x7a, 0x9b, - 0x9e, 0x0a, 0x0f, 0x60, 0x67, 0x0f, 0x34, 0x19, 0xec, 0x3f, 0x28, 0x83, 0xbe, 0xfe, 0x11, 0xb9, - 0x22, 0x17, 0xb2, 0x90, 0x72, 0x8e, 0x2b, 0x3b, 0x7e, 0x43, 0x5f, 0x34, 0x59, 0xcd, 0xa4, 0x42, - 0xfe, 0xac, 0x05, 0xc3, 0xae, 0xef, 0x26, 0xae, 0xc3, 0xb6, 0xd1, 0xc5, 0x5c, 0x4d, 0xa7, 0xd8, - 0xcd, 0x73, 0xca, 0x41, 0x64, 0x9e, 0xe3, 0x28, 0x66, 0xd8, 0xe4, 0x8c, 0x3e, 0x22, 0x82, 0xac, - 0xcb, 0x85, 0x65, 0xf1, 0x56, 0x33, 0x91, 0xd5, 0x21, 0x35, 0xbc, 0x92, 0xa8, 0xa0, 0xe4, 0x77, - 0x4c, 0x49, 0xa9, 0xca, 0xc0, 0xfa, 0x22, 0x6e, 0xda, 0x8c, 0x39, 0x23, 0x3b, 0x06, 0xd4, 0x3d, - 0x16, 0x07, 0x0c, 0x60, 0x9d, 0x82, 0x9a, 0xd3, 0x49, 0x82, 0x36, 0x1d, 0x26, 0x71, 0xd4, 0xa4, - 0x43, 0x74, 0x25, 0x00, 0x6b, 0x1c, 0xfb, 0x8d, 0x0a, 0x64, 0x92, 0x13, 0xd1, 0xb6, 0x79, 0x75, - 0xa9, 0x55, 0xec, 0xd5, 0xa5, 0xaa, 0x33, 0x79, 0xd7, 0x97, 0xa2, 0x16, 0x54, 0xc2, 0x0d, 0x27, - 0x96, 0x66, 0xf5, 0x4b, 0x6a, 0x1f, 0x47, 0x1b, 0xef, 0xee, 0x4e, 0xfc, 0x78, 0x7f, 0x5e, 0x57, - 0x3a, 0x57, 0xa7, 0x78, 0x99, 0x13, 0xcd, 0x9a, 0xd1, 0xc0, 0x9c, 0xfe, 0x41, 0x2e, 0xe7, 0xfb, - 0xa4, 0xa8, 0xc3, 0x8f, 0x49, 0xdc, 0xf1, 0x12, 0x31, 0x1b, 0x5e, 0x2a, 0x70, 0x95, 0x71, 0xc2, - 0x3a, 0xad, 0x9e, 0xff, 0xc7, 0x06, 0x53, 0xf4, 0x21, 0xa8, 0xc5, 0x89, 0x13, 0x25, 0x87, 0x4c, - 0x84, 0x55, 0x83, 0xbe, 0x22, 0x89, 0x60, 0x4d, 0x0f, 0xbd, 0xcc, 0xaa, 0xdb, 0xba, 0xf1, 0xc6, - 0x21, 0x73, 0x23, 0x64, 0x25, 0x5c, 0x41, 0x01, 0x1b, 0xd4, 0xd0, 0x05, 0x00, 0x36, 0xb7, 0x79, - 0x40, 0x60, 0x95, 0x79, 0x99, 0x94, 0x28, 0xc4, 0x0a, 0x82, 0x0d, 0x2c, 0xfb, 0x87, 0x21, 0x5d, - 0x17, 0x02, 0x4d, 0xc8, 0x32, 0x14, 0xdc, 0x0b, 0xcd, 0x72, 0x1c, 0x52, 0x15, 0x23, 0x7e, 0xcd, - 0x02, 0xb3, 0x78, 0x05, 0x7a, 0x8d, 0x57, 0xc9, 0xb0, 0x8a, 0x38, 0x39, 0x34, 0xe8, 0x4e, 0x2e, - 0x3a, 0x61, 0xe6, 0x08, 0x5b, 0x96, 0xca, 0x38, 0xf7, 0x1e, 0xa8, 0x4a, 0xe8, 0x81, 0x8c, 0xba, - 0x8f, 0xc3, 0xe9, 0xec, 0xc5, 0xee, 0xe2, 0xd4, 0x69, 0x7f, 0xd7, 0x8f, 0xf4, 0xe7, 0x94, 0x7a, - 0xf9, 0x73, 0xfa, 0xb8, 0xc0, 0xf6, 0xd7, 0x2d, 0x38, 0xbf, 0xdf, 0xfd, 0xf3, 0xe8, 0x51, 0x18, - 0xb8, 0xed, 0x44, 0xb2, 0xec, 0x38, 0x13, 0x94, 0x37, 0x9d, 0xc8, 0xc7, 0xac, 0x15, 0xed, 0xc0, - 0x20, 0x8f, 0x1a, 0x13, 0xd6, 0xfa, 0x4b, 0xc5, 0xde, 0x86, 0x7f, 0x95, 0x18, 0xdb, 0x05, 0x1e, - 0xb1, 0x86, 0x05, 0x43, 0xfb, 0x3b, 0x16, 0xa0, 0xa5, 0x2d, 0x12, 0x45, 0x6e, 0xd3, 0x88, 0x73, - 0x63, 0xf7, 0xd9, 0x18, 0xf7, 0xd6, 0x98, 0xa9, 0xb0, 0x99, 0xfb, 0x6c, 0x8c, 0x7f, 0xf9, 0xf7, - 0xd9, 0x94, 0x0e, 0x76, 0x9f, 0x0d, 0x5a, 0x82, 0xb3, 0x6d, 0xbe, 0xdd, 0xe0, 0x77, 0x44, 0xf0, - 0xbd, 0x87, 0x4a, 0x3c, 0x7b, 0xe4, 0xce, 0xee, 0xc4, 0xd9, 0xc5, 0x3c, 0x04, 0x9c, 0xff, 0x9c, - 0xfd, 0x1e, 0x40, 0x3c, 0xbc, 0x6d, 0x26, 0x2f, 0x56, 0xa9, 0xa7, 0xfb, 0xc5, 0xfe, 0x6a, 0x05, - 0x4e, 0x64, 0x8a, 0xd2, 0xd2, 0xad, 0x5e, 0x77, 0x70, 0xd4, 0x91, 0xf5, 0x77, 0x77, 0xf7, 0xfa, - 0x0a, 0xb7, 0xf2, 0xa1, 0xe2, 0xfa, 0x61, 0x27, 0x29, 0x26, 0xd7, 0x94, 0x77, 0x62, 0x9e, 0x12, - 0x34, 0xdc, 0xc5, 0xf4, 0x2f, 0xe6, 0x6c, 0x8a, 0x0c, 0xde, 0x4a, 0x19, 0xe3, 0x03, 0xf7, 0xc9, - 0x1d, 0xf0, 0x49, 0x1d, 0x4a, 0x55, 0x29, 0xc2, 0xb1, 0x98, 0x99, 0x2c, 0xc7, 0x7d, 0xd4, 0xfe, - 0xab, 0x25, 0x18, 0x36, 0x3e, 0x1a, 0xfa, 0xc5, 0x74, 0x69, 0x27, 0xab, 0xb8, 0x57, 0x62, 0xf4, - 0x27, 0x75, 0xf1, 0x26, 0xfe, 0x4a, 0x4f, 0x76, 0x57, 0x75, 0xba, 0xbb, 0x3b, 0x71, 0x32, 0x53, - 0xb7, 0x29, 0x55, 0xe9, 0xe9, 0xdc, 0xc7, 0xe0, 0x44, 0x86, 0x4c, 0xce, 0x2b, 0xaf, 0xa6, 0xef, - 0xed, 0x3f, 0xa2, 0x5b, 0xca, 0x1c, 0xb2, 0x6f, 0xd2, 0x21, 0x13, 0xe9, 0x76, 0x81, 0x47, 0xfa, - 0xf0, 0xc1, 0x66, 0xb2, 0x6a, 0x4b, 0x7d, 0x66, 0xd5, 0x3e, 0x05, 0xd5, 0x30, 0xf0, 0xdc, 0x86, - 0xab, 0xea, 0x1f, 0xb2, 0x3c, 0xde, 0x65, 0xd1, 0x86, 0x15, 0x14, 0xdd, 0x86, 0xda, 0xad, 0xdb, - 0x09, 0x3f, 0xfd, 0x11, 0xfe, 0xed, 0xa2, 0x0e, 0x7d, 0x94, 0xd1, 0xa2, 0x8e, 0x97, 0xb0, 0xe6, - 0x85, 0x6c, 0x18, 0x64, 0x4a, 0x50, 0xa6, 0x08, 0x30, 0xdf, 0x3b, 0xd3, 0x8e, 0x31, 0x16, 0x10, - 0xfb, 0x1b, 0x35, 0x38, 0x93, 0x57, 0x19, 0x1c, 0x7d, 0x14, 0x06, 0x79, 0x1f, 0x8b, 0xb9, 0x7c, - 0x22, 0x8f, 0xc7, 0x1c, 0x23, 0x28, 0xba, 0xc5, 0x7e, 0x63, 0xc1, 0x53, 0x70, 0xf7, 0x9c, 0x35, - 0x31, 0x43, 0x8e, 0x87, 0xfb, 0x82, 0xa3, 0xb9, 0x2f, 0x38, 0x9c, 0xbb, 0xe7, 0xac, 0xa1, 0x6d, - 0xa8, 0xb4, 0xdc, 0x84, 0x38, 0xc2, 0x89, 0x70, 0xf3, 0x58, 0x98, 0x13, 0x87, 0x5b, 0x69, 0xec, - 0x27, 0xe6, 0x0c, 0xd1, 0xd7, 0x2d, 0x38, 0xb1, 0x96, 0x4e, 0xa1, 0x17, 0xc2, 0xd3, 0x39, 0x86, - 0xea, 0xef, 0x69, 0x46, 0xfc, 0x42, 0xa7, 0x4c, 0x23, 0xce, 0x76, 0x07, 0x7d, 0xca, 0x82, 0xa1, - 0x75, 0xd7, 0x33, 0x0a, 0xf0, 0x1e, 0xc3, 0xc7, 0xb9, 0xc4, 0x18, 0xe8, 0x1d, 0x07, 0xff, 0x1f, - 0x63, 0xc9, 0xb9, 0x97, 0xa6, 0x1a, 0x3c, 0xaa, 0xa6, 0x1a, 0xba, 0x4f, 0x9a, 0xea, 0xb3, 0x16, - 0xd4, 0xd4, 0x48, 0x8b, 0xb4, 0xe8, 0x0f, 0x1d, 0xe3, 0x27, 0xe7, 0x9e, 0x13, 0xf5, 0x17, 0x6b, - 0xe6, 0xe8, 0x4b, 0x16, 0x0c, 0x3b, 0xaf, 0x77, 0x22, 0xd2, 0x24, 0x5b, 0x41, 0x18, 0x8b, 0xdb, - 0x20, 0x5f, 0x29, 0xbe, 0x33, 0xd3, 0x94, 0xc9, 0x2c, 0xd9, 0x5a, 0x0a, 0x63, 0x91, 0xbe, 0xa4, - 0x1b, 0xb0, 0xd9, 0x05, 0x7b, 0xb7, 0x04, 0x13, 0xfb, 0x50, 0x40, 0x2f, 0xc0, 0x48, 0x10, 0xb5, - 0x1c, 0xdf, 0x7d, 0xdd, 0xac, 0x89, 0xa1, 0xac, 0xac, 0x25, 0x03, 0x86, 0x53, 0x98, 0x66, 0xe2, - 0x76, 0x69, 0x9f, 0xc4, 0xed, 0xf3, 0x30, 0x10, 0x91, 0x30, 0xc8, 0x6e, 0x16, 0x58, 0xea, 0x00, - 0x83, 0xa0, 0xc7, 0xa0, 0xec, 0x84, 0xae, 0x08, 0x44, 0x53, 0x7b, 0xa0, 0xe9, 0xe5, 0x79, 0x4c, - 0xdb, 0x53, 0x75, 0x24, 0x2a, 0xf7, 0xa4, 0x8e, 0x04, 0x55, 0x03, 0xe2, 0xec, 0x62, 0x50, 0xab, - 0x81, 0xf4, 0x99, 0x82, 0xfd, 0x66, 0x19, 0x1e, 0xdb, 0x73, 0xbe, 0xe8, 0x38, 0x3c, 0x6b, 0x8f, - 0x38, 0x3c, 0x39, 0x3c, 0xa5, 0xfd, 0x86, 0xa7, 0xdc, 0x63, 0x78, 0x3e, 0x45, 0x97, 0x81, 0xac, - 0x25, 0x52, 0xcc, 0x7d, 0x7e, 0xbd, 0x4a, 0x93, 0x88, 0x15, 0x20, 0xa1, 0x58, 0xf3, 0xa5, 0x7b, - 0x80, 0x54, 0xd2, 0x72, 0xa5, 0x08, 0x35, 0xd0, 0xb3, 0xb6, 0x08, 0x9f, 0xfb, 0xbd, 0x32, 0xa1, - 0xed, 0x9f, 0x2b, 0xc1, 0x13, 0x7d, 0x48, 0x6f, 0x73, 0x16, 0x5b, 0x7d, 0xce, 0xe2, 0xef, 0xed, - 0xcf, 0x64, 0xff, 0x55, 0x0b, 0xce, 0xf5, 0x56, 0x1e, 0xe8, 0x59, 0x18, 0x5e, 0x8b, 0x1c, 0xbf, - 0xb1, 0xc1, 0xee, 0x28, 0x95, 0x83, 0xc2, 0xc6, 0x5a, 0x37, 0x63, 0x13, 0x87, 0x6e, 0x6f, 0x79, - 0x4c, 0x82, 0x81, 0x21, 0x93, 0x4c, 0xe9, 0xf6, 0x76, 0x35, 0x0b, 0xc4, 0xdd, 0xf8, 0xf6, 0x9f, - 0x95, 0xf2, 0xbb, 0xc5, 0x8d, 0x8c, 0x83, 0x7c, 0x27, 0xf1, 0x15, 0x4a, 0x7d, 0xc8, 0x92, 0xf2, - 0xbd, 0x96, 0x25, 0x03, 0xbd, 0x64, 0x09, 0x9a, 0x85, 0x93, 0xc6, 0x25, 0x32, 0x3c, 0x71, 0x98, - 0x07, 0xdc, 0xaa, 0x6a, 0x1a, 0xcb, 0x19, 0x38, 0xee, 0x7a, 0x02, 0x3d, 0x0d, 0x55, 0xd7, 0x8f, - 0x49, 0xa3, 0x13, 0xf1, 0x40, 0x6f, 0x23, 0x59, 0x6b, 0x5e, 0xb4, 0x63, 0x85, 0x61, 0xff, 0x52, - 0x09, 0x1e, 0xe9, 0x69, 0x67, 0xdd, 0x23, 0xd9, 0x65, 0x7e, 0x8e, 0x81, 0x7b, 0xf3, 0x39, 0xcc, - 0x41, 0xaa, 0xec, 0x3b, 0x48, 0x7f, 0xd8, 0x7b, 0x62, 0x52, 0x9b, 0xfb, 0xfb, 0x76, 0x94, 0x5e, - 0x84, 0x51, 0x27, 0x0c, 0x39, 0x1e, 0x8b, 0xd7, 0xcc, 0x54, 0xd3, 0x99, 0x36, 0x81, 0x38, 0x8d, - 0xdb, 0x97, 0xf6, 0xfc, 0x63, 0x0b, 0x6a, 0x98, 0xac, 0x73, 0xe9, 0x80, 0x6e, 0x89, 0x21, 0xb2, - 0x8a, 0xa8, 0xbb, 0x49, 0x07, 0x36, 0x76, 0x59, 0x3d, 0xca, 0xbc, 0xc1, 0xee, 0xbe, 0xe4, 0xa7, - 0x74, 0xa0, 0x4b, 0x7e, 0xd4, 0x35, 0x2f, 0xe5, 0xde, 0xd7, 0xbc, 0xd8, 0xdf, 0x1c, 0xa2, 0xaf, - 0x17, 0x06, 0x33, 0x11, 0x69, 0xc6, 0xf4, 0xfb, 0x76, 0x22, 0x4f, 0x4c, 0x12, 0xf5, 0x7d, 0xaf, - 0xe3, 0x05, 0x4c, 0xdb, 0x53, 0x47, 0x31, 0xa5, 0x03, 0xd5, 0x12, 0x29, 0xef, 0x5b, 0x4b, 0xe4, - 0x45, 0x18, 0x8d, 0xe3, 0x8d, 0xe5, 0xc8, 0xdd, 0x72, 0x12, 0x72, 0x95, 0xec, 0x08, 0x2b, 0x4b, - 0xe7, 0xff, 0xaf, 0x5c, 0xd6, 0x40, 0x9c, 0xc6, 0x45, 0x73, 0x70, 0x4a, 0x57, 0xf4, 0x20, 0x51, - 0xc2, 0xa2, 0xfb, 0xf9, 0x4c, 0x50, 0xc9, 0xbe, 0xba, 0x06, 0x88, 0x40, 0xc0, 0xdd, 0xcf, 0x50, - 0xf9, 0x96, 0x6a, 0xa4, 0x1d, 0x19, 0x4c, 0xcb, 0xb7, 0x14, 0x1d, 0xda, 0x97, 0xae, 0x27, 0xd0, - 0x22, 0x9c, 0xe6, 0x13, 0x63, 0x3a, 0x0c, 0x8d, 0x37, 0x1a, 0x4a, 0xd7, 0x3b, 0x9c, 0xeb, 0x46, - 0xc1, 0x79, 0xcf, 0xa1, 0xe7, 0x61, 0x58, 0x35, 0xcf, 0xcf, 0x8a, 0x53, 0x04, 0xe5, 0xc5, 0x50, - 0x64, 0xe6, 0x9b, 0xd8, 0xc4, 0x43, 0x1f, 0x84, 0x87, 0xf5, 0x5f, 0x9e, 0x02, 0xc6, 0x8f, 0xd6, - 0x66, 0x45, 0xb1, 0x24, 0x75, 0xa9, 0xc8, 0x5c, 0x2e, 0x5a, 0x13, 0xf7, 0x7a, 0x1e, 0xad, 0xc1, - 0x39, 0x05, 0xba, 0xe8, 0x27, 0x2c, 0x9f, 0x23, 0x26, 0x75, 0x27, 0x26, 0xd7, 0x23, 0x4f, 0x5c, - 0x4e, 0xab, 0xee, 0x9d, 0x9c, 0x73, 0x93, 0xcb, 0x79, 0x98, 0x78, 0x01, 0xef, 0x41, 0x05, 0x4d, - 0x41, 0x8d, 0xf8, 0xce, 0x9a, 0x47, 0x96, 0x66, 0xe6, 0x59, 0xd1, 0x25, 0xe3, 0x24, 0xef, 0xa2, - 0x04, 0x60, 0x8d, 0xa3, 0x22, 0x4c, 0x47, 0x7a, 0xde, 0x81, 0xba, 0x0c, 0x67, 0x5a, 0x8d, 0x90, - 0xda, 0x1e, 0x6e, 0x83, 0x4c, 0x37, 0x58, 0x40, 0x1d, 0xfd, 0x30, 0xbc, 0x10, 0xa5, 0x0a, 0x9f, - 0x9e, 0x9b, 0x59, 0xee, 0xc2, 0xc1, 0xb9, 0x4f, 0xb2, 0xc0, 0xcb, 0x28, 0xd8, 0xde, 0x19, 0x3f, - 0x9d, 0x09, 0xbc, 0xa4, 0x8d, 0x98, 0xc3, 0xd0, 0x15, 0x40, 0x2c, 0x16, 0xff, 0x72, 0x92, 0x84, - 0xca, 0xd8, 0x19, 0x3f, 0xc3, 0x5e, 0x49, 0x85, 0x91, 0x5d, 0xea, 0xc2, 0xc0, 0x39, 0x4f, 0xd9, - 0xff, 0xc1, 0x82, 0x51, 0xb5, 0x5e, 0xef, 0x41, 0x36, 0x8a, 0x97, 0xce, 0x46, 0x99, 0x3b, 0xba, - 0xc4, 0x63, 0x3d, 0xef, 0x11, 0xd2, 0xfc, 0x99, 0x61, 0x00, 0x2d, 0x15, 0x95, 0x42, 0xb2, 0x7a, - 0x2a, 0xa4, 0x07, 0x56, 0x22, 0xe5, 0x55, 0x58, 0xa9, 0xdc, 0xdf, 0x0a, 0x2b, 0x2b, 0x70, 0x56, - 0x9a, 0x0b, 0xfc, 0xac, 0xe8, 0x72, 0x10, 0x2b, 0x01, 0x57, 0xad, 0x3f, 0x26, 0x08, 0x9d, 0x9d, - 0xcf, 0x43, 0xc2, 0xf9, 0xcf, 0xa6, 0xac, 0x94, 0xa1, 0xfd, 0xac, 0x14, 0xbd, 0xa6, 0x17, 0xd6, - 0xe5, 0xed, 0x21, 0x99, 0x35, 0xbd, 0x70, 0x69, 0x05, 0x6b, 0x9c, 0x7c, 0xc1, 0x5e, 0x2b, 0x48, - 0xb0, 0xc3, 0x81, 0x05, 0xbb, 0x14, 0x31, 0xc3, 0x3d, 0x45, 0x8c, 0xf4, 0x49, 0x8f, 0xf4, 0xf4, - 0x49, 0xbf, 0x0f, 0xc6, 0x5c, 0x7f, 0x83, 0x44, 0x6e, 0x42, 0x9a, 0x6c, 0x2d, 0x30, 0xf1, 0x53, - 0xd5, 0x6a, 0x7d, 0x3e, 0x05, 0xc5, 0x19, 0xec, 0xb4, 0x5c, 0x1c, 0xeb, 0x43, 0x2e, 0xf6, 0xd0, - 0x46, 0x27, 0x8a, 0xd1, 0x46, 0x27, 0x8f, 0xae, 0x8d, 0x4e, 0x1d, 0xab, 0x36, 0x42, 0x85, 0x68, - 0xa3, 0xbe, 0x04, 0xbd, 0xb1, 0xfd, 0x3b, 0xb3, 0xcf, 0xf6, 0xaf, 0x97, 0x2a, 0x3a, 0x7b, 0x68, - 0x55, 0x94, 0xaf, 0x65, 0x1e, 0x3a, 0x94, 0x96, 0xf9, 0x6c, 0x09, 0xce, 0x6a, 0x39, 0x4c, 0x67, - 0xbf, 0xbb, 0x4e, 0x25, 0x11, 0xbb, 0x80, 0x8a, 0x9f, 0xdb, 0x18, 0xc9, 0x51, 0x3a, 0xcf, 0x4a, - 0x41, 0xb0, 0x81, 0xc5, 0x72, 0x8c, 0x48, 0xc4, 0xca, 0xed, 0x66, 0x85, 0xf4, 0x8c, 0x68, 0xc7, - 0x0a, 0x83, 0xce, 0x2f, 0xfa, 0x5b, 0xe4, 0x6d, 0x66, 0x8b, 0xca, 0xcd, 0x68, 0x10, 0x36, 0xf1, - 0xd0, 0x53, 0x9c, 0x09, 0x13, 0x10, 0x54, 0x50, 0x8f, 0x88, 0x9b, 0x71, 0xa5, 0x4c, 0x50, 0x50, - 0xd9, 0x1d, 0x96, 0x4c, 0x56, 0xe9, 0xee, 0x0e, 0x0b, 0x81, 0x52, 0x18, 0xf6, 0xff, 0xb4, 0xe0, - 0x91, 0xdc, 0xa1, 0xb8, 0x07, 0xca, 0x77, 0x3b, 0xad, 0x7c, 0x57, 0x8a, 0xda, 0x6e, 0x18, 0x6f, - 0xd1, 0x43, 0x11, 0xff, 0x3b, 0x0b, 0xc6, 0x34, 0xfe, 0x3d, 0x78, 0x55, 0x37, 0xfd, 0xaa, 0xc5, - 0xed, 0xac, 0x6a, 0x5d, 0xef, 0xf6, 0xdb, 0x25, 0x50, 0x85, 0x1e, 0xa7, 0x1b, 0xb2, 0x8c, 0xee, - 0x3e, 0x27, 0x89, 0x3b, 0x30, 0xc8, 0x0e, 0x42, 0xe3, 0x62, 0x82, 0x3c, 0xd2, 0xfc, 0xd9, 0xa1, - 0xaa, 0x3e, 0x64, 0x66, 0x7f, 0x63, 0x2c, 0x18, 0xb2, 0x62, 0xd0, 0x6e, 0x4c, 0xa5, 0x79, 0x53, - 0xa4, 0x65, 0xe9, 0x62, 0xd0, 0xa2, 0x1d, 0x2b, 0x0c, 0xaa, 0x1e, 0xdc, 0x46, 0xe0, 0xcf, 0x78, - 0x4e, 0x2c, 0x6f, 0x5d, 0x54, 0xea, 0x61, 0x5e, 0x02, 0xb0, 0xc6, 0x61, 0x67, 0xa4, 0x6e, 0x1c, - 0x7a, 0xce, 0x8e, 0xb1, 0x7f, 0x36, 0xea, 0x13, 0x28, 0x10, 0x36, 0xf1, 0xec, 0x36, 0x8c, 0xa7, - 0x5f, 0x62, 0x96, 0xac, 0xb3, 0x00, 0xc5, 0xbe, 0x86, 0x73, 0x0a, 0x6a, 0x0e, 0x7b, 0x6a, 0xa1, - 0xe3, 0x64, 0x2f, 0x6d, 0x9f, 0x96, 0x00, 0xac, 0x71, 0xec, 0x5f, 0xb1, 0xe0, 0x74, 0xce, 0xa0, - 0x15, 0x98, 0xf6, 0x96, 0x68, 0x69, 0x93, 0xa7, 0xd8, 0xdf, 0x09, 0x43, 0x4d, 0xb2, 0xee, 0xc8, - 0x10, 0x38, 0x43, 0xb6, 0xcf, 0xf2, 0x66, 0x2c, 0xe1, 0xf6, 0x7f, 0xb7, 0xe0, 0x44, 0xba, 0xaf, - 0x31, 0x4b, 0x25, 0xe1, 0xc3, 0xe4, 0xc6, 0x8d, 0x60, 0x8b, 0x44, 0x3b, 0xf4, 0xcd, 0xad, 0x4c, - 0x2a, 0x49, 0x17, 0x06, 0xce, 0x79, 0x8a, 0x95, 0x79, 0x6d, 0xaa, 0xd1, 0x96, 0x33, 0xf2, 0x46, - 0x91, 0x33, 0x52, 0x7f, 0x4c, 0xf3, 0xb8, 0x5c, 0xb1, 0xc4, 0x26, 0x7f, 0xfb, 0x3b, 0x03, 0xa0, - 0xf2, 0x62, 0x59, 0xfc, 0x51, 0x41, 0xd1, 0x5b, 0x07, 0xcd, 0x20, 0x52, 0x93, 0x61, 0x60, 0xaf, - 0x80, 0x00, 0xee, 0x25, 0x31, 0x5d, 0x97, 0xea, 0x0d, 0x57, 0x35, 0x08, 0x9b, 0x78, 0xb4, 0x27, - 0x9e, 0xbb, 0x45, 0xf8, 0x43, 0x83, 0xe9, 0x9e, 0x2c, 0x48, 0x00, 0xd6, 0x38, 0xb4, 0x27, 0x4d, - 0x77, 0x7d, 0x5d, 0x6c, 0xf9, 0x55, 0x4f, 0xe8, 0xe8, 0x60, 0x06, 0xe1, 0x95, 0xbb, 0x83, 0x4d, - 0x61, 0x05, 0x1b, 0x95, 0xbb, 0x83, 0x4d, 0xcc, 0x20, 0xd4, 0x6e, 0xf3, 0x83, 0xa8, 0xcd, 0x2e, - 0xd5, 0x6f, 0x2a, 0x2e, 0xc2, 0xfa, 0x55, 0x76, 0xdb, 0xb5, 0x6e, 0x14, 0x9c, 0xf7, 0x1c, 0x9d, - 0x81, 0x61, 0x44, 0x9a, 0x6e, 0x23, 0x31, 0xa9, 0x41, 0x7a, 0x06, 0x2e, 0x77, 0x61, 0xe0, 0x9c, - 0xa7, 0xd0, 0x34, 0x9c, 0x90, 0x79, 0xcd, 0xb2, 0x6a, 0xcd, 0x70, 0xba, 0x4a, 0x06, 0x4e, 0x83, - 0x71, 0x16, 0x9f, 0x4a, 0xb5, 0xb6, 0x28, 0x6c, 0xc5, 0x8c, 0x65, 0x43, 0xaa, 0xc9, 0x82, 0x57, - 0x58, 0x61, 0xd8, 0x9f, 0x2c, 0x53, 0x2d, 0xdc, 0xa3, 0xa0, 0xdb, 0x3d, 0x8b, 0x16, 0x4c, 0xcf, - 0xc8, 0x81, 0x3e, 0x66, 0xe4, 0x73, 0x30, 0x72, 0x2b, 0x0e, 0x7c, 0x15, 0x89, 0x57, 0xe9, 0x19, - 0x89, 0x67, 0x60, 0xe5, 0x47, 0xe2, 0x0d, 0x16, 0x15, 0x89, 0x37, 0x74, 0xc8, 0x48, 0xbc, 0xdf, - 0xa9, 0x80, 0xba, 0x42, 0xe4, 0x1a, 0x49, 0x6e, 0x07, 0xd1, 0xa6, 0xeb, 0xb7, 0x58, 0x3e, 0xf8, - 0xd7, 0x2d, 0x18, 0xe1, 0xeb, 0x65, 0xc1, 0xcc, 0xa4, 0x5a, 0x2f, 0xe8, 0x6e, 0x8a, 0x14, 0xb3, - 0xc9, 0x55, 0x83, 0x51, 0xe6, 0xd2, 0x4f, 0x13, 0x84, 0x53, 0x3d, 0x42, 0x1f, 0x03, 0x90, 0xfe, - 0xd1, 0x75, 0x29, 0x32, 0xe7, 0x8b, 0xe9, 0x1f, 0x26, 0xeb, 0xda, 0x06, 0x5e, 0x55, 0x4c, 0xb0, - 0xc1, 0x10, 0x7d, 0x56, 0x67, 0x99, 0xf1, 0x90, 0xfd, 0x8f, 0x1c, 0xcb, 0xd8, 0xf4, 0x93, 0x63, - 0x86, 0x61, 0xc8, 0xf5, 0x5b, 0x74, 0x9e, 0x88, 0x88, 0xa5, 0x77, 0xe4, 0xd5, 0x52, 0x58, 0x08, - 0x9c, 0x66, 0xdd, 0xf1, 0x1c, 0xbf, 0x41, 0xa2, 0x79, 0x8e, 0x6e, 0x5e, 0x75, 0xcd, 0x1a, 0xb0, - 0x24, 0xd4, 0x75, 0xf9, 0x4a, 0xa5, 0x9f, 0xcb, 0x57, 0xce, 0xbd, 0x1f, 0x4e, 0x75, 0x7d, 0xcc, - 0x03, 0xa5, 0x94, 0x1d, 0x3e, 0x1b, 0xcd, 0xfe, 0xe7, 0x83, 0x5a, 0x69, 0x5d, 0x0b, 0x9a, 0xfc, - 0x0a, 0x90, 0x48, 0x7f, 0x51, 0x61, 0xe3, 0x16, 0x38, 0x45, 0x8c, 0xeb, 0xb2, 0x55, 0x23, 0x36, - 0x59, 0xd2, 0x39, 0x1a, 0x3a, 0x11, 0xf1, 0x8f, 0x7b, 0x8e, 0x2e, 0x2b, 0x26, 0xd8, 0x60, 0x88, - 0x36, 0x52, 0x39, 0x25, 0x97, 0x8e, 0x9e, 0x53, 0xc2, 0xaa, 0x4c, 0xe5, 0x55, 0xed, 0xff, 0x92, - 0x05, 0x63, 0x7e, 0x6a, 0xe6, 0x16, 0x13, 0x46, 0x9a, 0xbf, 0x2a, 0xf8, 0x0d, 0x54, 0xe9, 0x36, - 0x9c, 0xe1, 0x9f, 0xa7, 0xd2, 0x2a, 0x07, 0x54, 0x69, 0xfa, 0x2e, 0xa1, 0xc1, 0x5e, 0x77, 0x09, - 0x21, 0x5f, 0x5d, 0xa6, 0x36, 0x54, 0xf8, 0x65, 0x6a, 0x90, 0x73, 0x91, 0xda, 0x4d, 0xa8, 0x35, - 0x22, 0xe2, 0x24, 0x87, 0xbc, 0x57, 0x8b, 0x1d, 0xd0, 0xcf, 0x48, 0x02, 0x58, 0xd3, 0xb2, 0xff, - 0xcf, 0x00, 0x9c, 0x94, 0x23, 0x22, 0x43, 0xd0, 0xa9, 0x7e, 0xe4, 0x7c, 0xb5, 0x71, 0xab, 0xf4, - 0xe3, 0x65, 0x09, 0xc0, 0x1a, 0x87, 0xda, 0x63, 0x9d, 0x98, 0x2c, 0x85, 0xc4, 0x5f, 0x70, 0xd7, - 0x62, 0x71, 0xce, 0xa9, 0x16, 0xca, 0x75, 0x0d, 0xc2, 0x26, 0x1e, 0x35, 0xc6, 0xb9, 0x5d, 0x1c, - 0x67, 0xd3, 0x57, 0x84, 0xbd, 0x8d, 0x25, 0x1c, 0xfd, 0x7c, 0x6e, 0x85, 0xd9, 0x62, 0x12, 0xb7, - 0xba, 0x22, 0xef, 0x0f, 0x78, 0x15, 0xe3, 0xdf, 0xb2, 0xe0, 0x2c, 0x6f, 0x95, 0x23, 0x79, 0x3d, - 0x6c, 0x3a, 0x09, 0x89, 0x8b, 0xa9, 0xf8, 0x9e, 0xd3, 0x3f, 0xed, 0xe4, 0xcd, 0x63, 0x8b, 0xf3, - 0x7b, 0x83, 0xde, 0xb0, 0xe0, 0xc4, 0x66, 0xaa, 0xe6, 0x87, 0x54, 0x1d, 0x47, 0x4d, 0xc7, 0x4f, - 0x11, 0xd5, 0x4b, 0x2d, 0xdd, 0x1e, 0xe3, 0x2c, 0x77, 0xfb, 0xcf, 0x2c, 0x30, 0xc5, 0xe8, 0xbd, - 0x2f, 0x15, 0x72, 0x70, 0x53, 0x50, 0x5a, 0x97, 0x95, 0x9e, 0xd6, 0xe5, 0x63, 0x50, 0xee, 0xb8, - 0x4d, 0xb1, 0xbf, 0xd0, 0xa7, 0xaf, 0xf3, 0xb3, 0x98, 0xb6, 0xdb, 0xff, 0xa4, 0xa2, 0xfd, 0x16, - 0x22, 0x2f, 0xea, 0xfb, 0xe2, 0xb5, 0xd7, 0x55, 0xb1, 0x31, 0xfe, 0xe6, 0xd7, 0xba, 0x8a, 0x8d, - 0xfd, 0xe8, 0xc1, 0xd3, 0xde, 0xf8, 0x00, 0xf5, 0xaa, 0x35, 0x36, 0xb4, 0x4f, 0xce, 0xdb, 0x2d, - 0xa8, 0xd2, 0x2d, 0x18, 0x73, 0x40, 0x56, 0x53, 0x9d, 0xaa, 0x5e, 0x16, 0xed, 0x77, 0x77, 0x27, - 0xde, 0x7b, 0xf0, 0x6e, 0xc9, 0xa7, 0xb1, 0xa2, 0x8f, 0x62, 0xa8, 0xd1, 0xdf, 0x2c, 0x3d, 0x4f, - 0x6c, 0xee, 0xae, 0x2b, 0x99, 0x29, 0x01, 0x85, 0xe4, 0xfe, 0x69, 0x3e, 0xc8, 0x87, 0x1a, 0xbb, - 0xb5, 0x96, 0x31, 0xe5, 0x7b, 0xc0, 0x65, 0x95, 0x24, 0x27, 0x01, 0x77, 0x77, 0x27, 0x5e, 0x3c, - 0x38, 0x53, 0xf5, 0x38, 0xd6, 0x2c, 0xec, 0x2f, 0x0f, 0xe8, 0xb9, 0x2b, 0x6a, 0xcc, 0x7d, 0x5f, - 0xcc, 0xdd, 0x17, 0x32, 0x73, 0xf7, 0x7c, 0xd7, 0xdc, 0x1d, 0xd3, 0xb7, 0xab, 0xa6, 0x66, 0xe3, - 0xbd, 0x36, 0x04, 0xf6, 0xf7, 0x37, 0x30, 0x0b, 0xe8, 0xb5, 0x8e, 0x1b, 0x91, 0x78, 0x39, 0xea, - 0xf8, 0xae, 0xdf, 0x62, 0xd3, 0xb1, 0x6a, 0x5a, 0x40, 0x29, 0x30, 0xce, 0xe2, 0xd3, 0x4d, 0x3d, - 0xfd, 0xe6, 0x37, 0x9d, 0x2d, 0x3e, 0xab, 0x8c, 0xb2, 0x5b, 0x2b, 0xa2, 0x1d, 0x2b, 0x0c, 0xfb, - 0x9b, 0xec, 0x2c, 0xdb, 0xc8, 0x0b, 0xa6, 0x73, 0xc2, 0x63, 0xd7, 0x04, 0xf3, 0x9a, 0x5d, 0x6a, - 0x4e, 0xf0, 0xbb, 0x81, 0x39, 0x0c, 0xdd, 0x86, 0xa1, 0x35, 0x7e, 0x4f, 0x5e, 0x31, 0x75, 0xcc, - 0xc5, 0xa5, 0x7b, 0xec, 0x36, 0x14, 0x79, 0x03, 0xdf, 0x5d, 0xfd, 0x13, 0x4b, 0x6e, 0xf6, 0xef, - 0x57, 0xe0, 0x44, 0xe6, 0x22, 0xd9, 0x54, 0xb5, 0xd4, 0xd2, 0xbe, 0xd5, 0x52, 0x3f, 0x0c, 0xd0, - 0x24, 0xa1, 0x17, 0xec, 0x30, 0x73, 0x6c, 0xe0, 0xc0, 0xe6, 0x98, 0xb2, 0xe0, 0x67, 0x15, 0x15, - 0x6c, 0x50, 0x14, 0x85, 0xca, 0x78, 0xf1, 0xd5, 0x4c, 0xa1, 0x32, 0xe3, 0xb6, 0x83, 0xc1, 0x7b, - 0x7b, 0xdb, 0x81, 0x0b, 0x27, 0x78, 0x17, 0x55, 0xf6, 0xed, 0x21, 0x92, 0x6c, 0x59, 0xfe, 0xc2, - 0x6c, 0x9a, 0x0c, 0xce, 0xd2, 0xbd, 0x9f, 0xf7, 0x44, 0xa3, 0x77, 0x41, 0x4d, 0x7e, 0xe7, 0x78, - 0xbc, 0xa6, 0x2b, 0x18, 0xc8, 0x69, 0xc0, 0xee, 0x6f, 0x16, 0x3f, 0xbb, 0x0a, 0x09, 0xc0, 0xfd, - 0x2a, 0x24, 0x60, 0x7f, 0xb1, 0x44, 0xed, 0x78, 0xde, 0x2f, 0x55, 0x13, 0xe7, 0x49, 0x18, 0x74, - 0x3a, 0xc9, 0x46, 0xd0, 0x75, 0xeb, 0xdf, 0x34, 0x6b, 0xc5, 0x02, 0x8a, 0x16, 0x60, 0xa0, 0xa9, - 0xeb, 0x9c, 0x1c, 0xe4, 0x7b, 0x6a, 0x97, 0xa8, 0x93, 0x10, 0xcc, 0xa8, 0xa0, 0x47, 0x61, 0x20, - 0x71, 0x5a, 0x32, 0xe5, 0x8a, 0xa5, 0xd9, 0xae, 0x3a, 0xad, 0x18, 0xb3, 0x56, 0x53, 0x7d, 0x0f, - 0xec, 0xa3, 0xbe, 0x5f, 0x84, 0xd1, 0xd8, 0x6d, 0xf9, 0x4e, 0xd2, 0x89, 0x88, 0x71, 0xcc, 0xa7, - 0x23, 0x37, 0x4c, 0x20, 0x4e, 0xe3, 0xda, 0xbf, 0x31, 0x02, 0x67, 0x56, 0x66, 0x16, 0x65, 0xf5, - 0xee, 0x63, 0xcb, 0x9a, 0xca, 0xe3, 0x71, 0xef, 0xb2, 0xa6, 0x7a, 0x70, 0xf7, 0x8c, 0xac, 0x29, - 0xcf, 0xc8, 0x9a, 0x4a, 0xa7, 0xb0, 0x94, 0x8b, 0x48, 0x61, 0xc9, 0xeb, 0x41, 0x3f, 0x29, 0x2c, - 0xc7, 0x96, 0x46, 0xb5, 0x67, 0x87, 0x0e, 0x94, 0x46, 0xa5, 0x72, 0xcc, 0x0a, 0x49, 0x2e, 0xe8, - 0xf1, 0xa9, 0x72, 0x73, 0xcc, 0x54, 0x7e, 0x0f, 0x4f, 0x9c, 0x11, 0xa2, 0xfe, 0x95, 0xe2, 0x3b, - 0xd0, 0x47, 0x7e, 0x8f, 0xc8, 0xdd, 0x31, 0x73, 0xca, 0x86, 0x8a, 0xc8, 0x29, 0xcb, 0xeb, 0xce, - 0xbe, 0x39, 0x65, 0x2f, 0xc2, 0x68, 0xc3, 0x0b, 0x7c, 0xb2, 0x1c, 0x05, 0x49, 0xd0, 0x08, 0x3c, - 0x61, 0xd6, 0x2b, 0x91, 0x30, 0x63, 0x02, 0x71, 0x1a, 0xb7, 0x57, 0x42, 0x5a, 0xed, 0xa8, 0x09, - 0x69, 0x70, 0x9f, 0x12, 0xd2, 0x7e, 0x46, 0xa7, 0x4e, 0x0f, 0xb3, 0x2f, 0xf2, 0xe1, 0xe2, 0xbf, - 0x48, 0x3f, 0xf9, 0xd3, 0xe8, 0x4d, 0x7e, 0xed, 0x1e, 0x35, 0x8c, 0x67, 0x82, 0x36, 0x35, 0xfc, - 0x46, 0xd8, 0x90, 0xbc, 0x7a, 0x0c, 0x13, 0xf6, 0xe6, 0x8a, 0x66, 0xa3, 0xae, 0xe2, 0xd3, 0x4d, - 0x38, 0xdd, 0x91, 0xa3, 0xa4, 0x76, 0x7f, 0xb5, 0x04, 0x3f, 0xb0, 0x6f, 0x17, 0xd0, 0x6d, 0x80, - 0xc4, 0x69, 0x89, 0x89, 0x2a, 0x0e, 0x4c, 0x8e, 0x18, 0x5e, 0xb9, 0x2a, 0xe9, 0xf1, 0x9a, 0x24, - 0xea, 0x2f, 0x3b, 0x8a, 0x90, 0xbf, 0x59, 0x54, 0x65, 0xe0, 0x75, 0x95, 0x6e, 0xc4, 0x81, 0x47, - 0x30, 0x83, 0x50, 0xf5, 0x1f, 0x91, 0x96, 0xbe, 0x27, 0x5a, 0x7d, 0x3e, 0xcc, 0x5a, 0xb1, 0x80, - 0xa2, 0xe7, 0x61, 0xd8, 0xf1, 0x3c, 0x9e, 0x1f, 0x43, 0x62, 0x71, 0xef, 0x8e, 0xae, 0x21, 0xa7, - 0x41, 0xd8, 0xc4, 0xb3, 0xff, 0xb4, 0x04, 0x13, 0xfb, 0xc8, 0x94, 0xae, 0x8c, 0xbf, 0x4a, 0xdf, - 0x19, 0x7f, 0x22, 0x47, 0x61, 0xb0, 0x47, 0x8e, 0xc2, 0xf3, 0x30, 0x9c, 0x10, 0xa7, 0x2d, 0x02, - 0xb2, 0x84, 0x27, 0x40, 0x9f, 0x00, 0x6b, 0x10, 0x36, 0xf1, 0xa8, 0x14, 0x1b, 0x73, 0x1a, 0x0d, - 0x12, 0xc7, 0x32, 0x09, 0x41, 0x78, 0x53, 0x0b, 0xcb, 0x70, 0x60, 0x4e, 0xea, 0xe9, 0x14, 0x0b, - 0x9c, 0x61, 0x99, 0x1d, 0xf0, 0x5a, 0x9f, 0x03, 0xfe, 0x8d, 0x12, 0x3c, 0xb6, 0xa7, 0x76, 0xeb, - 0x3b, 0x3f, 0xa4, 0x13, 0x93, 0x28, 0x3b, 0x71, 0xae, 0xc7, 0x24, 0xc2, 0x0c, 0xc2, 0x47, 0x29, - 0x0c, 0x8d, 0x7b, 0xb8, 0x8b, 0x4e, 0x5e, 0xe2, 0xa3, 0x94, 0x62, 0x81, 0x33, 0x2c, 0x0f, 0x3b, - 0x2d, 0xff, 0x5e, 0x09, 0x9e, 0xe8, 0xc3, 0x06, 0x28, 0x30, 0xc9, 0x2b, 0x9d, 0x6a, 0x57, 0xbe, - 0x4f, 0x19, 0x91, 0x87, 0x1c, 0xae, 0x6f, 0x96, 0xe0, 0x5c, 0x6f, 0x55, 0x8c, 0x7e, 0x0c, 0x4e, - 0x44, 0x2a, 0x0a, 0xcb, 0xcc, 0xd2, 0x3b, 0xcd, 0x3d, 0x09, 0x29, 0x10, 0xce, 0xe2, 0xa2, 0x49, - 0x80, 0xd0, 0x49, 0x36, 0xe2, 0x8b, 0xdb, 0x6e, 0x9c, 0x88, 0x2a, 0x34, 0x63, 0xfc, 0xec, 0x4a, - 0xb6, 0x62, 0x03, 0x83, 0xb2, 0x63, 0xff, 0x66, 0x83, 0x6b, 0x41, 0xc2, 0x1f, 0xe2, 0xdb, 0x88, - 0xd3, 0xf2, 0xce, 0x0e, 0x03, 0x84, 0xb3, 0xb8, 0x94, 0x1d, 0x3b, 0x1d, 0xe5, 0x1d, 0xe5, 0xfb, - 0x0b, 0xc6, 0x6e, 0x41, 0xb5, 0x62, 0x03, 0x23, 0x9b, 0x7f, 0x58, 0xd9, 0x3f, 0xff, 0xd0, 0xfe, - 0xc7, 0x25, 0x78, 0xa4, 0xa7, 0x29, 0xd7, 0xdf, 0x02, 0x7c, 0xf0, 0x72, 0x06, 0x0f, 0x37, 0x77, - 0x0e, 0x98, 0xdb, 0xf6, 0xc7, 0x3d, 0x66, 0x9a, 0xc8, 0x6d, 0x3b, 0x7c, 0x72, 0xf8, 0x83, 0x37, - 0x9e, 0x5d, 0xe9, 0x6c, 0x03, 0x07, 0x48, 0x67, 0xcb, 0x7c, 0x8c, 0x4a, 0x9f, 0x0b, 0xf9, 0xcf, - 0xcb, 0x3d, 0x87, 0x97, 0x6e, 0xfd, 0xfa, 0xf2, 0xd3, 0xce, 0xc2, 0x49, 0xd7, 0x67, 0xf7, 0x37, - 0xad, 0x74, 0xd6, 0x44, 0x61, 0x92, 0x52, 0xfa, 0x96, 0xf5, 0xf9, 0x0c, 0x1c, 0x77, 0x3d, 0xf1, - 0x00, 0xa6, 0x17, 0x1e, 0x6e, 0x48, 0x0f, 0x96, 0xe0, 0x8a, 0x96, 0xe0, 0xac, 0x1c, 0x8a, 0x0d, - 0x27, 0x22, 0x4d, 0xa1, 0x46, 0x62, 0x91, 0x50, 0xf1, 0x08, 0x4f, 0xca, 0xc8, 0x41, 0xc0, 0xf9, - 0xcf, 0xb1, 0x2b, 0x73, 0x82, 0xd0, 0x6d, 0x88, 0x4d, 0x8e, 0xbe, 0x32, 0x87, 0x36, 0x62, 0x0e, - 0xb3, 0x3f, 0x0c, 0x35, 0xf5, 0xfe, 0x3c, 0xac, 0x5b, 0x4d, 0xba, 0xae, 0xb0, 0x6e, 0x35, 0xe3, - 0x0c, 0x2c, 0xfa, 0xb5, 0xa8, 0x49, 0x9c, 0x59, 0x3d, 0x57, 0xc9, 0x0e, 0xb3, 0x8f, 0xed, 0x77, - 0xc3, 0x88, 0xf2, 0xb3, 0xf4, 0x7b, 0x91, 0x90, 0xfd, 0xe5, 0x41, 0x18, 0x4d, 0x15, 0x07, 0x4c, - 0x39, 0x58, 0xad, 0x7d, 0x1d, 0xac, 0x2c, 0x4c, 0xbf, 0xe3, 0xcb, 0x5b, 0xc6, 0x8c, 0x30, 0xfd, - 0x8e, 0x4f, 0x30, 0x87, 0x51, 0xf3, 0xb6, 0x19, 0xed, 0xe0, 0x8e, 0x2f, 0xc2, 0x69, 0x95, 0x79, - 0x3b, 0xcb, 0x5a, 0xb1, 0x80, 0xa2, 0x4f, 0x58, 0x30, 0x12, 0x33, 0xef, 0x3d, 0x77, 0x4f, 0x8b, - 0x49, 0x77, 0xe5, 0xe8, 0xb5, 0x0f, 0x55, 0x21, 0x4c, 0x16, 0x21, 0x63, 0xb6, 0xe0, 0x14, 0x47, - 0xf4, 0x69, 0x0b, 0x6a, 0xea, 0x32, 0x14, 0x71, 0x65, 0xe0, 0x4a, 0xb1, 0xb5, 0x17, 0xb9, 0x5f, - 0x53, 0x1d, 0x84, 0xa8, 0x22, 0x78, 0x58, 0x33, 0x46, 0xb1, 0xf2, 0x1d, 0x0f, 0x1d, 0x8f, 0xef, - 0x18, 0x72, 0xfc, 0xc6, 0xef, 0x82, 0x5a, 0xdb, 0xf1, 0xdd, 0x75, 0x12, 0x27, 0xdc, 0x9d, 0x2b, - 0x4b, 0xc2, 0xca, 0x46, 0xac, 0xe1, 0x54, 0x21, 0xc7, 0xec, 0xc5, 0x12, 0xc3, 0xff, 0xca, 0x14, - 0xf2, 0x8a, 0x6e, 0xc6, 0x26, 0x8e, 0xe9, 0x2c, 0x86, 0xfb, 0xea, 0x2c, 0x1e, 0xde, 0xdb, 0x59, - 0x6c, 0xff, 0x03, 0x0b, 0xce, 0xe6, 0x7e, 0xb5, 0x07, 0x37, 0xf0, 0xd1, 0xfe, 0x4a, 0x05, 0x4e, - 0xe7, 0x54, 0xf9, 0x44, 0x3b, 0xe6, 0x7c, 0xb6, 0x8a, 0x88, 0x21, 0x48, 0x1f, 0x89, 0xcb, 0x61, - 0xcc, 0x99, 0xc4, 0x07, 0x3b, 0xaa, 0xd1, 0xc7, 0x25, 0xe5, 0x7b, 0x7b, 0x5c, 0x62, 0x4c, 0xcb, - 0x81, 0xfb, 0x3a, 0x2d, 0x2b, 0xfb, 0x9c, 0x61, 0xfc, 0xaa, 0x05, 0xe3, 0xed, 0x1e, 0xa5, 0xe5, - 0x85, 0xe3, 0xf1, 0xc6, 0xf1, 0x14, 0xae, 0xaf, 0x3f, 0x7a, 0x67, 0x77, 0xa2, 0x67, 0x45, 0x7f, - 0xdc, 0xb3, 0x57, 0xf6, 0x77, 0xca, 0xc0, 0x4a, 0xcc, 0xb2, 0x4a, 0x6e, 0x3b, 0xe8, 0xe3, 0x66, - 0xb1, 0x60, 0xab, 0xa8, 0xc2, 0xb6, 0x9c, 0xb8, 0x2a, 0x36, 0xcc, 0x47, 0x30, 0xaf, 0xf6, 0x70, - 0x56, 0x68, 0x95, 0xfa, 0x10, 0x5a, 0x9e, 0xac, 0xca, 0x5c, 0x2e, 0xbe, 0x2a, 0x73, 0x2d, 0x5b, - 0x91, 0x79, 0xef, 0x4f, 0x3c, 0xf0, 0x40, 0x7e, 0xe2, 0x5f, 0xb0, 0xb8, 0xe0, 0xc9, 0x7c, 0x05, - 0x6d, 0x19, 0x58, 0x7b, 0x58, 0x06, 0x4f, 0x43, 0x35, 0x26, 0xde, 0xfa, 0x65, 0xe2, 0x78, 0xc2, - 0x82, 0xd0, 0xe7, 0xd7, 0xa2, 0x1d, 0x2b, 0x0c, 0x76, 0x6d, 0xab, 0xe7, 0x05, 0xb7, 0x2f, 0xb6, - 0xc3, 0x64, 0x47, 0xd8, 0x12, 0xfa, 0xda, 0x56, 0x05, 0xc1, 0x06, 0x96, 0xfd, 0x37, 0x4b, 0x7c, - 0x06, 0x8a, 0x20, 0x88, 0x17, 0x32, 0x17, 0xed, 0xf5, 0x1f, 0x3f, 0xf0, 0x51, 0x80, 0x86, 0xba, - 0xca, 0x5e, 0x9c, 0x09, 0x5d, 0x3e, 0xf2, 0x3d, 0xdb, 0x82, 0x9e, 0x7e, 0x0d, 0xdd, 0x86, 0x0d, - 0x7e, 0x29, 0x59, 0x5a, 0xde, 0x57, 0x96, 0xa6, 0xc4, 0xca, 0xc0, 0x3e, 0xda, 0xee, 0x4f, 0x2d, - 0x48, 0x59, 0x44, 0x28, 0x84, 0x0a, 0xed, 0xee, 0x4e, 0x31, 0xb7, 0xf4, 0x9b, 0xa4, 0xa9, 0x68, - 0x14, 0xd3, 0x9e, 0xfd, 0xc4, 0x9c, 0x11, 0xf2, 0x44, 0xac, 0x04, 0x1f, 0xd5, 0x6b, 0xc5, 0x31, - 0xbc, 0x1c, 0x04, 0x9b, 0xfc, 0x60, 0x53, 0xc7, 0x5d, 0xd8, 0x2f, 0xc0, 0xa9, 0xae, 0x4e, 0xb1, - 0x3b, 0xb5, 0x02, 0xaa, 0x7d, 0x32, 0xd3, 0x95, 0x25, 0x70, 0x62, 0x0e, 0xb3, 0xbf, 0x69, 0xc1, - 0xc9, 0x2c, 0x79, 0xf4, 0xa6, 0x05, 0xa7, 0xe2, 0x2c, 0xbd, 0xe3, 0x1a, 0x3b, 0x15, 0xef, 0xd8, - 0x05, 0xc2, 0xdd, 0x9d, 0xb0, 0xff, 0xaf, 0x98, 0xfc, 0x37, 0x5d, 0xbf, 0x19, 0xdc, 0x56, 0x86, - 0x89, 0xd5, 0xd3, 0x30, 0xa1, 0xeb, 0xb1, 0xb1, 0x41, 0x9a, 0x1d, 0xaf, 0x2b, 0x73, 0x74, 0x45, - 0xb4, 0x63, 0x85, 0xc1, 0x12, 0xe5, 0x3a, 0xa2, 0x6c, 0x7b, 0x66, 0x52, 0xce, 0x8a, 0x76, 0xac, - 0x30, 0xd0, 0x73, 0x30, 0x62, 0xbc, 0xa4, 0x9c, 0x97, 0xcc, 0x20, 0x37, 0x54, 0x66, 0x8c, 0x53, - 0x58, 0x68, 0x12, 0x40, 0x19, 0x39, 0x52, 0x45, 0x32, 0x47, 0x91, 0x92, 0x44, 0x31, 0x36, 0x30, - 0x58, 0x5a, 0xaa, 0xd7, 0x89, 0x99, 0x8f, 0x7f, 0x50, 0x97, 0x12, 0x9d, 0x11, 0x6d, 0x58, 0x41, - 0xa9, 0x34, 0x69, 0x3b, 0x7e, 0xc7, 0xf1, 0xe8, 0x08, 0x89, 0xad, 0x9f, 0x5a, 0x86, 0x8b, 0x0a, - 0x82, 0x0d, 0x2c, 0xfa, 0xc6, 0x89, 0xdb, 0x26, 0x2f, 0x07, 0xbe, 0x8c, 0x53, 0xd3, 0xc7, 0x3e, - 0xa2, 0x1d, 0x2b, 0x0c, 0xfb, 0xbf, 0x5a, 0x70, 0x42, 0x27, 0xb9, 0xf3, 0xdb, 0xb3, 0xcd, 0x9d, - 0xaa, 0xb5, 0xef, 0x4e, 0x35, 0x9d, 0xfd, 0x5b, 0xea, 0x2b, 0xfb, 0xd7, 0x4c, 0xcc, 0x2d, 0xef, - 0x99, 0x98, 0xfb, 0x43, 0xfa, 0x66, 0x56, 0x9e, 0xc1, 0x3b, 0x9c, 0x77, 0x2b, 0x2b, 0xb2, 0x61, - 0xb0, 0xe1, 0xa8, 0x0a, 0x2f, 0x23, 0x7c, 0xef, 0x30, 0x33, 0xcd, 0x90, 0x04, 0xc4, 0x5e, 0x82, - 0x9a, 0x3a, 0xfd, 0x90, 0x1b, 0x55, 0x2b, 0x7f, 0xa3, 0xda, 0x57, 0x82, 0x60, 0x7d, 0xed, 0x5b, - 0xdf, 0x7d, 0xfc, 0x6d, 0xbf, 0xf7, 0xdd, 0xc7, 0xdf, 0xf6, 0x47, 0xdf, 0x7d, 0xfc, 0x6d, 0x9f, - 0xb8, 0xf3, 0xb8, 0xf5, 0xad, 0x3b, 0x8f, 0x5b, 0xbf, 0x77, 0xe7, 0x71, 0xeb, 0x8f, 0xee, 0x3c, - 0x6e, 0x7d, 0xe7, 0xce, 0xe3, 0xd6, 0x97, 0xfe, 0xd3, 0xe3, 0x6f, 0x7b, 0x39, 0x37, 0x50, 0x91, - 0xfe, 0x78, 0xa6, 0xd1, 0x9c, 0xda, 0xba, 0xc0, 0x62, 0xe5, 0xe8, 0xf2, 0x9a, 0x32, 0xe6, 0xd4, - 0x94, 0x5c, 0x5e, 0xff, 0x2f, 0x00, 0x00, 0xff, 0xff, 0x13, 0x8b, 0x32, 0x8c, 0xdc, 0xe2, 0x00, - 0x00, + 0x65, 0x3b, 0x95, 0x52, 0x4a, 0x49, 0xd9, 0xe5, 0x72, 0x59, 0x4e, 0x62, 0x23, 0xd2, 0xa5, 0x52, + 0x49, 0xa5, 0x2a, 0xae, 0x72, 0xe2, 0x1f, 0xc9, 0x25, 0x3f, 0x52, 0xfd, 0xdd, 0x33, 0x3b, 0x0b, + 0x2c, 0x80, 0xc1, 0xdd, 0x49, 0xe6, 0xbf, 0xdd, 0x7e, 0x6f, 0xde, 0xeb, 0xe9, 0xe9, 0x7e, 0xef, + 0xf5, 0xeb, 0xf7, 0x5e, 0xc3, 0x42, 0xcb, 0x4d, 0x36, 0x3a, 0x6b, 0x93, 0x8d, 0xa0, 0x3d, 0xe5, + 0x44, 0xad, 0x20, 0x8c, 0x82, 0x5b, 0xec, 0xc7, 0x33, 0x8d, 0xe6, 0xd4, 0xd6, 0x85, 0xa9, 0x70, + 0xb3, 0x35, 0xe5, 0x84, 0x6e, 0x3c, 0xe5, 0x84, 0xa1, 0xe7, 0x36, 0x9c, 0xc4, 0x0d, 0xfc, 0xa9, + 0xad, 0x67, 0x1d, 0x2f, 0xdc, 0x70, 0x9e, 0x9d, 0x6a, 0x11, 0x9f, 0x44, 0x4e, 0x42, 0x9a, 0x93, + 0x61, 0x14, 0x24, 0x01, 0xfa, 0x51, 0x4d, 0x6d, 0x52, 0x52, 0x63, 0x3f, 0x5e, 0x6d, 0x34, 0x27, + 0xb7, 0x2e, 0x4c, 0x86, 0x9b, 0xad, 0x49, 0x4a, 0x6d, 0xd2, 0xa0, 0x36, 0x29, 0xa9, 0x9d, 0x7b, + 0xc6, 0xe8, 0x4b, 0x2b, 0x68, 0x05, 0x53, 0x8c, 0xe8, 0x5a, 0x67, 0x9d, 0xfd, 0x63, 0x7f, 0xd8, + 0x2f, 0xce, 0xec, 0x9c, 0xbd, 0xf9, 0x42, 0x3c, 0xe9, 0x06, 0xb4, 0x7b, 0x53, 0x8d, 0x20, 0x22, + 0x53, 0x5b, 0x5d, 0x1d, 0x3a, 0x77, 0x59, 0xe3, 0x90, 0xed, 0x84, 0xf8, 0xb1, 0x1b, 0xf8, 0xf1, + 0x33, 0xb4, 0x0b, 0x24, 0xda, 0x22, 0x91, 0xf9, 0x7a, 0x06, 0x42, 0x1e, 0xa5, 0xe7, 0x34, 0xa5, + 0xb6, 0xd3, 0xd8, 0x70, 0x7d, 0x12, 0xed, 0xe8, 0xc7, 0xdb, 0x24, 0x71, 0xf2, 0x9e, 0x9a, 0xea, + 0xf5, 0x54, 0xd4, 0xf1, 0x13, 0xb7, 0x4d, 0xba, 0x1e, 0x78, 0xcf, 0x7e, 0x0f, 0xc4, 0x8d, 0x0d, + 0xd2, 0x76, 0xba, 0x9e, 0x7b, 0x77, 0xaf, 0xe7, 0x3a, 0x89, 0xeb, 0x4d, 0xb9, 0x7e, 0x12, 0x27, + 0x51, 0xf6, 0x21, 0xfb, 0x17, 0x2d, 0x18, 0x9d, 0xbe, 0xb9, 0x32, 0xdd, 0x49, 0x36, 0x66, 0x02, + 0x7f, 0xdd, 0x6d, 0xa1, 0xe7, 0x61, 0xb8, 0xe1, 0x75, 0xe2, 0x84, 0x44, 0xd7, 0x9c, 0x36, 0x19, + 0xb7, 0xce, 0x5b, 0x4f, 0xd5, 0xea, 0xa7, 0xbf, 0xb9, 0x3b, 0xf1, 0xb6, 0x3b, 0xbb, 0x13, 0xc3, + 0x33, 0x1a, 0x84, 0x4d, 0x3c, 0xf4, 0x4e, 0x18, 0x8a, 0x02, 0x8f, 0x4c, 0xe3, 0x6b, 0xe3, 0x25, + 0xf6, 0xc8, 0x09, 0xf1, 0xc8, 0x10, 0xe6, 0xcd, 0x58, 0xc2, 0x29, 0x6a, 0x18, 0x05, 0xeb, 0xae, + 0x47, 0xc6, 0xcb, 0x69, 0xd4, 0x65, 0xde, 0x8c, 0x25, 0xdc, 0xfe, 0xc3, 0x12, 0xc0, 0x74, 0x18, + 0x2e, 0x47, 0xc1, 0x2d, 0xd2, 0x48, 0xd0, 0x47, 0xa0, 0x4a, 0x87, 0xb9, 0xe9, 0x24, 0x0e, 0xeb, + 0xd8, 0xf0, 0x85, 0x1f, 0x9e, 0xe4, 0x6f, 0x3d, 0x69, 0xbe, 0xb5, 0x9e, 0x64, 0x14, 0x7b, 0x72, + 0xeb, 0xd9, 0xc9, 0xa5, 0x35, 0xfa, 0xfc, 0x22, 0x49, 0x9c, 0x3a, 0x12, 0xcc, 0x40, 0xb7, 0x61, + 0x45, 0x15, 0xf9, 0x30, 0x10, 0x87, 0xa4, 0xc1, 0xde, 0x61, 0xf8, 0xc2, 0xc2, 0xe4, 0x51, 0x66, + 0xf3, 0xa4, 0xee, 0xf9, 0x4a, 0x48, 0x1a, 0xf5, 0x11, 0xc1, 0x79, 0x80, 0xfe, 0xc3, 0x8c, 0x0f, + 0xda, 0x82, 0xc1, 0x38, 0x71, 0x92, 0x4e, 0xcc, 0x86, 0x62, 0xf8, 0xc2, 0xb5, 0xc2, 0x38, 0x32, + 0xaa, 0xf5, 0x31, 0xc1, 0x73, 0x90, 0xff, 0xc7, 0x82, 0x9b, 0xfd, 0x27, 0x16, 0x8c, 0x69, 0xe4, + 0x05, 0x37, 0x4e, 0xd0, 0x4f, 0x74, 0x0d, 0xee, 0x64, 0x7f, 0x83, 0x4b, 0x9f, 0x66, 0x43, 0x7b, + 0x52, 0x30, 0xab, 0xca, 0x16, 0x63, 0x60, 0xdb, 0x50, 0x71, 0x13, 0xd2, 0x8e, 0xc7, 0x4b, 0xe7, + 0xcb, 0x4f, 0x0d, 0x5f, 0xb8, 0x5c, 0xd4, 0x7b, 0xd6, 0x47, 0x05, 0xd3, 0xca, 0x3c, 0x25, 0x8f, + 0x39, 0x17, 0xfb, 0x57, 0x47, 0xcc, 0xf7, 0xa3, 0x03, 0x8e, 0x9e, 0x85, 0xe1, 0x38, 0xe8, 0x44, + 0x0d, 0x82, 0x49, 0x18, 0xc4, 0xe3, 0xd6, 0xf9, 0x32, 0x9d, 0x7a, 0x74, 0x52, 0xaf, 0xe8, 0x66, + 0x6c, 0xe2, 0xa0, 0x2f, 0x58, 0x30, 0xd2, 0x24, 0x71, 0xe2, 0xfa, 0x8c, 0xbf, 0xec, 0xfc, 0xea, + 0x91, 0x3b, 0x2f, 0x1b, 0x67, 0x35, 0xf1, 0xfa, 0x19, 0xf1, 0x22, 0x23, 0x46, 0x63, 0x8c, 0x53, + 0xfc, 0xe9, 0xe2, 0x6c, 0x92, 0xb8, 0x11, 0xb9, 0x21, 0xfd, 0x2f, 0x96, 0x8f, 0x5a, 0x9c, 0xb3, + 0x1a, 0x84, 0x4d, 0x3c, 0xe4, 0x43, 0x85, 0x2e, 0xbe, 0x78, 0x7c, 0x80, 0xf5, 0x7f, 0xfe, 0x68, + 0xfd, 0x17, 0x83, 0x4a, 0xd7, 0xb5, 0x1e, 0x7d, 0xfa, 0x2f, 0xc6, 0x9c, 0x0d, 0xfa, 0xbc, 0x05, + 0xe3, 0x42, 0x38, 0x60, 0xc2, 0x07, 0xf4, 0xe6, 0x86, 0x9b, 0x10, 0xcf, 0x8d, 0x93, 0xf1, 0x0a, + 0xeb, 0xc3, 0x54, 0x7f, 0x73, 0x6b, 0x2e, 0x0a, 0x3a, 0xe1, 0x55, 0xd7, 0x6f, 0xd6, 0xcf, 0x0b, + 0x4e, 0xe3, 0x33, 0x3d, 0x08, 0xe3, 0x9e, 0x2c, 0xd1, 0x97, 0x2d, 0x38, 0xe7, 0x3b, 0x6d, 0x12, + 0x87, 0x0e, 0xfd, 0xb4, 0x1c, 0x5c, 0xf7, 0x9c, 0xc6, 0x26, 0xeb, 0xd1, 0xe0, 0xe1, 0x7a, 0x64, + 0x8b, 0x1e, 0x9d, 0xbb, 0xd6, 0x93, 0x34, 0xde, 0x83, 0x2d, 0xfa, 0xba, 0x05, 0xa7, 0x82, 0x28, + 0xdc, 0x70, 0x7c, 0xd2, 0x94, 0xd0, 0x78, 0x7c, 0x88, 0x2d, 0xbd, 0x0f, 0x1f, 0xed, 0x13, 0x2d, + 0x65, 0xc9, 0x2e, 0x06, 0xbe, 0x9b, 0x04, 0xd1, 0x0a, 0x49, 0x12, 0xd7, 0x6f, 0xc5, 0xf5, 0xb3, + 0x77, 0x76, 0x27, 0x4e, 0x75, 0x61, 0xe1, 0xee, 0xfe, 0xa0, 0x9f, 0x84, 0xe1, 0x78, 0xc7, 0x6f, + 0xdc, 0x74, 0xfd, 0x66, 0x70, 0x3b, 0x1e, 0xaf, 0x16, 0xb1, 0x7c, 0x57, 0x14, 0x41, 0xb1, 0x00, + 0x35, 0x03, 0x6c, 0x72, 0xcb, 0xff, 0x70, 0x7a, 0x2a, 0xd5, 0x8a, 0xfe, 0x70, 0x7a, 0x32, 0xed, + 0xc1, 0x16, 0xfd, 0x9c, 0x05, 0xa3, 0xb1, 0xdb, 0xf2, 0x9d, 0xa4, 0x13, 0x91, 0xab, 0x64, 0x27, + 0x1e, 0x07, 0xd6, 0x91, 0x2b, 0x47, 0x1c, 0x15, 0x83, 0x64, 0xfd, 0xac, 0xe8, 0xe3, 0xa8, 0xd9, + 0x1a, 0xe3, 0x34, 0xdf, 0xbc, 0x85, 0xa6, 0xa7, 0xf5, 0x70, 0xb1, 0x0b, 0x4d, 0x4f, 0xea, 0x9e, + 0x2c, 0xd1, 0x8f, 0xc3, 0x49, 0xde, 0xa4, 0x46, 0x36, 0x1e, 0x1f, 0x61, 0x82, 0xf6, 0xcc, 0x9d, + 0xdd, 0x89, 0x93, 0x2b, 0x19, 0x18, 0xee, 0xc2, 0x46, 0xaf, 0xc1, 0x44, 0x48, 0xa2, 0xb6, 0x9b, + 0x2c, 0xf9, 0xde, 0x8e, 0x14, 0xdf, 0x8d, 0x20, 0x24, 0x4d, 0xd1, 0x9d, 0x78, 0x7c, 0xf4, 0xbc, + 0xf5, 0x54, 0xb5, 0xfe, 0x0e, 0xd1, 0xcd, 0x89, 0xe5, 0xbd, 0xd1, 0xf1, 0x7e, 0xf4, 0xec, 0x7f, + 0x53, 0x82, 0x93, 0x59, 0xc5, 0x89, 0xfe, 0xae, 0x05, 0x27, 0x6e, 0xdd, 0x4e, 0x56, 0x83, 0x4d, + 0xe2, 0xc7, 0xf5, 0x1d, 0x2a, 0xde, 0x98, 0xca, 0x18, 0xbe, 0xd0, 0x28, 0x56, 0x45, 0x4f, 0x5e, + 0x49, 0x73, 0xb9, 0xe8, 0x27, 0xd1, 0x4e, 0xfd, 0x61, 0xf1, 0x76, 0x27, 0xae, 0xdc, 0x5c, 0x35, + 0xa1, 0x38, 0xdb, 0xa9, 0x73, 0x9f, 0xb5, 0xe0, 0x4c, 0x1e, 0x09, 0x74, 0x12, 0xca, 0x9b, 0x64, + 0x87, 0x1b, 0x70, 0x98, 0xfe, 0x44, 0xaf, 0x40, 0x65, 0xcb, 0xf1, 0x3a, 0x44, 0x58, 0x37, 0x73, + 0x47, 0x7b, 0x11, 0xd5, 0x33, 0xcc, 0xa9, 0xbe, 0xb7, 0xf4, 0x82, 0x65, 0xff, 0x6e, 0x19, 0x86, + 0x0d, 0xfd, 0x76, 0x0f, 0x2c, 0xb6, 0x20, 0x65, 0xb1, 0x2d, 0x16, 0xa6, 0x9a, 0x7b, 0x9a, 0x6c, + 0xb7, 0x33, 0x26, 0xdb, 0x52, 0x71, 0x2c, 0xf7, 0xb4, 0xd9, 0x50, 0x02, 0xb5, 0x20, 0xa4, 0xd6, + 0x3b, 0x55, 0xfd, 0x03, 0x45, 0x7c, 0xc2, 0x25, 0x49, 0xae, 0x3e, 0x7a, 0x67, 0x77, 0xa2, 0xa6, + 0xfe, 0x62, 0xcd, 0xc8, 0xfe, 0xb6, 0x05, 0x67, 0x8c, 0x3e, 0xce, 0x04, 0x7e, 0xd3, 0x65, 0x9f, + 0xf6, 0x3c, 0x0c, 0x24, 0x3b, 0xa1, 0xdc, 0x21, 0xa8, 0x91, 0x5a, 0xdd, 0x09, 0x09, 0x66, 0x10, + 0x6a, 0xe8, 0xb7, 0x49, 0x1c, 0x3b, 0x2d, 0x92, 0xdd, 0x13, 0x2c, 0xf2, 0x66, 0x2c, 0xe1, 0x28, + 0x02, 0xe4, 0x39, 0x71, 0xb2, 0x1a, 0x39, 0x7e, 0xcc, 0xc8, 0xaf, 0xba, 0x6d, 0x22, 0x06, 0xf8, + 0x2f, 0xf5, 0x37, 0x63, 0xe8, 0x13, 0xf5, 0x87, 0xee, 0xec, 0x4e, 0xa0, 0x85, 0x2e, 0x4a, 0x38, + 0x87, 0xba, 0xfd, 0x65, 0x0b, 0x1e, 0xca, 0xb7, 0xc5, 0xd0, 0x93, 0x30, 0xc8, 0xb7, 0x87, 0xe2, + 0xed, 0xf4, 0x27, 0x61, 0xad, 0x58, 0x40, 0xd1, 0x14, 0xd4, 0x94, 0x9e, 0x10, 0xef, 0x78, 0x4a, + 0xa0, 0xd6, 0xb4, 0x72, 0xd1, 0x38, 0x74, 0xd0, 0xe8, 0x1f, 0x61, 0xb9, 0xa9, 0x41, 0x63, 0xfb, + 0x29, 0x06, 0xb1, 0xff, 0x93, 0x05, 0x27, 0x8c, 0x5e, 0xdd, 0x03, 0xd3, 0xdc, 0x4f, 0x9b, 0xe6, + 0xf3, 0x85, 0xcd, 0xe7, 0x1e, 0xb6, 0xf9, 0xe7, 0x2d, 0x38, 0x67, 0x60, 0x2d, 0x3a, 0x49, 0x63, + 0xe3, 0xe2, 0x76, 0x18, 0x91, 0x98, 0x6e, 0xbd, 0xd1, 0x63, 0x86, 0xdc, 0xaa, 0x0f, 0x0b, 0x0a, + 0xe5, 0xab, 0x64, 0x87, 0x0b, 0xb1, 0xa7, 0xa1, 0xca, 0x27, 0x67, 0x10, 0x89, 0x11, 0x57, 0xef, + 0xb6, 0x24, 0xda, 0xb1, 0xc2, 0x40, 0x36, 0x0c, 0x32, 0xe1, 0x44, 0x17, 0x2b, 0x55, 0x43, 0x40, + 0x3f, 0xe2, 0x0d, 0xd6, 0x82, 0x05, 0xc4, 0x8e, 0x53, 0xdd, 0x59, 0x8e, 0x08, 0xfb, 0xb8, 0xcd, + 0x4b, 0x2e, 0xf1, 0x9a, 0x31, 0xdd, 0x36, 0x38, 0xbe, 0x1f, 0x24, 0x62, 0x07, 0x60, 0x6c, 0x1b, + 0xa6, 0x75, 0x33, 0x36, 0x71, 0x28, 0x53, 0xcf, 0x59, 0x23, 0x1e, 0x1f, 0x51, 0xc1, 0x74, 0x81, + 0xb5, 0x60, 0x01, 0xb1, 0xef, 0x94, 0xd8, 0x06, 0x45, 0x2d, 0x7d, 0x72, 0x2f, 0x76, 0xb7, 0x51, + 0x4a, 0x56, 0x2e, 0x17, 0x27, 0xb8, 0x48, 0xef, 0x1d, 0xee, 0xeb, 0x19, 0x71, 0x89, 0x0b, 0xe5, + 0xba, 0xf7, 0x2e, 0xf7, 0xb7, 0x4a, 0x30, 0x91, 0x7e, 0xa0, 0x4b, 0xda, 0xd2, 0x2d, 0x95, 0xc1, + 0x28, 0xeb, 0xef, 0x30, 0xf0, 0xb1, 0x89, 0xd7, 0x43, 0x60, 0x95, 0x8e, 0x53, 0x60, 0x99, 0xf2, + 0xb4, 0xbc, 0x8f, 0x3c, 0x7d, 0x52, 0x8d, 0xfa, 0x40, 0x46, 0x80, 0xa5, 0x75, 0xca, 0x79, 0x18, + 0x88, 0x13, 0x12, 0x8e, 0x57, 0xd2, 0xf2, 0x68, 0x25, 0x21, 0x21, 0x66, 0x10, 0xfb, 0xbf, 0x97, + 0xe0, 0xe1, 0xf4, 0x18, 0x6a, 0x15, 0xf0, 0xfe, 0x94, 0x0a, 0x78, 0x97, 0xa9, 0x02, 0xee, 0xee, + 0x4e, 0xbc, 0xbd, 0xc7, 0x63, 0xdf, 0x33, 0x1a, 0x02, 0xcd, 0x65, 0x46, 0x71, 0x2a, 0x3d, 0x8a, + 0x77, 0x77, 0x27, 0x1e, 0xeb, 0xf1, 0x8e, 0x99, 0x61, 0x7e, 0x12, 0x06, 0x23, 0xe2, 0xc4, 0x81, + 0x2f, 0x06, 0x5a, 0x7d, 0x0e, 0xcc, 0x5a, 0xb1, 0x80, 0xda, 0xbf, 0x5f, 0xcb, 0x0e, 0xf6, 0x1c, + 0x77, 0xd8, 0x05, 0x11, 0x72, 0x61, 0x80, 0x99, 0xf5, 0x5c, 0x34, 0x5c, 0x3d, 0xda, 0x32, 0xa2, + 0x6a, 0x40, 0x91, 0xae, 0x57, 0xe9, 0x57, 0xa3, 0x4d, 0x98, 0xb1, 0x40, 0xdb, 0x50, 0x6d, 0x48, + 0x6b, 0xbb, 0x54, 0x84, 0x5f, 0x4a, 0xd8, 0xda, 0x9a, 0xe3, 0x08, 0x95, 0xd7, 0xca, 0x44, 0x57, + 0xdc, 0x10, 0x81, 0x72, 0xcb, 0x4d, 0xc4, 0x67, 0x3d, 0xe2, 0x7e, 0x6a, 0xce, 0x35, 0x5e, 0x71, + 0x88, 0x2a, 0x91, 0x39, 0x37, 0xc1, 0x94, 0x3e, 0xfa, 0x19, 0x0b, 0x86, 0xe3, 0x46, 0x7b, 0x39, + 0x0a, 0xb6, 0xdc, 0x26, 0x89, 0x84, 0x35, 0x75, 0x44, 0xd1, 0xb4, 0x32, 0xb3, 0x28, 0x09, 0x6a, + 0xbe, 0x7c, 0x7f, 0xab, 0x21, 0xd8, 0xe4, 0x4b, 0x77, 0x19, 0x0f, 0x8b, 0x77, 0x9f, 0x25, 0x0d, + 0x97, 0xea, 0x3f, 0xb9, 0xa9, 0x62, 0x33, 0xe5, 0xc8, 0xd6, 0xe5, 0x6c, 0xa7, 0xb1, 0x49, 0xd7, + 0x9b, 0xee, 0xd0, 0xdb, 0xef, 0xec, 0x4e, 0x3c, 0x3c, 0x93, 0xcf, 0x13, 0xf7, 0xea, 0x0c, 0x1b, + 0xb0, 0xb0, 0xe3, 0x79, 0x98, 0xbc, 0xd6, 0x21, 0xcc, 0x65, 0x52, 0xc0, 0x80, 0x2d, 0x6b, 0x82, + 0x99, 0x01, 0x33, 0x20, 0xd8, 0xe4, 0x8b, 0x5e, 0x83, 0xc1, 0xb6, 0x93, 0x44, 0xee, 0xb6, 0xf0, + 0x93, 0x1c, 0xd1, 0xde, 0x5f, 0x64, 0xb4, 0x34, 0x73, 0xa6, 0xa9, 0x79, 0x23, 0x16, 0x8c, 0x50, + 0x1b, 0x2a, 0x6d, 0x12, 0xb5, 0xc8, 0x78, 0xb5, 0x08, 0x9f, 0xf0, 0x22, 0x25, 0xa5, 0x19, 0xd6, + 0xa8, 0x75, 0xc4, 0xda, 0x30, 0xe7, 0x82, 0x5e, 0x81, 0x6a, 0x4c, 0x3c, 0xd2, 0xa0, 0xf6, 0x4d, + 0x8d, 0x71, 0x7c, 0x77, 0x9f, 0xb6, 0x1e, 0x35, 0x2c, 0x56, 0xc4, 0xa3, 0x7c, 0x81, 0xc9, 0x7f, + 0x58, 0x91, 0xa4, 0x03, 0x18, 0x7a, 0x9d, 0x96, 0xeb, 0x8f, 0x43, 0x11, 0x03, 0xb8, 0xcc, 0x68, + 0x65, 0x06, 0x90, 0x37, 0x62, 0xc1, 0xc8, 0xfe, 0x2f, 0x16, 0xa0, 0xb4, 0x50, 0xbb, 0x07, 0x46, + 0xed, 0x6b, 0x69, 0xa3, 0x76, 0xa1, 0x48, 0xab, 0xa3, 0x87, 0x5d, 0xfb, 0x1b, 0x35, 0xc8, 0xa8, + 0x83, 0x6b, 0x24, 0x4e, 0x48, 0xf3, 0x2d, 0x11, 0xfe, 0x96, 0x08, 0x7f, 0x4b, 0x84, 0x2b, 0x11, + 0xbe, 0x96, 0x11, 0xe1, 0xef, 0x33, 0x56, 0xbd, 0x3e, 0x80, 0x7d, 0x55, 0x9d, 0xd0, 0x9a, 0x3d, + 0x30, 0x10, 0xa8, 0x24, 0xb8, 0xb2, 0xb2, 0x74, 0x2d, 0x57, 0x66, 0xbf, 0x9a, 0x96, 0xd9, 0x47, + 0x65, 0xf1, 0x17, 0x41, 0x4a, 0xff, 0x6b, 0x0b, 0xde, 0x91, 0x96, 0x5e, 0x72, 0xe6, 0xcc, 0xb7, + 0xfc, 0x20, 0x22, 0xb3, 0xee, 0xfa, 0x3a, 0x89, 0x88, 0xdf, 0x20, 0xb1, 0xf2, 0x62, 0x58, 0xbd, + 0xbc, 0x18, 0xe8, 0x39, 0x18, 0xb9, 0x15, 0x07, 0xfe, 0x72, 0xe0, 0xfa, 0x42, 0x04, 0xd1, 0x8d, + 0xf0, 0xc9, 0x3b, 0xbb, 0x13, 0x23, 0x74, 0x44, 0x65, 0x3b, 0x4e, 0x61, 0xa1, 0x19, 0x38, 0x75, + 0xeb, 0xb5, 0x65, 0x27, 0x31, 0xdc, 0x01, 0x72, 0xe3, 0xce, 0x0e, 0x2c, 0xae, 0xbc, 0x94, 0x01, + 0xe2, 0x6e, 0x7c, 0xfb, 0x6f, 0x95, 0xe0, 0x91, 0xcc, 0x8b, 0x04, 0x9e, 0x17, 0x74, 0x12, 0xba, + 0xa9, 0x41, 0x5f, 0xb5, 0xe0, 0x64, 0x3b, 0xed, 0x71, 0x88, 0x85, 0x63, 0xf7, 0x03, 0x85, 0xe9, + 0x88, 0x8c, 0x4b, 0xa3, 0x3e, 0x2e, 0x46, 0xe8, 0x64, 0x06, 0x10, 0xe3, 0xae, 0xbe, 0xa0, 0x57, + 0xa0, 0xd6, 0x76, 0xb6, 0xaf, 0x87, 0x4d, 0x27, 0x91, 0xfb, 0xc9, 0xde, 0x6e, 0x80, 0x4e, 0xe2, + 0x7a, 0x93, 0xfc, 0x68, 0x7f, 0x72, 0xde, 0x4f, 0x96, 0xa2, 0x95, 0x24, 0x72, 0xfd, 0x16, 0x77, + 0xe7, 0x2d, 0x4a, 0x32, 0x58, 0x53, 0xb4, 0xbf, 0x62, 0x65, 0x95, 0x94, 0x1a, 0x9d, 0xc8, 0x49, + 0x48, 0x6b, 0x07, 0x7d, 0x14, 0x2a, 0x74, 0xe3, 0x27, 0x47, 0xe5, 0x66, 0x91, 0x9a, 0xd3, 0xf8, + 0x12, 0x5a, 0x89, 0xd2, 0x7f, 0x31, 0xe6, 0x4c, 0xed, 0xaf, 0xd6, 0xb2, 0xc6, 0x02, 0x3b, 0xbc, + 0xbd, 0x00, 0xd0, 0x0a, 0x56, 0x49, 0x3b, 0xf4, 0xe8, 0xb0, 0x58, 0xec, 0x04, 0x40, 0xf9, 0x3a, + 0xe6, 0x14, 0x04, 0x1b, 0x58, 0xe8, 0xaf, 0x58, 0x00, 0x2d, 0x39, 0xe7, 0xa5, 0x21, 0x70, 0xbd, + 0xc8, 0xd7, 0xd1, 0x2b, 0x4a, 0xf7, 0x45, 0x31, 0xc4, 0x06, 0x73, 0xf4, 0xd3, 0x16, 0x54, 0x13, + 0xd9, 0x7d, 0xae, 0x1a, 0x57, 0x8b, 0xec, 0x89, 0x7c, 0x69, 0x6d, 0x13, 0xa9, 0x21, 0x51, 0x7c, + 0xd1, 0xcf, 0x5a, 0x00, 0xf1, 0x8e, 0xdf, 0x58, 0x0e, 0x3c, 0xb7, 0xb1, 0x23, 0x34, 0xe6, 0x8d, + 0x42, 0xfd, 0x31, 0x8a, 0x7a, 0x7d, 0x8c, 0x8e, 0x86, 0xfe, 0x8f, 0x0d, 0xce, 0xe8, 0xe3, 0x50, + 0x8d, 0xc5, 0x74, 0x13, 0x3a, 0x72, 0xb5, 0x58, 0xaf, 0x10, 0xa7, 0x2d, 0xc4, 0xab, 0xf8, 0x87, + 0x15, 0x4f, 0xf4, 0xf3, 0x16, 0x9c, 0x08, 0xd3, 0x7e, 0x3e, 0xa1, 0x0e, 0x8b, 0x93, 0x01, 0x19, + 0x3f, 0x62, 0xfd, 0xf4, 0x9d, 0xdd, 0x89, 0x13, 0x99, 0x46, 0x9c, 0xed, 0x05, 0x95, 0x80, 0x7a, + 0x06, 0x2f, 0x85, 0xdc, 0xe7, 0x38, 0xa4, 0x25, 0xe0, 0x5c, 0x16, 0x88, 0xbb, 0xf1, 0xd1, 0x32, + 0x9c, 0xa1, 0xbd, 0xdb, 0xe1, 0xe6, 0xa7, 0x54, 0x2f, 0x31, 0x53, 0x86, 0xd5, 0xfa, 0xa3, 0x62, + 0x86, 0x30, 0xaf, 0x7e, 0x16, 0x07, 0xe7, 0x3e, 0x89, 0x7e, 0xd7, 0x82, 0x47, 0x5d, 0xa6, 0x06, + 0x4c, 0x87, 0xb9, 0xd6, 0x08, 0xe2, 0x24, 0x96, 0x14, 0x2a, 0x2b, 0x7a, 0xa9, 0x9f, 0xfa, 0x0f, + 0x8a, 0x37, 0x78, 0x74, 0x7e, 0x8f, 0x2e, 0xe1, 0x3d, 0x3b, 0x8c, 0x7e, 0x04, 0x46, 0xe5, 0xba, + 0x58, 0xa6, 0x22, 0x98, 0x29, 0xda, 0x5a, 0xfd, 0xd4, 0x9d, 0xdd, 0x89, 0xd1, 0x55, 0x13, 0x80, + 0xd3, 0x78, 0xf6, 0xb7, 0x4a, 0xa9, 0xf3, 0x10, 0xe5, 0x84, 0x64, 0xe2, 0xa6, 0x21, 0xfd, 0x3f, + 0x52, 0x7a, 0x16, 0x2a, 0x6e, 0x94, 0x77, 0x49, 0x8b, 0x1b, 0xd5, 0x14, 0x63, 0x83, 0x39, 0x35, + 0x4a, 0x4f, 0x39, 0x59, 0x57, 0xa7, 0x90, 0x80, 0xaf, 0x14, 0xd9, 0xa5, 0xee, 0xd3, 0xab, 0x47, + 0x44, 0xd7, 0x4e, 0x75, 0x81, 0x70, 0x77, 0x97, 0xec, 0x6f, 0xa5, 0xcf, 0x60, 0x8c, 0xc5, 0xdb, + 0xc7, 0xf9, 0xd2, 0x17, 0x2c, 0x18, 0x8e, 0x02, 0xcf, 0x73, 0xfd, 0x16, 0x15, 0x34, 0x42, 0x5b, + 0x7e, 0xe8, 0x58, 0x14, 0x96, 0x90, 0x28, 0xcc, 0xb4, 0xc5, 0x9a, 0x27, 0x36, 0x3b, 0x60, 0xff, + 0x89, 0x05, 0xe3, 0xbd, 0x04, 0x22, 0x22, 0xf0, 0x76, 0xb9, 0xda, 0x55, 0x74, 0xc5, 0x92, 0x3f, + 0x4b, 0x3c, 0xa2, 0x1c, 0xcf, 0xd5, 0xfa, 0x13, 0xe2, 0x35, 0xdf, 0xbe, 0xdc, 0x1b, 0x15, 0xef, + 0x45, 0x07, 0xbd, 0x0c, 0x27, 0x8d, 0xf7, 0x8a, 0xd5, 0xc0, 0xd4, 0xea, 0x93, 0xd4, 0x02, 0x99, + 0xce, 0xc0, 0xee, 0xee, 0x4e, 0x3c, 0x94, 0x6d, 0x13, 0x12, 0xbb, 0x8b, 0x8e, 0xfd, 0x2b, 0xa5, + 0xec, 0xd7, 0x52, 0xca, 0xf6, 0x4d, 0xab, 0x6b, 0x3b, 0xff, 0x81, 0xe3, 0x50, 0x70, 0x6c, 0xe3, + 0xaf, 0x02, 0x38, 0x7a, 0xe3, 0xdc, 0xc7, 0x13, 0x62, 0xfb, 0xdf, 0x0e, 0xc0, 0x1e, 0x3d, 0xeb, + 0xc3, 0x7a, 0x3e, 0xf0, 0xb1, 0xe2, 0xe7, 0x2c, 0x75, 0xe4, 0x54, 0x66, 0x8b, 0xbc, 0x79, 0x5c, + 0x63, 0xcf, 0x37, 0x30, 0x31, 0x8f, 0x52, 0x50, 0x6e, 0xec, 0xf4, 0xe1, 0x16, 0xfa, 0x9a, 0x95, + 0x3e, 0x34, 0xe3, 0x61, 0x67, 0xee, 0xb1, 0xf5, 0xc9, 0x38, 0x89, 0xe3, 0x1d, 0xd3, 0xe7, 0x37, + 0xbd, 0xce, 0xe8, 0x26, 0x01, 0xd6, 0x5d, 0xdf, 0xf1, 0xdc, 0xd7, 0xe9, 0xf6, 0xa4, 0xc2, 0x34, + 0x2c, 0x33, 0x59, 0x2e, 0xa9, 0x56, 0x6c, 0x60, 0x9c, 0xfb, 0xcb, 0x30, 0x6c, 0xbc, 0x79, 0x4e, + 0x70, 0xc5, 0x19, 0x33, 0xb8, 0xa2, 0x66, 0xc4, 0x44, 0x9c, 0x7b, 0x1f, 0x9c, 0xcc, 0x76, 0xf0, + 0x20, 0xcf, 0xdb, 0xff, 0x7b, 0x28, 0x7b, 0x8a, 0xb5, 0x4a, 0xa2, 0x36, 0xed, 0xda, 0x5b, 0x9e, + 0xa5, 0xb7, 0x3c, 0x4b, 0x6f, 0x79, 0x96, 0xcc, 0xc3, 0x01, 0xe1, 0x35, 0x19, 0xba, 0x47, 0x5e, + 0x93, 0x94, 0x1f, 0xa8, 0x5a, 0xb8, 0x1f, 0xc8, 0xbe, 0x53, 0x81, 0x94, 0x1d, 0xc5, 0xc7, 0xfb, + 0x9d, 0x30, 0x14, 0x91, 0x30, 0xb8, 0x8e, 0x17, 0x84, 0x0e, 0xd1, 0xb1, 0xf6, 0xbc, 0x19, 0x4b, + 0x38, 0xd5, 0x35, 0xa1, 0x93, 0x6c, 0x08, 0x25, 0xa2, 0x74, 0xcd, 0xb2, 0x93, 0x6c, 0x60, 0x06, + 0x41, 0xef, 0x83, 0xb1, 0xc4, 0x89, 0x5a, 0xd4, 0xde, 0xde, 0x62, 0x9f, 0x55, 0x9c, 0x75, 0x3e, + 0x24, 0x70, 0xc7, 0x56, 0x53, 0x50, 0x9c, 0xc1, 0x46, 0xaf, 0xc1, 0xc0, 0x06, 0xf1, 0xda, 0x62, + 0xc8, 0x57, 0x8a, 0x93, 0xf1, 0xec, 0x5d, 0x2f, 0x13, 0xaf, 0xcd, 0x25, 0x10, 0xfd, 0x85, 0x19, + 0x2b, 0x3a, 0xdf, 0x6a, 0x9b, 0x9d, 0x38, 0x09, 0xda, 0xee, 0xeb, 0xd2, 0xc5, 0xf7, 0x81, 0x82, + 0x19, 0x5f, 0x95, 0xf4, 0xb9, 0x2f, 0x45, 0xfd, 0xc5, 0x9a, 0x33, 0xeb, 0x47, 0xd3, 0x8d, 0xd8, + 0xa7, 0xda, 0x11, 0x9e, 0xba, 0xa2, 0xfb, 0x31, 0x2b, 0xe9, 0xf3, 0x7e, 0xa8, 0xbf, 0x58, 0x73, + 0x46, 0x3b, 0x6a, 0xde, 0x0f, 0xb3, 0x3e, 0x5c, 0x2f, 0xb8, 0x0f, 0x7c, 0xce, 0xe7, 0xce, 0xff, + 0x27, 0xa0, 0xd2, 0xd8, 0x70, 0xa2, 0x64, 0x7c, 0x84, 0x4d, 0x1a, 0xe5, 0xd3, 0x99, 0xa1, 0x8d, + 0x98, 0xc3, 0xd0, 0x63, 0x50, 0x8e, 0xc8, 0x3a, 0x8b, 0xdb, 0x34, 0x22, 0x7a, 0x30, 0x59, 0xc7, + 0xb4, 0xdd, 0xfe, 0xa5, 0x52, 0xda, 0x5c, 0x4a, 0xbf, 0x37, 0x9f, 0xed, 0x8d, 0x4e, 0x14, 0x4b, + 0xbf, 0x8f, 0x31, 0xdb, 0x59, 0x33, 0x96, 0x70, 0xf4, 0x49, 0x0b, 0x86, 0x6e, 0xc5, 0x81, 0xef, + 0x93, 0x44, 0xa8, 0xa6, 0x1b, 0x05, 0x0f, 0xc5, 0x15, 0x4e, 0x5d, 0xf7, 0x41, 0x34, 0x60, 0xc9, + 0x97, 0x76, 0x97, 0x6c, 0x37, 0xbc, 0x4e, 0xb3, 0x2b, 0x48, 0xe3, 0x22, 0x6f, 0xc6, 0x12, 0x4e, + 0x51, 0x5d, 0x9f, 0xa3, 0x0e, 0xa4, 0x51, 0xe7, 0x7d, 0x81, 0x2a, 0xe0, 0xf6, 0xdf, 0x18, 0x84, + 0xb3, 0xb9, 0x8b, 0x83, 0x1a, 0x32, 0xcc, 0x54, 0xb8, 0xe4, 0x7a, 0x44, 0x86, 0x27, 0x31, 0x43, + 0xe6, 0x86, 0x6a, 0xc5, 0x06, 0x06, 0xfa, 0x29, 0x80, 0xd0, 0x89, 0x9c, 0x36, 0x51, 0x7e, 0xd9, + 0x23, 0xdb, 0x0b, 0xb4, 0x1f, 0xcb, 0x92, 0xa6, 0xde, 0x9b, 0xaa, 0xa6, 0x18, 0x1b, 0x2c, 0xd1, + 0xf3, 0x30, 0x1c, 0x11, 0x8f, 0x38, 0x31, 0x0b, 0xfb, 0xcd, 0xe6, 0x30, 0x60, 0x0d, 0xc2, 0x26, + 0x1e, 0x7a, 0x52, 0x45, 0x72, 0x65, 0x22, 0x5a, 0xd2, 0xd1, 0x5c, 0xe8, 0x0d, 0x0b, 0xc6, 0xd6, + 0x5d, 0x8f, 0x68, 0xee, 0x22, 0xe3, 0x60, 0xe9, 0xe8, 0x2f, 0x79, 0xc9, 0xa4, 0xab, 0x25, 0x64, + 0xaa, 0x39, 0xc6, 0x19, 0xf6, 0xf4, 0x33, 0x6f, 0x91, 0x88, 0x89, 0xd6, 0xc1, 0xf4, 0x67, 0xbe, + 0xc1, 0x9b, 0xb1, 0x84, 0xa3, 0x69, 0x38, 0x11, 0x3a, 0x71, 0x3c, 0x13, 0x91, 0x26, 0xf1, 0x13, + 0xd7, 0xf1, 0x78, 0x3e, 0x40, 0x55, 0xc7, 0x03, 0x2f, 0xa7, 0xc1, 0x38, 0x8b, 0x8f, 0x3e, 0x08, + 0x0f, 0x73, 0xc7, 0xc7, 0xa2, 0x1b, 0xc7, 0xae, 0xdf, 0xd2, 0xd3, 0x40, 0xf8, 0x7f, 0x26, 0x04, + 0xa9, 0x87, 0xe7, 0xf3, 0xd1, 0x70, 0xaf, 0xe7, 0xd1, 0xd3, 0x50, 0x8d, 0x37, 0xdd, 0x70, 0x26, + 0x6a, 0xc6, 0xec, 0xd0, 0xa3, 0xaa, 0xbd, 0x8d, 0x2b, 0xa2, 0x1d, 0x2b, 0x0c, 0xd4, 0x80, 0x11, + 0xfe, 0x49, 0x78, 0x28, 0x9a, 0x90, 0x8f, 0xcf, 0xf4, 0x54, 0x8f, 0x22, 0xbd, 0x6d, 0x12, 0x3b, + 0xb7, 0x2f, 0xca, 0x23, 0x18, 0x7e, 0x62, 0x70, 0xc3, 0x20, 0x83, 0x53, 0x44, 0xed, 0x5f, 0x28, + 0xa5, 0x77, 0xdc, 0xe6, 0x22, 0x45, 0x31, 0x5d, 0x8a, 0xc9, 0x0d, 0x27, 0x92, 0xde, 0x98, 0x23, + 0xa6, 0x2d, 0x08, 0xba, 0x37, 0x9c, 0xc8, 0x5c, 0xd4, 0x8c, 0x01, 0x96, 0x9c, 0xd0, 0x2d, 0x18, + 0x48, 0x3c, 0xa7, 0xa0, 0x3c, 0x27, 0x83, 0xa3, 0x76, 0x80, 0x2c, 0x4c, 0xc7, 0x98, 0xf1, 0x40, + 0x8f, 0x52, 0xab, 0x7f, 0x4d, 0x1e, 0x91, 0x08, 0x43, 0x7d, 0x2d, 0xc6, 0xac, 0xd5, 0xbe, 0x0b, + 0x39, 0x72, 0x55, 0x29, 0x32, 0x74, 0x01, 0x80, 0x6e, 0x20, 0x97, 0x23, 0xb2, 0xee, 0x6e, 0x0b, + 0x43, 0x42, 0xad, 0xdd, 0x6b, 0x0a, 0x82, 0x0d, 0x2c, 0xf9, 0xcc, 0x4a, 0x67, 0x9d, 0x3e, 0x53, + 0xea, 0x7e, 0x86, 0x43, 0xb0, 0x81, 0x85, 0x9e, 0x83, 0x41, 0xb7, 0xed, 0xb4, 0x54, 0x08, 0xe6, + 0xa3, 0x74, 0xd1, 0xce, 0xb3, 0x96, 0xbb, 0xbb, 0x13, 0x63, 0xaa, 0x43, 0xac, 0x09, 0x0b, 0x5c, + 0xf4, 0x2b, 0x16, 0x8c, 0x34, 0x82, 0x76, 0x3b, 0xf0, 0xf9, 0xb6, 0x4b, 0xec, 0x21, 0x6f, 0x1d, + 0x97, 0x9a, 0x9f, 0x9c, 0x31, 0x98, 0xf1, 0x4d, 0xa4, 0x4a, 0xc8, 0x32, 0x41, 0x38, 0xd5, 0x2b, + 0x73, 0x6d, 0x57, 0xf6, 0x59, 0xdb, 0xbf, 0x6e, 0xc1, 0x29, 0xfe, 0xac, 0xb1, 0x1b, 0x14, 0xb9, + 0x47, 0xc1, 0x31, 0xbf, 0x56, 0xd7, 0x06, 0x59, 0x79, 0xe9, 0xba, 0xe0, 0xb8, 0xbb, 0x93, 0x68, + 0x0e, 0x4e, 0xad, 0x07, 0x51, 0x83, 0x98, 0x03, 0x21, 0x04, 0x93, 0x22, 0x74, 0x29, 0x8b, 0x80, + 0xbb, 0x9f, 0x41, 0x37, 0xe0, 0x21, 0xa3, 0xd1, 0x1c, 0x07, 0x2e, 0x9b, 0x1e, 0x17, 0xd4, 0x1e, + 0xba, 0x94, 0x8b, 0x85, 0x7b, 0x3c, 0x9d, 0x76, 0x98, 0xd4, 0xfa, 0x70, 0x98, 0xbc, 0x0a, 0x8f, + 0x34, 0xba, 0x47, 0x66, 0x2b, 0xee, 0xac, 0xc5, 0x5c, 0x52, 0x55, 0xeb, 0x3f, 0x20, 0x08, 0x3c, + 0x32, 0xd3, 0x0b, 0x11, 0xf7, 0xa6, 0x81, 0x3e, 0x0a, 0xd5, 0x88, 0xb0, 0xaf, 0x12, 0x8b, 0x44, + 0x9c, 0x23, 0xee, 0x92, 0xb5, 0x05, 0xca, 0xc9, 0x6a, 0xd9, 0x2b, 0x1a, 0x62, 0xac, 0x38, 0xa2, + 0xdb, 0x30, 0x14, 0x3a, 0x49, 0x63, 0x43, 0xa4, 0xdf, 0x1c, 0x39, 0xfe, 0x45, 0x31, 0x67, 0x3e, + 0x70, 0x23, 0x61, 0x97, 0x33, 0xc1, 0x92, 0x1b, 0xb5, 0x46, 0x1a, 0x41, 0x3b, 0x0c, 0x7c, 0xe2, + 0x27, 0xf1, 0xf8, 0xa8, 0xb6, 0x46, 0x66, 0x54, 0x2b, 0x36, 0x30, 0xd0, 0x32, 0x9c, 0x61, 0x3e, + 0xa3, 0x9b, 0x6e, 0xb2, 0x11, 0x74, 0x12, 0xb9, 0x05, 0x1a, 0x1f, 0x4b, 0x1f, 0x55, 0x2c, 0xe4, + 0xe0, 0xe0, 0xdc, 0x27, 0xcf, 0xbd, 0x1f, 0x4e, 0x75, 0x2d, 0xe5, 0x03, 0xb9, 0x6b, 0x66, 0xe1, + 0xa1, 0xfc, 0x45, 0x73, 0x20, 0xa7, 0xcd, 0x3f, 0xc9, 0x84, 0xcd, 0x1a, 0x86, 0x74, 0x1f, 0x0e, + 0x40, 0x07, 0xca, 0xc4, 0xdf, 0x12, 0x3a, 0xe4, 0xd2, 0xd1, 0xbe, 0xdd, 0x45, 0x7f, 0x8b, 0xaf, + 0x79, 0xe6, 0xe5, 0xb8, 0xe8, 0x6f, 0x61, 0x4a, 0x1b, 0x7d, 0xc9, 0x4a, 0x19, 0x82, 0xdc, 0x6d, + 0xf8, 0xe1, 0x63, 0xd9, 0x39, 0xf4, 0x6d, 0x1b, 0xda, 0xff, 0xae, 0x04, 0xe7, 0xf7, 0x23, 0xd2, + 0xc7, 0xf0, 0x3d, 0x01, 0x83, 0x31, 0x3b, 0x08, 0x17, 0x42, 0x79, 0x98, 0xce, 0x55, 0x7e, 0x34, + 0xfe, 0x2a, 0x16, 0x20, 0xe4, 0x41, 0xb9, 0xed, 0x84, 0xc2, 0x9b, 0x34, 0x7f, 0xd4, 0x44, 0x1a, + 0xfa, 0xdf, 0xf1, 0x16, 0x9d, 0x90, 0xfb, 0x28, 0x8c, 0x06, 0x4c, 0xd9, 0xa0, 0x04, 0x2a, 0x4e, + 0x14, 0x39, 0xf2, 0xd4, 0xf5, 0x6a, 0x31, 0xfc, 0xa6, 0x29, 0x49, 0x7e, 0x68, 0x95, 0x6a, 0xc2, + 0x9c, 0x99, 0xfd, 0xb9, 0xa1, 0x54, 0x32, 0x09, 0x3b, 0x4a, 0x8f, 0x61, 0x50, 0x38, 0x91, 0xac, + 0xa2, 0xf3, 0x97, 0x78, 0x36, 0x20, 0xdb, 0x27, 0x8a, 0x9c, 0x6a, 0xc1, 0x0a, 0x7d, 0xd6, 0x62, + 0x99, 0xcb, 0x32, 0xc1, 0x46, 0xec, 0xce, 0x8e, 0x27, 0x91, 0xda, 0xcc, 0x87, 0x96, 0x8d, 0xd8, + 0xe4, 0x2e, 0x2a, 0x10, 0x30, 0xab, 0xb4, 0xbb, 0x02, 0x01, 0xb3, 0x32, 0x25, 0x1c, 0x6d, 0xe7, + 0x1c, 0x99, 0x17, 0x90, 0xfd, 0xda, 0xc7, 0x21, 0xf9, 0xd7, 0x2c, 0x38, 0xe5, 0x66, 0xcf, 0x3e, + 0xc5, 0x5e, 0xe6, 0x88, 0x41, 0x19, 0xbd, 0x8f, 0x56, 0x95, 0x3a, 0xef, 0x02, 0xe1, 0xee, 0xce, + 0xa0, 0x26, 0x0c, 0xb8, 0xfe, 0x7a, 0x20, 0x8c, 0x98, 0xfa, 0xd1, 0x3a, 0x35, 0xef, 0xaf, 0x07, + 0x7a, 0x35, 0xd3, 0x7f, 0x98, 0x51, 0x47, 0x0b, 0x70, 0x26, 0x12, 0xde, 0xa6, 0xcb, 0x6e, 0x9c, + 0x04, 0xd1, 0xce, 0x82, 0xdb, 0x76, 0x13, 0x66, 0x80, 0x94, 0xeb, 0xe3, 0x54, 0x3f, 0xe0, 0x1c, + 0x38, 0xce, 0x7d, 0x0a, 0xbd, 0x0e, 0x43, 0x32, 0xd5, 0xba, 0x5a, 0xc4, 0xbe, 0xb0, 0x7b, 0xfe, + 0xab, 0xc9, 0xb4, 0x22, 0xb2, 0xaa, 0x25, 0x43, 0xfb, 0x8d, 0x61, 0xe8, 0x3e, 0x16, 0x45, 0x1f, + 0x83, 0x5a, 0xa4, 0xd2, 0xbf, 0xad, 0x22, 0xd4, 0xb5, 0xfc, 0xbe, 0xe2, 0x48, 0x56, 0x99, 0x42, + 0x3a, 0xd1, 0x5b, 0x73, 0xa4, 0x1b, 0x96, 0x58, 0x9f, 0x9e, 0x16, 0x30, 0xb7, 0x05, 0x57, 0x7d, + 0x32, 0xb6, 0xe3, 0x37, 0x30, 0xe3, 0x81, 0x22, 0x18, 0xdc, 0x20, 0x8e, 0x97, 0x6c, 0x14, 0xe3, + 0xc4, 0xbf, 0xcc, 0x68, 0x65, 0x93, 0x80, 0x78, 0x2b, 0x16, 0x9c, 0xd0, 0x36, 0x0c, 0x6d, 0xf0, + 0x09, 0x20, 0xf6, 0x10, 0x8b, 0x47, 0x1d, 0xdc, 0xd4, 0xac, 0xd2, 0x9f, 0x5b, 0x34, 0x60, 0xc9, + 0x8e, 0xc5, 0xdb, 0x18, 0x11, 0x01, 0x7c, 0xe9, 0x16, 0x97, 0xff, 0xd4, 0x7f, 0x38, 0xc0, 0x47, + 0x60, 0x24, 0x22, 0x8d, 0xc0, 0x6f, 0xb8, 0x1e, 0x69, 0x4e, 0x4b, 0x07, 0xfd, 0x41, 0xb2, 0x66, + 0xd8, 0x3e, 0x1c, 0x1b, 0x34, 0x70, 0x8a, 0x22, 0xfa, 0x8c, 0x05, 0x63, 0x2a, 0x67, 0x94, 0x7e, + 0x10, 0x22, 0x1c, 0xc2, 0x0b, 0x05, 0x65, 0xa8, 0x32, 0x9a, 0x75, 0x74, 0x67, 0x77, 0x62, 0x2c, + 0xdd, 0x86, 0x33, 0x7c, 0xd1, 0xcb, 0x00, 0xc1, 0x1a, 0x0f, 0xaa, 0x99, 0x4e, 0x84, 0x77, 0xf8, + 0x20, 0xaf, 0x3a, 0xc6, 0xd3, 0xe7, 0x24, 0x05, 0x6c, 0x50, 0x43, 0x57, 0x01, 0xf8, 0xb2, 0x59, + 0xdd, 0x09, 0xe5, 0x46, 0x43, 0xa6, 0x3d, 0xc1, 0x8a, 0x82, 0xdc, 0xdd, 0x9d, 0xe8, 0xf6, 0xd6, + 0xb1, 0xc0, 0x05, 0xe3, 0x71, 0xf4, 0x93, 0x30, 0x14, 0x77, 0xda, 0x6d, 0x47, 0xf9, 0x8e, 0x0b, + 0x4c, 0xc8, 0xe3, 0x74, 0x0d, 0x51, 0xc4, 0x1b, 0xb0, 0xe4, 0x88, 0x6e, 0x51, 0xa1, 0x1a, 0x0b, + 0x37, 0x22, 0x5b, 0x45, 0xdc, 0x26, 0x18, 0x66, 0xef, 0xf4, 0x1e, 0x69, 0x78, 0xe3, 0x1c, 0x9c, + 0xbb, 0xbb, 0x13, 0x0f, 0xa5, 0xdb, 0x17, 0x02, 0x91, 0x22, 0x97, 0x4b, 0x13, 0x5d, 0x91, 0x95, + 0x57, 0xe8, 0x6b, 0xcb, 0x82, 0x00, 0x4f, 0xe9, 0xca, 0x2b, 0xac, 0xb9, 0xf7, 0x98, 0x99, 0x0f, + 0xa3, 0x45, 0x38, 0xdd, 0x08, 0xfc, 0x24, 0x0a, 0x3c, 0x8f, 0x57, 0x1e, 0xe2, 0x7b, 0x3e, 0xee, + 0x5b, 0x7e, 0xbb, 0xe8, 0xf6, 0xe9, 0x99, 0x6e, 0x14, 0x9c, 0xf7, 0x9c, 0xed, 0xa7, 0xa3, 0x0d, + 0xc5, 0xe0, 0x3c, 0x07, 0x23, 0x64, 0x3b, 0x21, 0x91, 0xef, 0x78, 0xd7, 0xf1, 0x82, 0xf4, 0xaa, + 0xb2, 0x35, 0x70, 0xd1, 0x68, 0xc7, 0x29, 0x2c, 0x64, 0x2b, 0x47, 0x87, 0x91, 0xf6, 0xc9, 0x1d, + 0x1d, 0xd2, 0xad, 0x61, 0xff, 0x9f, 0x52, 0xca, 0x20, 0x5b, 0x8d, 0x08, 0x41, 0x01, 0x54, 0xfc, + 0xa0, 0xa9, 0x64, 0xff, 0x95, 0x62, 0x64, 0xff, 0xb5, 0xa0, 0x69, 0x94, 0x67, 0xa1, 0xff, 0x62, + 0xcc, 0xf9, 0xb0, 0xfa, 0x15, 0xb2, 0xd0, 0x07, 0x03, 0x88, 0x8d, 0x46, 0x91, 0x9c, 0x55, 0xfd, + 0x8a, 0x25, 0x93, 0x11, 0x4e, 0xf3, 0x45, 0x9b, 0x50, 0xd9, 0x08, 0xe2, 0x44, 0x6e, 0x3f, 0x8e, + 0xb8, 0xd3, 0xb9, 0x1c, 0xc4, 0x09, 0xb3, 0x22, 0xd4, 0x6b, 0xd3, 0x96, 0x18, 0x73, 0x1e, 0xf6, + 0x7f, 0xb5, 0x52, 0x3e, 0xf4, 0x9b, 0x2c, 0xf2, 0x76, 0x8b, 0xf8, 0x74, 0x59, 0x9b, 0xa1, 0x46, + 0x3f, 0x92, 0xc9, 0x63, 0x7c, 0x47, 0xaf, 0xc2, 0x5a, 0xb7, 0x29, 0x85, 0x49, 0x46, 0xc2, 0x88, + 0x4a, 0xfa, 0x84, 0x95, 0xce, 0x28, 0x2d, 0x15, 0xb1, 0xc1, 0x30, 0xb3, 0xaa, 0xf7, 0x4d, 0x4e, + 0xb5, 0xbf, 0x64, 0xc1, 0x50, 0xdd, 0x69, 0x6c, 0x06, 0xeb, 0xeb, 0xe8, 0x69, 0xa8, 0x36, 0x3b, + 0x91, 0x99, 0xdc, 0xaa, 0x1c, 0x07, 0xb3, 0xa2, 0x1d, 0x2b, 0x0c, 0x3a, 0x87, 0xd7, 0x9d, 0x86, + 0xcc, 0xad, 0x2e, 0xf3, 0x39, 0x7c, 0x89, 0xb5, 0x60, 0x01, 0x41, 0xcf, 0xc3, 0x70, 0xdb, 0xd9, + 0x96, 0x0f, 0x67, 0x1d, 0xf8, 0x8b, 0x1a, 0x84, 0x4d, 0x3c, 0xfb, 0x5f, 0x59, 0x30, 0x5e, 0x77, + 0x62, 0xb7, 0x31, 0xdd, 0x49, 0x36, 0xea, 0x6e, 0xb2, 0xd6, 0x69, 0x6c, 0x92, 0x84, 0x27, 0xd4, + 0xd3, 0x5e, 0x76, 0x62, 0xba, 0x94, 0xd4, 0xbe, 0x4e, 0xf5, 0xf2, 0xba, 0x68, 0xc7, 0x0a, 0x03, + 0xbd, 0x0e, 0xc3, 0xa1, 0x13, 0xc7, 0xb7, 0x83, 0xa8, 0x89, 0xc9, 0x7a, 0x31, 0xe5, 0x2c, 0x56, + 0x48, 0x23, 0x22, 0x09, 0x26, 0xeb, 0xe2, 0x90, 0x59, 0xd3, 0xc7, 0x26, 0x33, 0xfb, 0x0b, 0x16, + 0x3c, 0x52, 0x27, 0x4e, 0x44, 0x22, 0x56, 0xfd, 0x42, 0xbd, 0xc8, 0x8c, 0x17, 0x74, 0x9a, 0xe8, + 0x35, 0xa8, 0x26, 0xb4, 0x99, 0x76, 0xcb, 0x2a, 0xb6, 0x5b, 0xec, 0x8c, 0x78, 0x55, 0x10, 0xc7, + 0x8a, 0x8d, 0xfd, 0x37, 0x2d, 0x18, 0x61, 0xc7, 0x6d, 0xb3, 0x24, 0x71, 0x5c, 0xaf, 0xab, 0x48, + 0x94, 0xd5, 0x67, 0x91, 0xa8, 0xf3, 0x30, 0xb0, 0x11, 0xb4, 0x49, 0xf6, 0xa8, 0xf8, 0x72, 0x40, + 0xb7, 0xd5, 0x14, 0x82, 0x9e, 0xa5, 0x1f, 0xde, 0xf5, 0x13, 0x87, 0x2e, 0x01, 0xe9, 0xce, 0x3d, + 0xc1, 0x3f, 0xba, 0x6a, 0xc6, 0x26, 0x8e, 0xfd, 0x5b, 0x35, 0x18, 0x12, 0xf1, 0x04, 0x7d, 0x17, + 0x55, 0x90, 0xfb, 0xfb, 0x52, 0xcf, 0xfd, 0x7d, 0x0c, 0x83, 0x0d, 0x56, 0xad, 0x4e, 0x98, 0x91, + 0x57, 0x0b, 0x09, 0x40, 0xe1, 0x05, 0xf0, 0x74, 0xb7, 0xf8, 0x7f, 0x2c, 0x58, 0xa1, 0x2f, 0x5a, + 0x70, 0xa2, 0x11, 0xf8, 0x3e, 0x69, 0x68, 0x1b, 0x67, 0xa0, 0x88, 0x38, 0x83, 0x99, 0x34, 0x51, + 0x7d, 0xd6, 0x93, 0x01, 0xe0, 0x2c, 0x7b, 0xf4, 0x22, 0x8c, 0xf2, 0x31, 0xbb, 0x91, 0xf2, 0x41, + 0xeb, 0xda, 0x41, 0x26, 0x10, 0xa7, 0x71, 0xd1, 0x24, 0xf7, 0xe5, 0x8b, 0x2a, 0x3d, 0x83, 0xda, + 0x55, 0x67, 0xd4, 0xe7, 0x31, 0x30, 0x50, 0x04, 0x28, 0x22, 0xeb, 0x11, 0x89, 0x37, 0x44, 0xbc, + 0x05, 0xb3, 0xaf, 0x86, 0x0e, 0x97, 0x80, 0x8d, 0xbb, 0x28, 0xe1, 0x1c, 0xea, 0x68, 0x53, 0x6c, + 0x30, 0xab, 0x45, 0xc8, 0x50, 0xf1, 0x99, 0x7b, 0xee, 0x33, 0x27, 0xa0, 0x12, 0x6f, 0x38, 0x51, + 0x93, 0xd9, 0x75, 0x65, 0x9e, 0xf4, 0xb3, 0x42, 0x1b, 0x30, 0x6f, 0x47, 0xb3, 0x70, 0x32, 0x53, + 0xf9, 0x28, 0x16, 0xbe, 0x62, 0x95, 0xe0, 0x91, 0xa9, 0x99, 0x14, 0xe3, 0xae, 0x27, 0x4c, 0xe7, + 0xc3, 0xf0, 0x3e, 0xce, 0x87, 0x1d, 0x15, 0xd5, 0xc7, 0xbd, 0xb8, 0x2f, 0x15, 0x32, 0x00, 0x7d, + 0x85, 0xf0, 0x7d, 0x3e, 0x13, 0xc2, 0x37, 0xca, 0x3a, 0x70, 0xa3, 0x98, 0x0e, 0x1c, 0x3c, 0x5e, + 0xef, 0x7e, 0xc6, 0xdf, 0xfd, 0xb9, 0x05, 0xf2, 0xbb, 0xce, 0x38, 0x8d, 0x0d, 0x42, 0xa7, 0x0c, + 0x7a, 0x1f, 0x8c, 0xa9, 0x2d, 0xf4, 0x4c, 0xd0, 0xf1, 0x79, 0xe8, 0x5d, 0x59, 0x1f, 0x0a, 0xe3, + 0x14, 0x14, 0x67, 0xb0, 0xd1, 0x14, 0xd4, 0xe8, 0x38, 0xf1, 0x47, 0xb9, 0xae, 0x55, 0xdb, 0xf4, + 0xe9, 0xe5, 0x79, 0xf1, 0x94, 0xc6, 0x41, 0x01, 0x9c, 0xf2, 0x9c, 0x38, 0x61, 0x3d, 0xa0, 0x3b, + 0xea, 0x43, 0x96, 0x3f, 0x60, 0x59, 0x04, 0x0b, 0x59, 0x42, 0xb8, 0x9b, 0xb6, 0xfd, 0xed, 0x01, + 0x18, 0x4d, 0x49, 0xc6, 0x03, 0x2a, 0xe9, 0xa7, 0xa1, 0x2a, 0xf5, 0x66, 0xb6, 0x50, 0x8b, 0x52, + 0xae, 0x0a, 0x83, 0x2a, 0xad, 0x35, 0xad, 0x55, 0xb3, 0x46, 0x85, 0xa1, 0x70, 0xb1, 0x89, 0xc7, + 0x84, 0x72, 0xe2, 0xc5, 0x33, 0x9e, 0x4b, 0xfc, 0x84, 0x77, 0xb3, 0x18, 0xa1, 0xbc, 0xba, 0xb0, + 0x62, 0x12, 0xd5, 0x42, 0x39, 0x03, 0xc0, 0x59, 0xf6, 0xe8, 0xd3, 0x16, 0x8c, 0x3a, 0xb7, 0x63, + 0x5d, 0x52, 0x55, 0x04, 0xeb, 0x1d, 0x51, 0x49, 0xa5, 0xaa, 0xb4, 0x72, 0x97, 0x6f, 0xaa, 0x09, + 0xa7, 0x99, 0xa2, 0x37, 0x2d, 0x40, 0x64, 0x9b, 0x34, 0x64, 0x38, 0xa1, 0xe8, 0xcb, 0x60, 0x11, + 0x3b, 0xcd, 0x8b, 0x5d, 0x74, 0xb9, 0x54, 0xef, 0x6e, 0xc7, 0x39, 0x7d, 0xb0, 0xff, 0x79, 0x59, + 0x2d, 0x28, 0x1d, 0xc1, 0xea, 0x18, 0x91, 0x74, 0xd6, 0xe1, 0x23, 0xe9, 0x74, 0x44, 0x42, 0x77, + 0x56, 0x65, 0x2a, 0x09, 0xab, 0x74, 0x9f, 0x92, 0xb0, 0x7e, 0xda, 0x4a, 0x95, 0x24, 0x1a, 0xbe, + 0xf0, 0x72, 0xb1, 0xd1, 0xb3, 0x93, 0x3c, 0x5a, 0x22, 0x23, 0xdd, 0xd3, 0x41, 0x32, 0x54, 0x9a, + 0x1a, 0x68, 0x07, 0x92, 0x86, 0xff, 0xa1, 0x0c, 0xc3, 0x86, 0x26, 0xcd, 0x35, 0x8b, 0xac, 0x07, + 0xcc, 0x2c, 0x2a, 0x1d, 0xc0, 0x2c, 0xfa, 0x29, 0xa8, 0x35, 0xa4, 0x94, 0x2f, 0xa6, 0x28, 0x6f, + 0x56, 0x77, 0x68, 0x41, 0xaf, 0x9a, 0xb0, 0xe6, 0x89, 0xe6, 0x52, 0xa9, 0x3b, 0x42, 0x43, 0x0c, + 0x30, 0x0d, 0x91, 0x97, 0x5b, 0x23, 0x34, 0x45, 0xf7, 0x33, 0xac, 0x72, 0x55, 0xe8, 0x8a, 0xf7, + 0x92, 0x31, 0xee, 0xbc, 0x72, 0xd5, 0xf2, 0xbc, 0x6c, 0xc6, 0x26, 0x8e, 0xfd, 0x6d, 0x4b, 0x7d, + 0xdc, 0x7b, 0x50, 0xa3, 0xe1, 0x56, 0xba, 0x46, 0xc3, 0xc5, 0x42, 0x86, 0xb9, 0x47, 0x71, 0x86, + 0x6b, 0x30, 0x34, 0x13, 0xb4, 0xdb, 0x8e, 0xdf, 0x44, 0x3f, 0x04, 0x43, 0x0d, 0xfe, 0x53, 0x38, + 0x76, 0xd8, 0xf1, 0xa0, 0x80, 0x62, 0x09, 0x43, 0x8f, 0xc2, 0x80, 0x13, 0xb5, 0xa4, 0x33, 0x87, + 0x05, 0xd7, 0x4c, 0x47, 0xad, 0x18, 0xb3, 0x56, 0xfb, 0x1f, 0x0f, 0x00, 0x3b, 0xd3, 0x76, 0x22, + 0xd2, 0x5c, 0x0d, 0x58, 0x51, 0xc0, 0x63, 0x3d, 0x54, 0xd3, 0x9b, 0xa5, 0x07, 0xf9, 0x60, 0xcd, + 0x38, 0x5c, 0x29, 0xdf, 0xe3, 0xc3, 0x95, 0x1e, 0xe7, 0x65, 0x03, 0x0f, 0xd0, 0x79, 0x99, 0xfd, + 0x39, 0x0b, 0x90, 0x0a, 0x84, 0xd0, 0x07, 0xda, 0x53, 0x50, 0x53, 0x21, 0x11, 0xc2, 0xb0, 0xd2, + 0x22, 0x42, 0x02, 0xb0, 0xc6, 0xe9, 0x63, 0x87, 0xfc, 0x84, 0x94, 0xdf, 0xe5, 0x74, 0x5c, 0x2e, + 0x93, 0xfa, 0x42, 0x9c, 0xdb, 0xbf, 0x5d, 0x82, 0x87, 0xb8, 0x4a, 0x5e, 0x74, 0x7c, 0xa7, 0x45, + 0xda, 0xb4, 0x57, 0xfd, 0x86, 0x28, 0x34, 0xe8, 0xd6, 0xcc, 0x95, 0x71, 0xb6, 0x47, 0x5d, 0xbb, + 0x7c, 0xcd, 0xf1, 0x55, 0x36, 0xef, 0xbb, 0x09, 0x66, 0xc4, 0x51, 0x0c, 0x55, 0x59, 0xb1, 0x5e, + 0xc8, 0xe2, 0x82, 0x18, 0x29, 0xb1, 0x24, 0xf4, 0x26, 0xc1, 0x8a, 0x11, 0x35, 0x5c, 0xbd, 0xa0, + 0xb1, 0x89, 0x49, 0x18, 0x30, 0xb9, 0x6b, 0x84, 0x39, 0x2e, 0x88, 0x76, 0xac, 0x30, 0xec, 0xdf, + 0xb6, 0x20, 0xab, 0x91, 0x8c, 0xea, 0x6b, 0xd6, 0x9e, 0xd5, 0xd7, 0x0e, 0x50, 0xfe, 0xec, 0x27, + 0x60, 0xd8, 0x49, 0xa8, 0x11, 0xc1, 0xb7, 0xdd, 0xe5, 0xc3, 0x1d, 0x6b, 0x2c, 0x06, 0x4d, 0x77, + 0xdd, 0x65, 0xdb, 0x6d, 0x93, 0x9c, 0xfd, 0x3f, 0x07, 0xe0, 0x54, 0x57, 0x36, 0x08, 0x7a, 0x01, + 0x46, 0x1a, 0x62, 0x7a, 0x84, 0xd2, 0xa1, 0x55, 0x33, 0xc3, 0xe2, 0x34, 0x0c, 0xa7, 0x30, 0xfb, + 0x98, 0xa0, 0xf3, 0x70, 0x3a, 0xa2, 0x1b, 0xfd, 0x0e, 0x99, 0x5e, 0x4f, 0x48, 0xb4, 0x42, 0x1a, + 0x81, 0xdf, 0xe4, 0x35, 0x02, 0xcb, 0xf5, 0x87, 0xef, 0xec, 0x4e, 0x9c, 0xc6, 0xdd, 0x60, 0x9c, + 0xf7, 0x0c, 0x0a, 0x61, 0xd4, 0x33, 0x6d, 0x40, 0xb1, 0x01, 0x38, 0x94, 0xf9, 0xa8, 0x6c, 0x84, + 0x54, 0x33, 0x4e, 0x33, 0x48, 0x1b, 0x92, 0x95, 0xfb, 0x64, 0x48, 0x7e, 0x4a, 0x1b, 0x92, 0xfc, + 0xfc, 0xfd, 0x43, 0x05, 0x67, 0x03, 0x1d, 0xb7, 0x25, 0xf9, 0x12, 0x54, 0x65, 0x6c, 0x52, 0x5f, + 0x31, 0x3d, 0x26, 0x9d, 0x1e, 0x12, 0xed, 0x49, 0xf8, 0xc1, 0x8b, 0x51, 0x64, 0x0c, 0xe6, 0xb5, + 0x20, 0x99, 0xf6, 0xbc, 0xe0, 0x36, 0x55, 0xd2, 0xd7, 0x63, 0x22, 0x3c, 0x2c, 0xf6, 0xdd, 0x12, + 0xe4, 0x6c, 0x56, 0xe8, 0x7a, 0xd4, 0x96, 0x41, 0x6a, 0x3d, 0x1e, 0xcc, 0x3a, 0x40, 0xdb, 0x3c, + 0x7e, 0x8b, 0xeb, 0xc0, 0x0f, 0x16, 0xbd, 0xd9, 0xd2, 0x21, 0x5d, 0x2a, 0x99, 0x42, 0x85, 0x75, + 0x5d, 0x00, 0xd0, 0x06, 0x9d, 0x08, 0x95, 0x57, 0xc7, 0xc3, 0xda, 0xee, 0xc3, 0x06, 0x16, 0xdd, + 0x7b, 0xbb, 0x7e, 0x9c, 0x38, 0x9e, 0x77, 0xd9, 0xf5, 0x13, 0xe1, 0x44, 0x54, 0xca, 0x7e, 0x5e, + 0x83, 0xb0, 0x89, 0x77, 0xee, 0x3d, 0xc6, 0xf7, 0x3b, 0xc8, 0x77, 0xdf, 0x80, 0x47, 0xe6, 0xdc, + 0x44, 0x25, 0x78, 0xa8, 0xf9, 0x46, 0xed, 0x35, 0x95, 0xb0, 0x64, 0xf5, 0x4c, 0x58, 0x32, 0x12, + 0x2c, 0x4a, 0xe9, 0x7c, 0x90, 0x6c, 0x82, 0x85, 0xfd, 0x02, 0x9c, 0x99, 0x73, 0x93, 0x4b, 0xae, + 0x47, 0x0e, 0xc8, 0xc4, 0xfe, 0xcd, 0x41, 0x18, 0x31, 0x53, 0x04, 0x0f, 0x92, 0x73, 0xf5, 0x05, + 0x6a, 0x92, 0x89, 0xb7, 0x73, 0xd5, 0xe1, 0xda, 0xcd, 0x23, 0xe7, 0x2b, 0xe6, 0x8f, 0x98, 0x61, + 0x95, 0x69, 0x9e, 0xd8, 0xec, 0x00, 0xba, 0x0d, 0x95, 0x75, 0x96, 0x00, 0x50, 0x2e, 0x22, 0x02, + 0x21, 0x6f, 0x44, 0xf5, 0x72, 0xe4, 0x29, 0x04, 0x9c, 0x1f, 0xd5, 0xa4, 0x51, 0x3a, 0xab, 0xcc, + 0x08, 0x5a, 0x15, 0xf9, 0x64, 0x0a, 0xa3, 0x97, 0x4a, 0xa8, 0x1c, 0x42, 0x25, 0xa4, 0x04, 0xf4, + 0xe0, 0x7d, 0x12, 0xd0, 0x2c, 0x99, 0x23, 0xd9, 0x60, 0x76, 0x9e, 0x88, 0xb2, 0x1f, 0x62, 0x83, + 0x60, 0x24, 0x73, 0xa4, 0xc0, 0x38, 0x8b, 0x8f, 0x3e, 0xae, 0x44, 0x7c, 0xb5, 0x08, 0xff, 0xab, + 0x39, 0xa3, 0x8f, 0x5b, 0xba, 0x7f, 0xae, 0x04, 0x63, 0x73, 0x7e, 0x67, 0x79, 0x6e, 0xb9, 0xb3, + 0xe6, 0xb9, 0x8d, 0xab, 0x64, 0x87, 0x8a, 0xf0, 0x4d, 0xb2, 0x33, 0x3f, 0x2b, 0x56, 0x90, 0x9a, + 0x33, 0x57, 0x69, 0x23, 0xe6, 0x30, 0x2a, 0x8c, 0xd6, 0x5d, 0xbf, 0x45, 0xa2, 0x30, 0x72, 0x85, + 0x6b, 0xd4, 0x10, 0x46, 0x97, 0x34, 0x08, 0x9b, 0x78, 0x94, 0x76, 0x70, 0xdb, 0x27, 0x51, 0xd6, + 0xe0, 0x5d, 0xa2, 0x8d, 0x98, 0xc3, 0x28, 0x52, 0x12, 0x75, 0xe2, 0x44, 0x4c, 0x46, 0x85, 0xb4, + 0x4a, 0x1b, 0x31, 0x87, 0xd1, 0x95, 0x1e, 0x77, 0xd6, 0x58, 0x80, 0x47, 0x26, 0xa4, 0x7f, 0x85, + 0x37, 0x63, 0x09, 0xa7, 0xa8, 0x9b, 0x64, 0x67, 0x96, 0xee, 0x8e, 0x33, 0x99, 0x3d, 0x57, 0x79, + 0x33, 0x96, 0x70, 0x56, 0x04, 0x31, 0x3d, 0x1c, 0xdf, 0x73, 0x45, 0x10, 0xd3, 0xdd, 0xef, 0xb1, + 0xcf, 0xfe, 0x65, 0x0b, 0x46, 0xcc, 0xb0, 0x2c, 0xd4, 0xca, 0xd8, 0xc2, 0x4b, 0x5d, 0x35, 0x74, + 0x7f, 0x2c, 0xef, 0x02, 0xb2, 0x96, 0x9b, 0x04, 0x61, 0xfc, 0x0c, 0xf1, 0x5b, 0xae, 0x4f, 0xd8, + 0x69, 0x3b, 0x0f, 0xe7, 0x4a, 0xc5, 0x7c, 0xcd, 0x04, 0x4d, 0x72, 0x08, 0x63, 0xda, 0xbe, 0x09, + 0xa7, 0xba, 0xd2, 0xb9, 0xfa, 0x30, 0x41, 0xf6, 0x4d, 0xa6, 0xb5, 0x31, 0x0c, 0x53, 0xc2, 0xb2, + 0x10, 0xcf, 0x0c, 0x9c, 0xe2, 0x0b, 0x89, 0x72, 0x5a, 0x69, 0x6c, 0x90, 0xb6, 0x4a, 0xd1, 0x63, + 0x7e, 0xf8, 0x1b, 0x59, 0x20, 0xee, 0xc6, 0xb7, 0x3f, 0x6f, 0xc1, 0x68, 0x2a, 0xc3, 0xae, 0x20, + 0x63, 0x89, 0xad, 0xb4, 0x80, 0x45, 0x09, 0xb2, 0x50, 0xe9, 0x32, 0x53, 0xa6, 0x7a, 0xa5, 0x69, + 0x10, 0x36, 0xf1, 0xec, 0x2f, 0x95, 0xa0, 0x2a, 0x23, 0x2d, 0xfa, 0xe8, 0xca, 0x67, 0x2d, 0x18, + 0x55, 0x67, 0x1f, 0xcc, 0xa9, 0x56, 0x2a, 0x22, 0x1d, 0x82, 0xf6, 0x40, 0x6d, 0xcb, 0xfd, 0xf5, + 0x40, 0x5b, 0xee, 0xd8, 0x64, 0x86, 0xd3, 0xbc, 0xd1, 0x0d, 0x80, 0x78, 0x27, 0x4e, 0x48, 0xdb, + 0x70, 0xef, 0xd9, 0xc6, 0x8a, 0x9b, 0x6c, 0x04, 0x11, 0xa1, 0xeb, 0xeb, 0x5a, 0xd0, 0x24, 0x2b, + 0x0a, 0x53, 0x9b, 0x50, 0xba, 0x0d, 0x1b, 0x94, 0xec, 0x7f, 0x58, 0x82, 0x93, 0xd9, 0x2e, 0xa1, + 0x0f, 0xc1, 0x88, 0xe4, 0x6e, 0xdc, 0xa5, 0x26, 0xc3, 0x4b, 0x46, 0xb0, 0x01, 0xbb, 0xbb, 0x3b, + 0x31, 0xd1, 0x7d, 0x99, 0xdd, 0xa4, 0x89, 0x82, 0x53, 0xc4, 0xf8, 0x01, 0x94, 0x38, 0x29, 0xad, + 0xef, 0x4c, 0x87, 0xa1, 0x38, 0x45, 0x32, 0x0e, 0xa0, 0x4c, 0x28, 0xce, 0x60, 0xa3, 0x65, 0x38, + 0x63, 0xb4, 0x5c, 0x23, 0x6e, 0x6b, 0x63, 0x2d, 0x88, 0xe4, 0x0e, 0xec, 0x51, 0x1d, 0x00, 0xd6, + 0x8d, 0x83, 0x73, 0x9f, 0xa4, 0xda, 0xbe, 0xe1, 0x84, 0x4e, 0xc3, 0x4d, 0x76, 0x84, 0xbf, 0x52, + 0xc9, 0xa6, 0x19, 0xd1, 0x8e, 0x15, 0x86, 0xbd, 0x08, 0x03, 0x7d, 0xce, 0xa0, 0xbe, 0x2c, 0xff, + 0x97, 0xa0, 0x4a, 0xc9, 0x49, 0xf3, 0xae, 0x08, 0x92, 0x01, 0x54, 0xe5, 0x1d, 0x27, 0xc8, 0x86, + 0xb2, 0xeb, 0xc8, 0x33, 0x3e, 0xf5, 0x5a, 0xf3, 0x71, 0xdc, 0x61, 0x9b, 0x69, 0x0a, 0x44, 0x4f, + 0x40, 0x99, 0x6c, 0x87, 0xd9, 0xc3, 0xbc, 0x8b, 0xdb, 0xa1, 0x1b, 0x91, 0x98, 0x22, 0x91, 0xed, + 0x10, 0x9d, 0x83, 0x92, 0xdb, 0x14, 0x4a, 0x0a, 0x04, 0x4e, 0x69, 0x7e, 0x16, 0x97, 0xdc, 0xa6, + 0xbd, 0x0d, 0x35, 0x75, 0xa9, 0x0a, 0xda, 0x94, 0xb2, 0xdb, 0x2a, 0x22, 0x34, 0x4a, 0xd2, 0xed, + 0x21, 0xb5, 0x3b, 0x00, 0x3a, 0xd5, 0xb0, 0x28, 0xf9, 0x72, 0x1e, 0x06, 0x1a, 0x81, 0x48, 0x83, + 0xae, 0x6a, 0x32, 0x4c, 0x68, 0x33, 0x88, 0x7d, 0x13, 0xc6, 0xae, 0xfa, 0xc1, 0x6d, 0x56, 0x11, + 0x9e, 0x15, 0x40, 0xa3, 0x84, 0xd7, 0xe9, 0x8f, 0xac, 0x89, 0xc0, 0xa0, 0x98, 0xc3, 0x54, 0x65, + 0xa8, 0x52, 0xaf, 0xca, 0x50, 0xf6, 0x27, 0x2c, 0x18, 0x51, 0x39, 0x4b, 0x73, 0x5b, 0x9b, 0x94, + 0x6e, 0x2b, 0x0a, 0x3a, 0x61, 0x96, 0x2e, 0xbb, 0xf6, 0x08, 0x73, 0x98, 0x99, 0xcc, 0x57, 0xda, + 0x27, 0x99, 0xef, 0x3c, 0x0c, 0x6c, 0xba, 0x7e, 0x33, 0x7b, 0x8f, 0xc7, 0x55, 0xd7, 0x6f, 0x62, + 0x06, 0xa1, 0x5d, 0x38, 0xa9, 0xba, 0x20, 0x15, 0xc2, 0x0b, 0x30, 0xb2, 0xd6, 0x71, 0xbd, 0xa6, + 0xac, 0xec, 0x96, 0xf1, 0xa8, 0xd4, 0x0d, 0x18, 0x4e, 0x61, 0xd2, 0x7d, 0xdd, 0x9a, 0xeb, 0x3b, + 0xd1, 0xce, 0xb2, 0xd6, 0x40, 0x4a, 0x28, 0xd5, 0x15, 0x04, 0x1b, 0x58, 0xf6, 0x1b, 0x65, 0x18, + 0x4b, 0x67, 0x6e, 0xf5, 0xb1, 0xbd, 0x7a, 0x02, 0x2a, 0x2c, 0x99, 0x2b, 0xfb, 0x69, 0x79, 0x31, + 0x34, 0x0e, 0x43, 0x31, 0x0c, 0xf2, 0x32, 0x10, 0xc5, 0xdc, 0x81, 0xa3, 0x3a, 0xa9, 0xfc, 0x30, + 0x2c, 0xee, 0x4c, 0x54, 0x9e, 0x10, 0xac, 0xd0, 0xa7, 0x2d, 0x18, 0x0a, 0x42, 0xb3, 0xa2, 0xd0, + 0x07, 0x8b, 0xcc, 0x6a, 0x13, 0x49, 0x35, 0xc2, 0x22, 0x56, 0x9f, 0x5e, 0x7e, 0x0e, 0xc9, 0xfa, + 0xdc, 0x7b, 0x61, 0xc4, 0xc4, 0xdc, 0xcf, 0x28, 0xae, 0x9a, 0x46, 0xf1, 0x67, 0xcd, 0x49, 0x21, + 0xf2, 0xf6, 0xfa, 0x58, 0x6e, 0xd7, 0xa1, 0xd2, 0x50, 0x81, 0x02, 0x87, 0xaa, 0x07, 0xaa, 0xea, + 0x32, 0xb0, 0xc3, 0x22, 0x4e, 0xcd, 0xfe, 0xb6, 0x65, 0xcc, 0x0f, 0x4c, 0xe2, 0xf9, 0x26, 0x8a, + 0xa0, 0xdc, 0xda, 0xda, 0x14, 0xa6, 0xe8, 0x95, 0x82, 0x86, 0x77, 0x6e, 0x6b, 0x53, 0xcf, 0x71, + 0xb3, 0x15, 0x53, 0x66, 0x7d, 0x38, 0x0b, 0x53, 0xe9, 0x9d, 0xe5, 0xfd, 0xd3, 0x3b, 0xed, 0x37, + 0x4b, 0x70, 0xaa, 0x6b, 0x52, 0xa1, 0xd7, 0xa1, 0x12, 0xd1, 0xb7, 0x14, 0xaf, 0xb7, 0x50, 0x58, + 0x42, 0x66, 0x3c, 0xdf, 0xd4, 0x7a, 0x37, 0xdd, 0x8e, 0x39, 0x4b, 0x74, 0x05, 0x90, 0x0e, 0x67, + 0x51, 0x9e, 0x4a, 0xfe, 0xca, 0xe7, 0xc4, 0xa3, 0x68, 0xba, 0x0b, 0x03, 0xe7, 0x3c, 0x85, 0x5e, + 0xcc, 0x3a, 0x3c, 0xcb, 0xe9, 0xf3, 0xcd, 0xbd, 0x7c, 0x97, 0xf6, 0xbf, 0x28, 0xc1, 0x68, 0xaa, + 0xc0, 0x13, 0xf2, 0xa0, 0x4a, 0x3c, 0xe6, 0xfc, 0x97, 0xca, 0xe6, 0xa8, 0xf5, 0x92, 0x95, 0x82, + 0xbc, 0x28, 0xe8, 0x62, 0xc5, 0xe1, 0xc1, 0x38, 0x84, 0x7f, 0x01, 0x46, 0x64, 0x87, 0x3e, 0xe8, + 0xb4, 0x3d, 0x31, 0x80, 0x6a, 0x8e, 0x5e, 0x34, 0x60, 0x38, 0x85, 0x69, 0xff, 0x4e, 0x19, 0xc6, + 0xf9, 0x69, 0x49, 0x53, 0xcd, 0xbc, 0x45, 0xb9, 0xdf, 0xfa, 0xab, 0xba, 0x0c, 0x1b, 0x1f, 0xc8, + 0xb5, 0xa3, 0x5e, 0x4f, 0x90, 0xcf, 0xa8, 0xaf, 0x08, 0xae, 0xaf, 0x66, 0x22, 0xb8, 0xb8, 0xd9, + 0xdd, 0x3a, 0xa6, 0x1e, 0x7d, 0x6f, 0x85, 0x74, 0xfd, 0xbd, 0x12, 0x9c, 0xc8, 0xdc, 0xfd, 0x80, + 0xde, 0x48, 0x97, 0x0b, 0xb6, 0x8a, 0xf0, 0xa9, 0xef, 0x79, 0x1d, 0xc0, 0xc1, 0x8a, 0x06, 0xdf, + 0xa7, 0xa5, 0x62, 0xff, 0x41, 0x09, 0xc6, 0xd2, 0x97, 0x56, 0x3c, 0x80, 0x23, 0xf5, 0x2e, 0xa8, + 0xb1, 0xba, 0xec, 0xec, 0x32, 0x4e, 0xee, 0x92, 0xe7, 0x25, 0xb0, 0x65, 0x23, 0xd6, 0xf0, 0x07, + 0xa2, 0x16, 0xb3, 0xfd, 0xf7, 0x2d, 0x38, 0xcb, 0xdf, 0x32, 0x3b, 0x0f, 0xff, 0x5a, 0xde, 0xe8, + 0xbe, 0x52, 0x6c, 0x07, 0x33, 0xe5, 0x03, 0xf7, 0x1b, 0x5f, 0x76, 0x09, 0xa0, 0xe8, 0x6d, 0x7a, + 0x2a, 0x3c, 0x80, 0x9d, 0x3d, 0xd0, 0x64, 0xb0, 0xff, 0xa0, 0x0c, 0xfa, 0xde, 0x43, 0xe4, 0x8a, + 0x5c, 0xc8, 0x42, 0xca, 0x28, 0xae, 0xec, 0xf8, 0x0d, 0x7d, 0xc3, 0x62, 0x35, 0x93, 0x0a, 0xf9, + 0x73, 0x16, 0x0c, 0xbb, 0xbe, 0x9b, 0xb8, 0x0e, 0xdb, 0x46, 0x17, 0x73, 0x27, 0x9b, 0x62, 0x37, + 0xcf, 0x29, 0x07, 0x91, 0x79, 0x8e, 0xa3, 0x98, 0x61, 0x93, 0x33, 0xfa, 0x88, 0x08, 0xb2, 0x2e, + 0x17, 0x96, 0xc5, 0x5b, 0xcd, 0x44, 0x56, 0x87, 0xd4, 0xf0, 0x4a, 0xa2, 0x82, 0x92, 0xdf, 0x31, + 0x25, 0xa5, 0x2a, 0xf2, 0xea, 0x1b, 0xa8, 0x69, 0x33, 0xe6, 0x8c, 0xec, 0x18, 0x50, 0xf7, 0x58, + 0x1c, 0x30, 0x80, 0x75, 0x0a, 0x6a, 0x4e, 0x27, 0x09, 0xda, 0x74, 0x98, 0xc4, 0x51, 0x93, 0x0e, + 0xd1, 0x95, 0x00, 0xac, 0x71, 0xec, 0x37, 0x2a, 0x90, 0x49, 0x4e, 0x44, 0xdb, 0xe6, 0x9d, 0x9d, + 0x56, 0xb1, 0x77, 0x76, 0xaa, 0xce, 0xe4, 0xdd, 0xdb, 0x89, 0x5a, 0x50, 0x09, 0x37, 0x9c, 0x58, + 0x9a, 0xd5, 0x2f, 0xa9, 0x7d, 0x1c, 0x6d, 0xbc, 0xbb, 0x3b, 0xf1, 0xe3, 0xfd, 0x79, 0x5d, 0xe9, + 0x5c, 0x9d, 0xe2, 0x65, 0x4e, 0x34, 0x6b, 0x46, 0x03, 0x73, 0xfa, 0x07, 0xb9, 0x95, 0xee, 0x93, + 0xa2, 0x00, 0x3d, 0x26, 0x71, 0xc7, 0x4b, 0xc4, 0x6c, 0x78, 0xa9, 0xc0, 0x55, 0xc6, 0x09, 0xeb, + 0xb4, 0x7a, 0xfe, 0x1f, 0x1b, 0x4c, 0xd1, 0x87, 0xa0, 0x16, 0x27, 0x4e, 0x94, 0x1c, 0x32, 0x11, + 0x56, 0x0d, 0xfa, 0x8a, 0x24, 0x82, 0x35, 0x3d, 0xf4, 0x32, 0xab, 0x2a, 0xeb, 0xc6, 0x1b, 0x87, + 0xcc, 0x8d, 0x90, 0x15, 0x68, 0x05, 0x05, 0x6c, 0x50, 0x43, 0x17, 0x00, 0xd8, 0xdc, 0xe6, 0x01, + 0x81, 0x55, 0xe6, 0x65, 0x52, 0xa2, 0x10, 0x2b, 0x08, 0x36, 0xb0, 0xec, 0x1f, 0x86, 0x74, 0x5d, + 0x08, 0x34, 0x21, 0xcb, 0x50, 0x70, 0x2f, 0x34, 0xcb, 0x71, 0x48, 0x55, 0x8c, 0xf8, 0x75, 0x0b, + 0xcc, 0xe2, 0x15, 0xe8, 0x35, 0x5e, 0x25, 0xc3, 0x2a, 0xe2, 0xe4, 0xd0, 0xa0, 0x3b, 0xb9, 0xe8, + 0x84, 0x99, 0x23, 0x6c, 0x59, 0x2a, 0xe3, 0xdc, 0x7b, 0xa0, 0x2a, 0xa1, 0x07, 0x32, 0xea, 0x3e, + 0x0e, 0xa7, 0xb3, 0x37, 0x9a, 0x8b, 0x53, 0xa7, 0xfd, 0x5d, 0x3f, 0xd2, 0x9f, 0x53, 0xea, 0xe5, + 0xcf, 0xe9, 0xe3, 0xe6, 0xd6, 0xdf, 0xb0, 0xe0, 0xfc, 0x7e, 0x17, 0xaf, 0xa3, 0x47, 0x61, 0xe0, + 0xb6, 0x13, 0xc9, 0x72, 0xdf, 0x4c, 0x50, 0xde, 0x74, 0x22, 0x1f, 0xb3, 0x56, 0xb4, 0x03, 0x83, + 0x3c, 0x6a, 0x4c, 0x58, 0xeb, 0x2f, 0x15, 0x7b, 0x0d, 0xfc, 0x55, 0x62, 0x6c, 0x17, 0x78, 0xc4, + 0x1a, 0x16, 0x0c, 0xed, 0xef, 0x58, 0x80, 0x96, 0xb6, 0x48, 0x14, 0xb9, 0x4d, 0x23, 0xce, 0x8d, + 0x5d, 0xe4, 0x62, 0x5c, 0xd8, 0x62, 0xa6, 0xc2, 0x66, 0x2e, 0x72, 0x31, 0xfe, 0xe5, 0x5f, 0xe4, + 0x52, 0x3a, 0xd8, 0x45, 0x2e, 0x68, 0x09, 0xce, 0xb6, 0xf9, 0x76, 0x83, 0x5f, 0x8e, 0xc0, 0xf7, + 0x1e, 0x2a, 0xf1, 0xec, 0x91, 0x3b, 0xbb, 0x13, 0x67, 0x17, 0xf3, 0x10, 0x70, 0xfe, 0x73, 0xf6, + 0x7b, 0x00, 0xf1, 0xf0, 0xb6, 0x99, 0xbc, 0x58, 0xa5, 0x9e, 0xee, 0x17, 0xfb, 0x2b, 0x15, 0x38, + 0x91, 0x29, 0x06, 0x4b, 0xb7, 0x7a, 0xdd, 0xc1, 0x51, 0x47, 0xd6, 0xdf, 0xdd, 0xdd, 0xeb, 0x2b, + 0xdc, 0xca, 0x87, 0x8a, 0xeb, 0x87, 0x9d, 0xa4, 0x98, 0x5c, 0x53, 0xde, 0x89, 0x79, 0x4a, 0xd0, + 0x70, 0x17, 0xd3, 0xbf, 0x98, 0xb3, 0x29, 0x32, 0x78, 0x2b, 0x65, 0x8c, 0x0f, 0xdc, 0x27, 0x77, + 0xc0, 0x27, 0x75, 0x28, 0x55, 0xa5, 0x08, 0xc7, 0x62, 0x66, 0xb2, 0x1c, 0xf7, 0x51, 0xfb, 0xaf, + 0x95, 0x60, 0xd8, 0xf8, 0x68, 0xe8, 0x97, 0xd2, 0xa5, 0x9d, 0xac, 0xe2, 0x5e, 0x89, 0xd1, 0x9f, + 0xd4, 0xc5, 0x9b, 0xf8, 0x2b, 0x3d, 0xd9, 0x5d, 0xd5, 0xe9, 0xee, 0xee, 0xc4, 0xc9, 0x4c, 0xdd, + 0xa6, 0x54, 0xa5, 0xa7, 0x73, 0x1f, 0x83, 0x13, 0x19, 0x32, 0x39, 0xaf, 0xbc, 0x9a, 0xbe, 0xb0, + 0xfe, 0x88, 0x6e, 0x29, 0x73, 0xc8, 0xbe, 0x41, 0x87, 0x4c, 0xa4, 0xdb, 0x05, 0x1e, 0xe9, 0xc3, + 0x07, 0x9b, 0xc9, 0xaa, 0x2d, 0xf5, 0x99, 0x55, 0xfb, 0x14, 0x54, 0xc3, 0xc0, 0x73, 0x1b, 0xae, + 0xaa, 0x7f, 0xc8, 0xf2, 0x78, 0x97, 0x45, 0x1b, 0x56, 0x50, 0x74, 0x1b, 0x6a, 0xea, 0x6e, 0x7f, + 0xe1, 0xdf, 0x2e, 0xea, 0xd0, 0x47, 0x19, 0x2d, 0xfa, 0xce, 0x7e, 0xcd, 0x0b, 0xd9, 0x30, 0xc8, + 0x94, 0xa0, 0x4c, 0x11, 0x60, 0xbe, 0x77, 0xa6, 0x1d, 0x63, 0x2c, 0x20, 0xf6, 0xd7, 0x6b, 0x70, + 0x26, 0xaf, 0x22, 0x37, 0xfa, 0x28, 0x0c, 0xf2, 0x3e, 0x16, 0x73, 0xe9, 0x43, 0x1e, 0x8f, 0x39, + 0x46, 0x50, 0x74, 0x8b, 0xfd, 0xc6, 0x82, 0xa7, 0xe0, 0xee, 0x39, 0x6b, 0x62, 0x86, 0x1c, 0x0f, + 0xf7, 0x05, 0x47, 0x73, 0x5f, 0x70, 0x38, 0x77, 0xcf, 0x59, 0x43, 0xdb, 0x50, 0x69, 0xb9, 0x09, + 0x71, 0x84, 0x13, 0xe1, 0xe6, 0xb1, 0x30, 0x27, 0x0e, 0xb7, 0xd2, 0xd8, 0x4f, 0xcc, 0x19, 0xa2, + 0xaf, 0x59, 0x70, 0x62, 0x2d, 0x9d, 0x42, 0x2f, 0x84, 0xa7, 0x73, 0x0c, 0x55, 0xd7, 0xd3, 0x8c, + 0xf8, 0x4d, 0x46, 0x99, 0x46, 0x9c, 0xed, 0x0e, 0xfa, 0x94, 0x05, 0x43, 0xeb, 0xae, 0x67, 0x14, + 0xe0, 0x3d, 0x86, 0x8f, 0x73, 0x89, 0x31, 0xd0, 0x3b, 0x0e, 0xfe, 0x3f, 0xc6, 0x92, 0x73, 0x2f, + 0x4d, 0x35, 0x78, 0x54, 0x4d, 0x35, 0x74, 0x9f, 0x34, 0xd5, 0x67, 0x2c, 0xa8, 0xa9, 0x91, 0x16, + 0x69, 0xd1, 0x1f, 0x3a, 0xc6, 0x4f, 0xce, 0x3d, 0x27, 0xea, 0x2f, 0xd6, 0xcc, 0xd1, 0x17, 0x2d, + 0x18, 0x76, 0x5e, 0xef, 0x44, 0xa4, 0x49, 0xb6, 0x82, 0x30, 0x16, 0xd7, 0x20, 0xbe, 0x52, 0x7c, + 0x67, 0xa6, 0x29, 0x93, 0x59, 0xb2, 0xb5, 0x14, 0xc6, 0x22, 0x7d, 0x49, 0x37, 0x60, 0xb3, 0x0b, + 0xf6, 0x6e, 0x09, 0x26, 0xf6, 0xa1, 0x80, 0x5e, 0x80, 0x91, 0x20, 0x6a, 0x39, 0xbe, 0xfb, 0xba, + 0x59, 0x13, 0x43, 0x59, 0x59, 0x4b, 0x06, 0x0c, 0xa7, 0x30, 0xcd, 0xc4, 0xed, 0xd2, 0x3e, 0x89, + 0xdb, 0xe7, 0x61, 0x20, 0x22, 0x61, 0x90, 0xdd, 0x2c, 0xb0, 0xd4, 0x01, 0x06, 0x41, 0x8f, 0x41, + 0xd9, 0x09, 0x5d, 0x11, 0x88, 0xa6, 0xf6, 0x40, 0xd3, 0xcb, 0xf3, 0x98, 0xb6, 0xa7, 0xea, 0x48, + 0x54, 0xee, 0x49, 0x1d, 0x09, 0xaa, 0x06, 0xc4, 0xd9, 0xc5, 0xa0, 0x56, 0x03, 0xe9, 0x33, 0x05, + 0xfb, 0xcd, 0x32, 0x3c, 0xb6, 0xe7, 0x7c, 0xd1, 0x71, 0x78, 0xd6, 0x1e, 0x71, 0x78, 0x72, 0x78, + 0x4a, 0xfb, 0x0d, 0x4f, 0xb9, 0xc7, 0xf0, 0x7c, 0x8a, 0x2e, 0x03, 0x59, 0x4b, 0xa4, 0x98, 0x8b, + 0xec, 0x7a, 0x95, 0x26, 0x11, 0x2b, 0x40, 0x42, 0xb1, 0xe6, 0x4b, 0xf7, 0x00, 0xa9, 0xa4, 0xe5, + 0x4a, 0x11, 0x6a, 0xa0, 0x67, 0x6d, 0x11, 0x3e, 0xf7, 0x7b, 0x65, 0x42, 0xdb, 0x3f, 0x5f, 0x82, + 0x27, 0xfa, 0x90, 0xde, 0xe6, 0x2c, 0xb6, 0xfa, 0x9c, 0xc5, 0xdf, 0xdb, 0x9f, 0xc9, 0xfe, 0xeb, + 0x16, 0x9c, 0xeb, 0xad, 0x3c, 0xd0, 0xb3, 0x30, 0xbc, 0x16, 0x39, 0x7e, 0x63, 0x83, 0x5d, 0xce, + 0x29, 0x07, 0x85, 0x8d, 0xb5, 0x6e, 0xc6, 0x26, 0x0e, 0xdd, 0xde, 0xf2, 0x98, 0x04, 0x03, 0x43, + 0x26, 0x99, 0xd2, 0xed, 0xed, 0x6a, 0x16, 0x88, 0xbb, 0xf1, 0xed, 0x3f, 0x2b, 0xe5, 0x77, 0x8b, + 0x1b, 0x19, 0x07, 0xf9, 0x4e, 0xe2, 0x2b, 0x94, 0xfa, 0x90, 0x25, 0xe5, 0x7b, 0x2d, 0x4b, 0x06, + 0x7a, 0xc9, 0x12, 0x34, 0x0b, 0x27, 0x8d, 0xcb, 0x5b, 0x78, 0xe2, 0x30, 0x0f, 0xb8, 0x55, 0xd5, + 0x34, 0x96, 0x33, 0x70, 0xdc, 0xf5, 0x04, 0x7a, 0x1a, 0xaa, 0xae, 0x1f, 0x93, 0x46, 0x27, 0xe2, + 0x81, 0xde, 0x46, 0xb2, 0xd6, 0xbc, 0x68, 0xc7, 0x0a, 0xc3, 0xfe, 0xe5, 0x12, 0x3c, 0xd2, 0xd3, + 0xce, 0xba, 0x47, 0xb2, 0xcb, 0xfc, 0x1c, 0x03, 0xf7, 0xe6, 0x73, 0x98, 0x83, 0x54, 0xd9, 0x77, + 0x90, 0xfe, 0xb0, 0xf7, 0xc4, 0xa4, 0x36, 0xf7, 0xf7, 0xed, 0x28, 0xbd, 0x08, 0xa3, 0x4e, 0x18, + 0x72, 0x3c, 0x16, 0xaf, 0x99, 0xa9, 0xa6, 0x33, 0x6d, 0x02, 0x71, 0x1a, 0xb7, 0x2f, 0xed, 0xf9, + 0xc7, 0x16, 0xd4, 0x30, 0x59, 0xe7, 0xd2, 0x01, 0xdd, 0x12, 0x43, 0x64, 0x15, 0x51, 0x77, 0x93, + 0x0e, 0x6c, 0xec, 0xb2, 0x7a, 0x94, 0x79, 0x83, 0xdd, 0x7d, 0xc9, 0x4f, 0xe9, 0x40, 0x97, 0xfc, + 0xa8, 0x6b, 0x5e, 0xca, 0xbd, 0xaf, 0x79, 0xb1, 0xbf, 0x31, 0x44, 0x5f, 0x2f, 0x0c, 0x66, 0x22, + 0xd2, 0x8c, 0xe9, 0xf7, 0xed, 0x44, 0x9e, 0x98, 0x24, 0xea, 0xfb, 0x5e, 0xc7, 0x0b, 0x98, 0xb6, + 0xa7, 0x8e, 0x62, 0x4a, 0x07, 0xaa, 0x25, 0x52, 0xde, 0xb7, 0x96, 0xc8, 0x8b, 0x30, 0x1a, 0xc7, + 0x1b, 0xcb, 0x91, 0xbb, 0xe5, 0x24, 0xe4, 0x2a, 0xd9, 0x11, 0x56, 0x96, 0xce, 0xff, 0x5f, 0xb9, + 0xac, 0x81, 0x38, 0x8d, 0x8b, 0xe6, 0xe0, 0x94, 0xae, 0xe8, 0x41, 0xa2, 0x84, 0x45, 0xf7, 0xf3, + 0x99, 0xa0, 0x92, 0x7d, 0x75, 0x0d, 0x10, 0x81, 0x80, 0xbb, 0x9f, 0xa1, 0xf2, 0x2d, 0xd5, 0x48, + 0x3b, 0x32, 0x98, 0x96, 0x6f, 0x29, 0x3a, 0xb4, 0x2f, 0x5d, 0x4f, 0xa0, 0x45, 0x38, 0xcd, 0x27, + 0xc6, 0x74, 0x18, 0x1a, 0x6f, 0x34, 0x94, 0xae, 0x77, 0x38, 0xd7, 0x8d, 0x82, 0xf3, 0x9e, 0x43, + 0xcf, 0xc3, 0xb0, 0x6a, 0x9e, 0x9f, 0x15, 0xa7, 0x08, 0xca, 0x8b, 0xa1, 0xc8, 0xcc, 0x37, 0xb1, + 0x89, 0x87, 0x3e, 0x08, 0x0f, 0xeb, 0xbf, 0x3c, 0x05, 0x8c, 0x1f, 0xad, 0xcd, 0x8a, 0x62, 0x49, + 0xea, 0x52, 0x91, 0xb9, 0x5c, 0xb4, 0x26, 0xee, 0xf5, 0x3c, 0x5a, 0x83, 0x73, 0x0a, 0x74, 0xd1, + 0x4f, 0x58, 0x3e, 0x47, 0x4c, 0xea, 0x4e, 0x4c, 0xae, 0x47, 0x9e, 0xb8, 0x95, 0x55, 0xdd, 0xf7, + 0x38, 0xe7, 0x26, 0x97, 0xf3, 0x30, 0xf1, 0x02, 0xde, 0x83, 0x0a, 0x9a, 0x82, 0x1a, 0xf1, 0x9d, + 0x35, 0x8f, 0x2c, 0xcd, 0xcc, 0xb3, 0xa2, 0x4b, 0xc6, 0x49, 0xde, 0x45, 0x09, 0xc0, 0x1a, 0x47, + 0x45, 0x98, 0x8e, 0xf4, 0xbc, 0x7b, 0x74, 0x19, 0xce, 0xb4, 0x1a, 0x21, 0xb5, 0x3d, 0xdc, 0x06, + 0x99, 0x6e, 0xb0, 0x80, 0x3a, 0xfa, 0x61, 0x78, 0x21, 0x4a, 0x15, 0x3e, 0x3d, 0x37, 0xb3, 0xdc, + 0x85, 0x83, 0x73, 0x9f, 0x64, 0x81, 0x97, 0x51, 0xb0, 0xbd, 0x33, 0x7e, 0x3a, 0x13, 0x78, 0x49, + 0x1b, 0x31, 0x87, 0xa1, 0x2b, 0x80, 0x58, 0x2c, 0xfe, 0xe5, 0x24, 0x09, 0x95, 0xb1, 0x33, 0x7e, + 0x86, 0xbd, 0x92, 0x0a, 0x23, 0xbb, 0xd4, 0x85, 0x81, 0x73, 0x9e, 0xb2, 0xff, 0xa3, 0x05, 0xa3, + 0x6a, 0xbd, 0xde, 0x83, 0x6c, 0x14, 0x2f, 0x9d, 0x8d, 0x32, 0x77, 0x74, 0x89, 0xc7, 0x7a, 0xde, + 0x23, 0xa4, 0xf9, 0x67, 0x86, 0x01, 0xb4, 0x54, 0x54, 0x0a, 0xc9, 0xea, 0xa9, 0x90, 0x1e, 0x58, + 0x89, 0x94, 0x57, 0x61, 0xa5, 0x72, 0x7f, 0x2b, 0xac, 0xac, 0xc0, 0x59, 0x69, 0x2e, 0xf0, 0xb3, + 0xa2, 0xcb, 0x41, 0xac, 0x04, 0x5c, 0xb5, 0xfe, 0x98, 0x20, 0x74, 0x76, 0x3e, 0x0f, 0x09, 0xe7, + 0x3f, 0x9b, 0xb2, 0x52, 0x86, 0xf6, 0xb3, 0x52, 0xf4, 0x9a, 0x5e, 0x58, 0x97, 0xb7, 0x87, 0x64, + 0xd6, 0xf4, 0xc2, 0xa5, 0x15, 0xac, 0x71, 0xf2, 0x05, 0x7b, 0xad, 0x20, 0xc1, 0x0e, 0x07, 0x16, + 0xec, 0x52, 0xc4, 0x0c, 0xf7, 0x14, 0x31, 0xd2, 0x27, 0x3d, 0xd2, 0xd3, 0x27, 0xfd, 0x3e, 0x18, + 0x73, 0xfd, 0x0d, 0x12, 0xb9, 0x09, 0x69, 0xb2, 0xb5, 0xc0, 0xc4, 0x4f, 0x55, 0xab, 0xf5, 0xf9, + 0x14, 0x14, 0x67, 0xb0, 0xd3, 0x72, 0x71, 0xac, 0x0f, 0xb9, 0xd8, 0x43, 0x1b, 0x9d, 0x28, 0x46, + 0x1b, 0x9d, 0x3c, 0xba, 0x36, 0x3a, 0x75, 0xac, 0xda, 0x08, 0x15, 0xa2, 0x8d, 0xfa, 0x12, 0xf4, + 0xc6, 0xf6, 0xef, 0xcc, 0x3e, 0xdb, 0xbf, 0x5e, 0xaa, 0xe8, 0xec, 0xa1, 0x55, 0x51, 0xbe, 0x96, + 0x79, 0xe8, 0x50, 0x5a, 0xe6, 0x33, 0x25, 0x38, 0xab, 0xe5, 0x30, 0x9d, 0xfd, 0xee, 0x3a, 0x95, + 0x44, 0xec, 0x02, 0x2a, 0x7e, 0x6e, 0x63, 0x24, 0x47, 0xe9, 0x3c, 0x2b, 0x05, 0xc1, 0x06, 0x16, + 0xcb, 0x31, 0x22, 0x11, 0x2b, 0xb7, 0x9b, 0x15, 0xd2, 0x33, 0xa2, 0x1d, 0x2b, 0x0c, 0x3a, 0xbf, + 0xe8, 0x6f, 0x91, 0xb7, 0x99, 0x2d, 0x2a, 0x37, 0xa3, 0x41, 0xd8, 0xc4, 0x43, 0x4f, 0x71, 0x26, + 0x4c, 0x40, 0x50, 0x41, 0x3d, 0x22, 0x6e, 0xa4, 0x95, 0x32, 0x41, 0x41, 0x65, 0x77, 0x58, 0x32, + 0x59, 0xa5, 0xbb, 0x3b, 0x2c, 0x04, 0x4a, 0x61, 0xd8, 0xff, 0xcb, 0x82, 0x47, 0x72, 0x87, 0xe2, + 0x1e, 0x28, 0xdf, 0xed, 0xb4, 0xf2, 0x5d, 0x29, 0x6a, 0xbb, 0x61, 0xbc, 0x45, 0x0f, 0x45, 0xfc, + 0xef, 0x2d, 0x18, 0xd3, 0xf8, 0xf7, 0xe0, 0x55, 0xdd, 0xf4, 0xab, 0x16, 0xb7, 0xb3, 0xaa, 0x75, + 0xbd, 0xdb, 0xef, 0x94, 0x40, 0x15, 0x7a, 0x9c, 0x6e, 0xc8, 0x32, 0xba, 0xfb, 0x9c, 0x24, 0xee, + 0xc0, 0x20, 0x3b, 0x08, 0x8d, 0x8b, 0x09, 0xf2, 0x48, 0xf3, 0x67, 0x87, 0xaa, 0xfa, 0x90, 0x99, + 0xfd, 0x8d, 0xb1, 0x60, 0xc8, 0x8a, 0x41, 0xbb, 0x31, 0x95, 0xe6, 0x4d, 0x91, 0x96, 0xa5, 0x8b, + 0x41, 0x8b, 0x76, 0xac, 0x30, 0xa8, 0x7a, 0x70, 0x1b, 0x81, 0x3f, 0xe3, 0x39, 0xb1, 0xbc, 0x75, + 0x51, 0xa9, 0x87, 0x79, 0x09, 0xc0, 0x1a, 0x87, 0x9d, 0x91, 0xba, 0x71, 0xe8, 0x39, 0x3b, 0xc6, + 0xfe, 0xd9, 0xa8, 0x4f, 0xa0, 0x40, 0xd8, 0xc4, 0xb3, 0xdb, 0x30, 0x9e, 0x7e, 0x89, 0x59, 0xb2, + 0xce, 0x02, 0x14, 0xfb, 0x1a, 0xce, 0x29, 0xa8, 0x39, 0xec, 0xa9, 0x85, 0x8e, 0x93, 0xbd, 0x2c, + 0x7d, 0x5a, 0x02, 0xb0, 0xc6, 0xb1, 0x7f, 0xd5, 0x82, 0xd3, 0x39, 0x83, 0x56, 0x60, 0xda, 0x5b, + 0xa2, 0xa5, 0x4d, 0x9e, 0x62, 0x7f, 0x27, 0x0c, 0x35, 0xc9, 0xba, 0x23, 0x43, 0xe0, 0x0c, 0xd9, + 0x3e, 0xcb, 0x9b, 0xb1, 0x84, 0xdb, 0xff, 0xc3, 0x82, 0x13, 0xe9, 0xbe, 0xc6, 0x2c, 0x95, 0x84, + 0x0f, 0x93, 0x1b, 0x37, 0x82, 0x2d, 0x12, 0xed, 0xd0, 0x37, 0xb7, 0x32, 0xa9, 0x24, 0x5d, 0x18, + 0x38, 0xe7, 0x29, 0x56, 0xe6, 0xb5, 0xa9, 0x46, 0x5b, 0xce, 0xc8, 0x1b, 0x45, 0xce, 0x48, 0xfd, + 0x31, 0xcd, 0xe3, 0x72, 0xc5, 0x12, 0x9b, 0xfc, 0xed, 0xef, 0x0c, 0x80, 0xca, 0x8b, 0x65, 0xf1, + 0x47, 0x05, 0x45, 0x6f, 0x1d, 0x34, 0x83, 0x48, 0x4d, 0x86, 0x81, 0xbd, 0x02, 0x02, 0xb8, 0x97, + 0xc4, 0x74, 0x5d, 0xaa, 0x37, 0x5c, 0xd5, 0x20, 0x6c, 0xe2, 0xd1, 0x9e, 0x78, 0xee, 0x16, 0xe1, + 0x0f, 0x0d, 0xa6, 0x7b, 0xb2, 0x20, 0x01, 0x58, 0xe3, 0xd0, 0x9e, 0x34, 0xdd, 0xf5, 0x75, 0xb1, + 0xe5, 0x57, 0x3d, 0xa1, 0xa3, 0x83, 0x19, 0x84, 0x57, 0xee, 0x0e, 0x36, 0x85, 0x15, 0x6c, 0x54, + 0xee, 0x0e, 0x36, 0x31, 0x83, 0x50, 0xbb, 0xcd, 0x0f, 0xa2, 0x36, 0xbb, 0xcc, 0xbe, 0xa9, 0xb8, + 0x08, 0xeb, 0x57, 0xd9, 0x6d, 0xd7, 0xba, 0x51, 0x70, 0xde, 0x73, 0x74, 0x06, 0x86, 0x11, 0x69, + 0xba, 0x8d, 0xc4, 0xa4, 0x06, 0xe9, 0x19, 0xb8, 0xdc, 0x85, 0x81, 0x73, 0x9e, 0x42, 0xd3, 0x70, + 0x42, 0xe6, 0x35, 0xcb, 0xaa, 0x35, 0xc3, 0xe9, 0x2a, 0x19, 0x38, 0x0d, 0xc6, 0x59, 0x7c, 0x2a, + 0xd5, 0xda, 0xa2, 0xb0, 0x15, 0x33, 0x96, 0x0d, 0xa9, 0x26, 0x0b, 0x5e, 0x61, 0x85, 0x61, 0x7f, + 0xb2, 0x4c, 0xb5, 0x70, 0x8f, 0x82, 0x6e, 0xf7, 0x2c, 0x5a, 0x30, 0x3d, 0x23, 0x07, 0xfa, 0x98, + 0x91, 0xcf, 0xc1, 0xc8, 0xad, 0x38, 0xf0, 0x55, 0x24, 0x5e, 0xa5, 0x67, 0x24, 0x9e, 0x81, 0x95, + 0x1f, 0x89, 0x37, 0x58, 0x54, 0x24, 0xde, 0xd0, 0x21, 0x23, 0xf1, 0xbe, 0x55, 0x01, 0x75, 0x85, + 0xc8, 0x35, 0x92, 0xdc, 0x0e, 0xa2, 0x4d, 0xd7, 0x6f, 0xb1, 0x7c, 0xf0, 0xaf, 0x59, 0x30, 0xc2, + 0xd7, 0xcb, 0x82, 0x99, 0x49, 0xb5, 0x5e, 0xd0, 0xdd, 0x14, 0x29, 0x66, 0x93, 0xab, 0x06, 0xa3, + 0xcc, 0xa5, 0x9f, 0x26, 0x08, 0xa7, 0x7a, 0x84, 0x3e, 0x06, 0x20, 0xfd, 0xa3, 0xeb, 0x52, 0x64, + 0xce, 0x17, 0xd3, 0x3f, 0x4c, 0xd6, 0xb5, 0x0d, 0xbc, 0xaa, 0x98, 0x60, 0x83, 0x21, 0xfa, 0x8c, + 0xce, 0x32, 0xe3, 0x21, 0xfb, 0x1f, 0x39, 0x96, 0xb1, 0xe9, 0x27, 0xc7, 0x0c, 0xc3, 0x90, 0xeb, + 0xb7, 0xe8, 0x3c, 0x11, 0x11, 0x4b, 0xef, 0xc8, 0xab, 0xa5, 0xb0, 0x10, 0x38, 0xcd, 0xba, 0xe3, + 0x39, 0x7e, 0x83, 0x44, 0xf3, 0x1c, 0xdd, 0xbc, 0xea, 0x9a, 0x35, 0x60, 0x49, 0xa8, 0xeb, 0xf2, + 0x95, 0x4a, 0x3f, 0x97, 0xaf, 0x9c, 0x7b, 0x3f, 0x9c, 0xea, 0xfa, 0x98, 0x07, 0x4a, 0x29, 0x3b, + 0x7c, 0x36, 0x9a, 0xfd, 0x2f, 0x07, 0xb5, 0xd2, 0xba, 0x16, 0x34, 0xf9, 0x15, 0x20, 0x91, 0xfe, + 0xa2, 0xc2, 0xc6, 0x2d, 0x70, 0x8a, 0x18, 0xd7, 0x65, 0xab, 0x46, 0x6c, 0xb2, 0xa4, 0x73, 0x34, + 0x74, 0x22, 0xe2, 0x1f, 0xf7, 0x1c, 0x5d, 0x56, 0x4c, 0xb0, 0xc1, 0x10, 0x6d, 0xa4, 0x72, 0x4a, + 0x2e, 0x1d, 0x3d, 0xa7, 0x84, 0x55, 0x99, 0xca, 0xab, 0xda, 0xff, 0x45, 0x0b, 0xc6, 0xfc, 0xd4, + 0xcc, 0x2d, 0x26, 0x8c, 0x34, 0x7f, 0x55, 0xf0, 0x1b, 0xa8, 0xd2, 0x6d, 0x38, 0xc3, 0x3f, 0x4f, + 0xa5, 0x55, 0x0e, 0xa8, 0xd2, 0xf4, 0x5d, 0x42, 0x83, 0xbd, 0xee, 0x12, 0x42, 0xbe, 0xba, 0x4c, + 0x6d, 0xa8, 0xf0, 0xcb, 0xd4, 0x20, 0xe7, 0x22, 0xb5, 0x9b, 0x50, 0x6b, 0x44, 0xc4, 0x49, 0x0e, + 0x79, 0xaf, 0x16, 0x3b, 0xa0, 0x9f, 0x91, 0x04, 0xb0, 0xa6, 0x65, 0xff, 0xdf, 0x01, 0x38, 0x29, + 0x47, 0x44, 0x86, 0xa0, 0x53, 0xfd, 0xc8, 0xf9, 0x6a, 0xe3, 0x56, 0xe9, 0xc7, 0xcb, 0x12, 0x80, + 0x35, 0x0e, 0xb5, 0xc7, 0x3a, 0x31, 0x59, 0x0a, 0x89, 0xbf, 0xe0, 0xae, 0xc5, 0xe2, 0x9c, 0x53, + 0x2d, 0x94, 0xeb, 0x1a, 0x84, 0x4d, 0x3c, 0x6a, 0x8c, 0x73, 0xbb, 0x38, 0xce, 0xa6, 0xaf, 0x08, + 0x7b, 0x1b, 0x4b, 0x38, 0xfa, 0x85, 0xdc, 0x0a, 0xb3, 0xc5, 0x24, 0x6e, 0x75, 0x45, 0xde, 0x1f, + 0xf0, 0x2a, 0xc6, 0xbf, 0x63, 0xc1, 0x59, 0xde, 0x2a, 0x47, 0xf2, 0x7a, 0xd8, 0x74, 0x12, 0x12, + 0x17, 0x53, 0xf1, 0x3d, 0xa7, 0x7f, 0xda, 0xc9, 0x9b, 0xc7, 0x16, 0xe7, 0xf7, 0x06, 0xbd, 0x61, + 0xc1, 0x89, 0xcd, 0x54, 0xcd, 0x0f, 0xa9, 0x3a, 0x8e, 0x9a, 0x8e, 0x9f, 0x22, 0xaa, 0x97, 0x5a, + 0xba, 0x3d, 0xc6, 0x59, 0xee, 0xf6, 0x9f, 0x59, 0x60, 0x8a, 0xd1, 0x7b, 0x5f, 0x2a, 0xe4, 0xe0, + 0xa6, 0xa0, 0xb4, 0x2e, 0x2b, 0x3d, 0xad, 0xcb, 0xc7, 0xa0, 0xdc, 0x71, 0x9b, 0x62, 0x7f, 0xa1, + 0x4f, 0x5f, 0xe7, 0x67, 0x31, 0x6d, 0xb7, 0xff, 0x59, 0x45, 0xfb, 0x2d, 0x44, 0x5e, 0xd4, 0xf7, + 0xc5, 0x6b, 0xaf, 0xab, 0x62, 0x63, 0xfc, 0xcd, 0xaf, 0x75, 0x15, 0x1b, 0xfb, 0xd1, 0x83, 0xa7, + 0xbd, 0xf1, 0x01, 0xea, 0x55, 0x6b, 0x6c, 0x68, 0x9f, 0x9c, 0xb7, 0x5b, 0x50, 0xa5, 0x5b, 0x30, + 0xe6, 0x80, 0xac, 0xa6, 0x3a, 0x55, 0xbd, 0x2c, 0xda, 0xef, 0xee, 0x4e, 0xbc, 0xf7, 0xe0, 0xdd, + 0x92, 0x4f, 0x63, 0x45, 0x1f, 0xc5, 0x50, 0xa3, 0xbf, 0x59, 0x7a, 0x9e, 0xd8, 0xdc, 0x5d, 0x57, + 0x32, 0x53, 0x02, 0x0a, 0xc9, 0xfd, 0xd3, 0x7c, 0x90, 0x0f, 0x35, 0x76, 0x6b, 0x2d, 0x63, 0xca, + 0xf7, 0x80, 0xcb, 0x2a, 0x49, 0x4e, 0x02, 0xee, 0xee, 0x4e, 0xbc, 0x78, 0x70, 0xa6, 0xea, 0x71, + 0xac, 0x59, 0xd8, 0x5f, 0x1a, 0xd0, 0x73, 0x57, 0xd4, 0x98, 0xfb, 0xbe, 0x98, 0xbb, 0x2f, 0x64, + 0xe6, 0xee, 0xf9, 0xae, 0xb9, 0x3b, 0xa6, 0x6f, 0x57, 0x4d, 0xcd, 0xc6, 0x7b, 0x6d, 0x08, 0xec, + 0xef, 0x6f, 0x60, 0x16, 0xd0, 0x6b, 0x1d, 0x37, 0x22, 0xf1, 0x72, 0xd4, 0xf1, 0x5d, 0xbf, 0xc5, + 0xa6, 0x63, 0xd5, 0xb4, 0x80, 0x52, 0x60, 0x9c, 0xc5, 0xa7, 0x9b, 0x7a, 0xfa, 0xcd, 0x6f, 0x3a, + 0x5b, 0x7c, 0x56, 0x19, 0x65, 0xb7, 0x56, 0x44, 0x3b, 0x56, 0x18, 0xf6, 0x37, 0xd8, 0x59, 0xb6, + 0x91, 0x17, 0x4c, 0xe7, 0x84, 0xc7, 0xae, 0x09, 0xe6, 0x35, 0xbb, 0xd4, 0x9c, 0xe0, 0x77, 0x03, + 0x73, 0x18, 0xba, 0x0d, 0x43, 0x6b, 0xfc, 0x9e, 0xbc, 0x62, 0xea, 0x98, 0x8b, 0x4b, 0xf7, 0xd8, + 0x6d, 0x28, 0xf2, 0x06, 0xbe, 0xbb, 0xfa, 0x27, 0x96, 0xdc, 0xec, 0xdf, 0xaf, 0xc0, 0x89, 0xcc, + 0x45, 0xb2, 0xa9, 0x6a, 0xa9, 0xa5, 0x7d, 0xab, 0xa5, 0x7e, 0x18, 0xa0, 0x49, 0x42, 0x2f, 0xd8, + 0x61, 0xe6, 0xd8, 0xc0, 0x81, 0xcd, 0x31, 0x65, 0xc1, 0xcf, 0x2a, 0x2a, 0xd8, 0xa0, 0x28, 0x0a, + 0x95, 0xf1, 0xe2, 0xab, 0x99, 0x42, 0x65, 0xc6, 0x6d, 0x07, 0x83, 0xf7, 0xf6, 0xb6, 0x03, 0x17, + 0x4e, 0xf0, 0x2e, 0xaa, 0xec, 0xdb, 0x43, 0x24, 0xd9, 0xb2, 0xfc, 0x85, 0xd9, 0x34, 0x19, 0x9c, + 0xa5, 0x7b, 0x3f, 0xef, 0x89, 0x46, 0xef, 0x82, 0x9a, 0xfc, 0xce, 0xf1, 0x78, 0x4d, 0x57, 0x30, + 0x90, 0xd3, 0x80, 0xdd, 0xdf, 0x2c, 0x7e, 0x76, 0x15, 0x12, 0x80, 0xfb, 0x55, 0x48, 0xc0, 0xfe, + 0x42, 0x89, 0xda, 0xf1, 0xbc, 0x5f, 0xaa, 0x26, 0xce, 0x93, 0x30, 0xe8, 0x74, 0x92, 0x8d, 0xa0, + 0xeb, 0xd6, 0xbf, 0x69, 0xd6, 0x8a, 0x05, 0x14, 0x2d, 0xc0, 0x40, 0x53, 0xd7, 0x39, 0x39, 0xc8, + 0xf7, 0xd4, 0x2e, 0x51, 0x27, 0x21, 0x98, 0x51, 0x41, 0x8f, 0xc2, 0x40, 0xe2, 0xb4, 0x64, 0xca, + 0x15, 0x4b, 0xb3, 0x5d, 0x75, 0x5a, 0x31, 0x66, 0xad, 0xa6, 0xfa, 0x1e, 0xd8, 0x47, 0x7d, 0xbf, + 0x08, 0xa3, 0xb1, 0xdb, 0xf2, 0x9d, 0xa4, 0x13, 0x11, 0xe3, 0x98, 0x4f, 0x47, 0x6e, 0x98, 0x40, + 0x9c, 0xc6, 0xb5, 0x7f, 0x73, 0x04, 0xce, 0xac, 0xcc, 0x2c, 0xca, 0xea, 0xdd, 0xc7, 0x96, 0x35, + 0x95, 0xc7, 0xe3, 0xde, 0x65, 0x4d, 0xf5, 0xe0, 0xee, 0x19, 0x59, 0x53, 0x9e, 0x91, 0x35, 0x95, + 0x4e, 0x61, 0x29, 0x17, 0x91, 0xc2, 0x92, 0xd7, 0x83, 0x7e, 0x52, 0x58, 0x8e, 0x2d, 0x8d, 0x6a, + 0xcf, 0x0e, 0x1d, 0x28, 0x8d, 0x4a, 0xe5, 0x98, 0x15, 0x92, 0x5c, 0xd0, 0xe3, 0x53, 0xe5, 0xe6, + 0x98, 0xa9, 0xfc, 0x1e, 0x9e, 0x38, 0x23, 0x44, 0xfd, 0x2b, 0xc5, 0x77, 0xa0, 0x8f, 0xfc, 0x1e, + 0x91, 0xbb, 0x63, 0xe6, 0x94, 0x0d, 0x15, 0x91, 0x53, 0x96, 0xd7, 0x9d, 0x7d, 0x73, 0xca, 0x5e, + 0x84, 0xd1, 0x86, 0x17, 0xf8, 0x64, 0x39, 0x0a, 0x92, 0xa0, 0x11, 0x78, 0xc2, 0xac, 0x57, 0x22, + 0x61, 0xc6, 0x04, 0xe2, 0x34, 0x6e, 0xaf, 0x84, 0xb4, 0xda, 0x51, 0x13, 0xd2, 0xe0, 0x3e, 0x25, + 0xa4, 0xfd, 0xac, 0x4e, 0x9d, 0x1e, 0x66, 0x5f, 0xe4, 0xc3, 0xc5, 0x7f, 0x91, 0x7e, 0xf2, 0xa7, + 0xd1, 0x9b, 0xfc, 0xda, 0x3d, 0x6a, 0x18, 0xcf, 0x04, 0x6d, 0x6a, 0xf8, 0x8d, 0xb0, 0x21, 0x79, + 0xf5, 0x18, 0x26, 0xec, 0xcd, 0x15, 0xcd, 0x46, 0x5d, 0xc5, 0xa7, 0x9b, 0x70, 0xba, 0x23, 0x47, + 0x49, 0xed, 0xfe, 0x4a, 0x09, 0x7e, 0x60, 0xdf, 0x2e, 0xa0, 0xdb, 0x00, 0x89, 0xd3, 0x12, 0x13, + 0x55, 0x1c, 0x98, 0x1c, 0x31, 0xbc, 0x72, 0x55, 0xd2, 0xe3, 0x35, 0x49, 0xd4, 0x5f, 0x76, 0x14, + 0x21, 0x7f, 0xb3, 0xa8, 0xca, 0xc0, 0xeb, 0x2a, 0xdd, 0x88, 0x03, 0x8f, 0x60, 0x06, 0xa1, 0xea, + 0x3f, 0x22, 0x2d, 0x7d, 0x4f, 0xb4, 0xfa, 0x7c, 0x98, 0xb5, 0x62, 0x01, 0x45, 0xcf, 0xc3, 0xb0, + 0xe3, 0x79, 0x3c, 0x3f, 0x86, 0xc4, 0xe2, 0xde, 0x1d, 0x5d, 0x43, 0x4e, 0x83, 0xb0, 0x89, 0x67, + 0xff, 0x69, 0x09, 0x26, 0xf6, 0x91, 0x29, 0x5d, 0x19, 0x7f, 0x95, 0xbe, 0x33, 0xfe, 0x44, 0x8e, + 0xc2, 0x60, 0x8f, 0x1c, 0x85, 0xe7, 0x61, 0x38, 0x21, 0x4e, 0x5b, 0x04, 0x64, 0x09, 0x4f, 0x80, + 0x3e, 0x01, 0xd6, 0x20, 0x6c, 0xe2, 0x51, 0x29, 0x36, 0xe6, 0x34, 0x1a, 0x24, 0x8e, 0x65, 0x12, + 0x82, 0xf0, 0xa6, 0x16, 0x96, 0xe1, 0xc0, 0x9c, 0xd4, 0xd3, 0x29, 0x16, 0x38, 0xc3, 0x32, 0x3b, + 0xe0, 0xb5, 0x3e, 0x07, 0xfc, 0xeb, 0x25, 0x78, 0x6c, 0x4f, 0xed, 0xd6, 0x77, 0x7e, 0x48, 0x27, + 0x26, 0x51, 0x76, 0xe2, 0x5c, 0x8f, 0x49, 0x84, 0x19, 0x84, 0x8f, 0x52, 0x18, 0x1a, 0xf7, 0x70, + 0x17, 0x9d, 0xbc, 0xc4, 0x47, 0x29, 0xc5, 0x02, 0x67, 0x58, 0x1e, 0x76, 0x5a, 0xfe, 0x83, 0x12, + 0x3c, 0xd1, 0x87, 0x0d, 0x50, 0x60, 0x92, 0x57, 0x3a, 0xd5, 0xae, 0x7c, 0x9f, 0x32, 0x22, 0x0f, + 0x39, 0x5c, 0xdf, 0x28, 0xc1, 0xb9, 0xde, 0xaa, 0x18, 0xfd, 0x18, 0x9c, 0x88, 0x54, 0x14, 0x96, + 0x99, 0xa5, 0x77, 0x9a, 0x7b, 0x12, 0x52, 0x20, 0x9c, 0xc5, 0x45, 0x93, 0x00, 0xa1, 0x93, 0x6c, + 0xc4, 0x17, 0xb7, 0xdd, 0x38, 0x11, 0x55, 0x68, 0xc6, 0xf8, 0xd9, 0x95, 0x6c, 0xc5, 0x06, 0x06, + 0x65, 0xc7, 0xfe, 0xcd, 0x06, 0xd7, 0x82, 0x84, 0x3f, 0xc4, 0xb7, 0x11, 0xa7, 0xe5, 0x9d, 0x1d, + 0x06, 0x08, 0x67, 0x71, 0x29, 0x3b, 0x76, 0x3a, 0xca, 0x3b, 0xca, 0xf7, 0x17, 0x8c, 0xdd, 0x82, + 0x6a, 0xc5, 0x06, 0x46, 0x36, 0xff, 0xb0, 0xb2, 0x7f, 0xfe, 0xa1, 0xfd, 0x4f, 0x4b, 0xf0, 0x48, + 0x4f, 0x53, 0xae, 0xbf, 0x05, 0xf8, 0xe0, 0xe5, 0x0c, 0x1e, 0x6e, 0xee, 0x1c, 0x30, 0xb7, 0xed, + 0x8f, 0x7b, 0xcc, 0x34, 0x91, 0xdb, 0x76, 0xf8, 0xe4, 0xf0, 0x07, 0x6f, 0x3c, 0xbb, 0xd2, 0xd9, + 0x06, 0x0e, 0x90, 0xce, 0x96, 0xf9, 0x18, 0x95, 0x3e, 0x17, 0xf2, 0x9f, 0x97, 0x7b, 0x0e, 0x2f, + 0xdd, 0xfa, 0xf5, 0xe5, 0xa7, 0x9d, 0x85, 0x93, 0xae, 0xcf, 0xee, 0x6f, 0x5a, 0xe9, 0xac, 0x89, + 0xc2, 0x24, 0xa5, 0xf4, 0x2d, 0xeb, 0xf3, 0x19, 0x38, 0xee, 0x7a, 0xe2, 0x01, 0x4c, 0x2f, 0x3c, + 0xdc, 0x90, 0x1e, 0x2c, 0xc1, 0x15, 0x2d, 0xc1, 0x59, 0x39, 0x14, 0x1b, 0x4e, 0x44, 0x9a, 0x42, + 0x8d, 0xc4, 0x22, 0xa1, 0xe2, 0x11, 0x9e, 0x94, 0x91, 0x83, 0x80, 0xf3, 0x9f, 0x63, 0x57, 0xe6, + 0x04, 0xa1, 0xdb, 0x10, 0x9b, 0x1c, 0x7d, 0x65, 0x0e, 0x6d, 0xc4, 0x1c, 0x66, 0x7f, 0x18, 0x6a, + 0xea, 0xfd, 0x79, 0x58, 0xb7, 0x9a, 0x74, 0x5d, 0x61, 0xdd, 0x6a, 0xc6, 0x19, 0x58, 0xf4, 0x6b, + 0x51, 0x93, 0x38, 0xb3, 0x7a, 0xae, 0x92, 0x1d, 0x66, 0x1f, 0xdb, 0xef, 0x86, 0x11, 0xe5, 0x67, + 0xe9, 0xf7, 0x22, 0x21, 0xfb, 0x4b, 0x83, 0x30, 0x9a, 0x2a, 0x0e, 0x98, 0x72, 0xb0, 0x5a, 0xfb, + 0x3a, 0x58, 0x59, 0x98, 0x7e, 0xc7, 0x97, 0xb7, 0x8c, 0x19, 0x61, 0xfa, 0x1d, 0x9f, 0x60, 0x0e, + 0xa3, 0xe6, 0x6d, 0x33, 0xda, 0xc1, 0x1d, 0x5f, 0x84, 0xd3, 0x2a, 0xf3, 0x76, 0x96, 0xb5, 0x62, + 0x01, 0x45, 0x9f, 0xb0, 0x60, 0x24, 0x66, 0xde, 0x7b, 0xee, 0x9e, 0x16, 0x93, 0xee, 0xca, 0xd1, + 0x6b, 0x1f, 0xaa, 0x42, 0x98, 0x2c, 0x42, 0xc6, 0x6c, 0xc1, 0x29, 0x8e, 0xe8, 0xd3, 0x16, 0xd4, + 0xd4, 0x65, 0x28, 0xe2, 0xca, 0xc0, 0x95, 0x62, 0x6b, 0x2f, 0x72, 0xbf, 0xa6, 0x3a, 0x08, 0x51, + 0x45, 0xf0, 0xb0, 0x66, 0x8c, 0x62, 0xe5, 0x3b, 0x1e, 0x3a, 0x1e, 0xdf, 0x31, 0xe4, 0xf8, 0x8d, + 0xdf, 0x05, 0xb5, 0xb6, 0xe3, 0xbb, 0xeb, 0x24, 0x4e, 0xb8, 0x3b, 0x57, 0x96, 0x84, 0x95, 0x8d, + 0x58, 0xc3, 0xa9, 0x42, 0x8e, 0xd9, 0x8b, 0x25, 0x86, 0xff, 0x95, 0x29, 0xe4, 0x15, 0xdd, 0x8c, + 0x4d, 0x1c, 0xd3, 0x59, 0x0c, 0xf7, 0xd5, 0x59, 0x3c, 0xbc, 0xb7, 0xb3, 0xd8, 0xfe, 0x47, 0x16, + 0x9c, 0xcd, 0xfd, 0x6a, 0x0f, 0x6e, 0xe0, 0xa3, 0xfd, 0xe5, 0x0a, 0x9c, 0xce, 0xa9, 0xf2, 0x89, + 0x76, 0xcc, 0xf9, 0x6c, 0x15, 0x11, 0x43, 0x90, 0x3e, 0x12, 0x97, 0xc3, 0x98, 0x33, 0x89, 0x0f, + 0x76, 0x54, 0xa3, 0x8f, 0x4b, 0xca, 0xf7, 0xf6, 0xb8, 0xc4, 0x98, 0x96, 0x03, 0xf7, 0x75, 0x5a, + 0x56, 0xf6, 0x39, 0xc3, 0xf8, 0x35, 0x0b, 0xc6, 0xdb, 0x3d, 0x4a, 0xcb, 0x0b, 0xc7, 0xe3, 0x8d, + 0xe3, 0x29, 0x5c, 0x5f, 0x7f, 0xf4, 0xce, 0xee, 0x44, 0xcf, 0x8a, 0xfe, 0xb8, 0x67, 0xaf, 0xec, + 0xef, 0x94, 0x81, 0x95, 0x98, 0x65, 0x95, 0xdc, 0x76, 0xd0, 0xc7, 0xcd, 0x62, 0xc1, 0x56, 0x51, + 0x85, 0x6d, 0x39, 0x71, 0x55, 0x6c, 0x98, 0x8f, 0x60, 0x5e, 0xed, 0xe1, 0xac, 0xd0, 0x2a, 0xf5, + 0x21, 0xb4, 0x3c, 0x59, 0x95, 0xb9, 0x5c, 0x7c, 0x55, 0xe6, 0x5a, 0xb6, 0x22, 0xf3, 0xde, 0x9f, + 0x78, 0xe0, 0x81, 0xfc, 0xc4, 0xbf, 0x68, 0x71, 0xc1, 0x93, 0xf9, 0x0a, 0xda, 0x32, 0xb0, 0xf6, + 0xb0, 0x0c, 0x9e, 0x86, 0x6a, 0x4c, 0xbc, 0xf5, 0xcb, 0xc4, 0xf1, 0x84, 0x05, 0xa1, 0xcf, 0xaf, + 0x45, 0x3b, 0x56, 0x18, 0xec, 0xda, 0x56, 0xcf, 0x0b, 0x6e, 0x5f, 0x6c, 0x87, 0xc9, 0x8e, 0xb0, + 0x25, 0xf4, 0xb5, 0xad, 0x0a, 0x82, 0x0d, 0x2c, 0xfb, 0x6f, 0x97, 0xf8, 0x0c, 0x14, 0x41, 0x10, + 0x2f, 0x64, 0x2e, 0xda, 0xeb, 0x3f, 0x7e, 0xe0, 0xa3, 0x00, 0x0d, 0x75, 0x95, 0xbd, 0x38, 0x13, + 0xba, 0x7c, 0xe4, 0x7b, 0xb6, 0x05, 0x3d, 0xfd, 0x1a, 0xba, 0x0d, 0x1b, 0xfc, 0x52, 0xb2, 0xb4, + 0xbc, 0xaf, 0x2c, 0x4d, 0x89, 0x95, 0x81, 0x7d, 0xb4, 0xdd, 0x9f, 0x5a, 0x90, 0xb2, 0x88, 0x50, + 0x08, 0x15, 0xda, 0xdd, 0x9d, 0x62, 0x6e, 0xe9, 0x37, 0x49, 0x53, 0xd1, 0x28, 0xa6, 0x3d, 0xfb, + 0x89, 0x39, 0x23, 0xe4, 0x89, 0x58, 0x09, 0x3e, 0xaa, 0xd7, 0x8a, 0x63, 0x78, 0x39, 0x08, 0x36, + 0xf9, 0xc1, 0xa6, 0x8e, 0xbb, 0xb0, 0x5f, 0x80, 0x53, 0x5d, 0x9d, 0x62, 0x77, 0x6a, 0x05, 0x54, + 0xfb, 0x64, 0xa6, 0x2b, 0x4b, 0xe0, 0xc4, 0x1c, 0x66, 0x7f, 0xc3, 0x82, 0x93, 0x59, 0xf2, 0xe8, + 0x4d, 0x0b, 0x4e, 0xc5, 0x59, 0x7a, 0xc7, 0x35, 0x76, 0x2a, 0xde, 0xb1, 0x0b, 0x84, 0xbb, 0x3b, + 0x61, 0xff, 0x3f, 0x31, 0xf9, 0x6f, 0xba, 0x7e, 0x33, 0xb8, 0xad, 0x0c, 0x13, 0xab, 0xa7, 0x61, + 0x42, 0xd7, 0x63, 0x63, 0x83, 0x34, 0x3b, 0x5e, 0x57, 0xe6, 0xe8, 0x8a, 0x68, 0xc7, 0x0a, 0x83, + 0x25, 0xca, 0x75, 0x44, 0xd9, 0xf6, 0xcc, 0xa4, 0x9c, 0x15, 0xed, 0x58, 0x61, 0xa0, 0xe7, 0x60, + 0xc4, 0x78, 0x49, 0x39, 0x2f, 0x99, 0x41, 0x6e, 0xa8, 0xcc, 0x18, 0xa7, 0xb0, 0xd0, 0x24, 0x80, + 0x32, 0x72, 0xa4, 0x8a, 0x64, 0x8e, 0x22, 0x25, 0x89, 0x62, 0x6c, 0x60, 0xb0, 0xb4, 0x54, 0xaf, + 0x13, 0x33, 0x1f, 0xff, 0xa0, 0x2e, 0x25, 0x3a, 0x23, 0xda, 0xb0, 0x82, 0x52, 0x69, 0xd2, 0x76, + 0xfc, 0x8e, 0xe3, 0xd1, 0x11, 0x12, 0x5b, 0x3f, 0xb5, 0x0c, 0x17, 0x15, 0x04, 0x1b, 0x58, 0xf4, + 0x8d, 0x13, 0xb7, 0x4d, 0x5e, 0x0e, 0x7c, 0x19, 0xa7, 0xa6, 0x8f, 0x7d, 0x44, 0x3b, 0x56, 0x18, + 0xf6, 0x7f, 0xb3, 0xe0, 0x84, 0x4e, 0x72, 0xe7, 0xb7, 0x67, 0x9b, 0x3b, 0x55, 0x6b, 0xdf, 0x9d, + 0x6a, 0x3a, 0xfb, 0xb7, 0xd4, 0x57, 0xf6, 0xaf, 0x99, 0x98, 0x5b, 0xde, 0x33, 0x31, 0xf7, 0x87, + 0xf4, 0xcd, 0xac, 0x3c, 0x83, 0x77, 0x38, 0xef, 0x56, 0x56, 0x64, 0xc3, 0x60, 0xc3, 0x51, 0x15, + 0x5e, 0x46, 0xf8, 0xde, 0x61, 0x66, 0x9a, 0x21, 0x09, 0x88, 0xbd, 0x04, 0x35, 0x75, 0xfa, 0x21, + 0x37, 0xaa, 0x56, 0xfe, 0x46, 0xb5, 0xaf, 0x04, 0xc1, 0xfa, 0xda, 0x37, 0xbf, 0xfb, 0xf8, 0xdb, + 0x7e, 0xef, 0xbb, 0x8f, 0xbf, 0xed, 0x8f, 0xbe, 0xfb, 0xf8, 0xdb, 0x3e, 0x71, 0xe7, 0x71, 0xeb, + 0x9b, 0x77, 0x1e, 0xb7, 0x7e, 0xef, 0xce, 0xe3, 0xd6, 0x1f, 0xdd, 0x79, 0xdc, 0xfa, 0xce, 0x9d, + 0xc7, 0xad, 0x2f, 0xfe, 0xe7, 0xc7, 0xdf, 0xf6, 0x72, 0x6e, 0xa0, 0x22, 0xfd, 0xf1, 0x4c, 0xa3, + 0x39, 0xb5, 0x75, 0x81, 0xc5, 0xca, 0xd1, 0xe5, 0x35, 0x65, 0xcc, 0xa9, 0x29, 0xb9, 0xbc, 0xfe, + 0x7f, 0x00, 0x00, 0x00, 0xff, 0xff, 0xb2, 0x18, 0x73, 0x0d, 0xd5, 0xe1, 0x00, 0x00, } func (m *AWSAuthConfig) Marshal() (dAtA []byte, err error) { @@ -6625,20 +6594,6 @@ func (m *ApplicationSetStatus) MarshalToSizedBuffer(dAtA []byte) (int, error) { _ = i var l int _ = l - if len(m.Resources) > 0 { - for iNdEx := len(m.Resources) - 1; iNdEx >= 0; iNdEx-- { - { - size, err := m.Resources[iNdEx].MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintGenerated(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x1a - } - } if len(m.ApplicationStatus) > 0 { for iNdEx := len(m.ApplicationStatus) - 1; iNdEx >= 0; iNdEx-- { { @@ -7000,43 +6955,6 @@ func (m *ApplicationSetTerminalGenerator) MarshalToSizedBuffer(dAtA []byte) (int return len(dAtA) - i, nil } -func (m *ApplicationSetTree) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *ApplicationSetTree) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *ApplicationSetTree) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if len(m.Nodes) > 0 { - for iNdEx := len(m.Nodes) - 1; iNdEx >= 0; iNdEx-- { - { - size, err := m.Nodes[iNdEx].MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintGenerated(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0xa - } - } - return len(dAtA) - i, nil -} - func (m *ApplicationSource) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) @@ -15041,12 +14959,6 @@ func (m *ApplicationSetStatus) Size() (n int) { n += 1 + l + sovGenerated(uint64(l)) } } - if len(m.Resources) > 0 { - for _, e := range m.Resources { - l = e.Size() - n += 1 + l + sovGenerated(uint64(l)) - } - } return n } @@ -15168,21 +15080,6 @@ func (m *ApplicationSetTerminalGenerator) Size() (n int) { return n } -func (m *ApplicationSetTree) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - if len(m.Nodes) > 0 { - for _, e := range m.Nodes { - l = e.Size() - n += 1 + l + sovGenerated(uint64(l)) - } - } - return n -} - func (m *ApplicationSource) Size() (n int) { if m == nil { return 0 @@ -18361,15 +18258,9 @@ func (this *ApplicationSetStatus) String() string { repeatedStringForApplicationStatus += strings.Replace(strings.Replace(f.String(), "ApplicationSetApplicationStatus", "ApplicationSetApplicationStatus", 1), `&`, ``, 1) + "," } repeatedStringForApplicationStatus += "}" - repeatedStringForResources := "[]ResourceStatus{" - for _, f := range this.Resources { - repeatedStringForResources += strings.Replace(strings.Replace(f.String(), "ResourceStatus", "ResourceStatus", 1), `&`, ``, 1) + "," - } - repeatedStringForResources += "}" s := strings.Join([]string{`&ApplicationSetStatus{`, `Conditions:` + repeatedStringForConditions + `,`, `ApplicationStatus:` + repeatedStringForApplicationStatus + `,`, - `Resources:` + repeatedStringForResources + `,`, `}`, }, "") return s @@ -18458,21 +18349,6 @@ func (this *ApplicationSetTerminalGenerator) String() string { }, "") return s } -func (this *ApplicationSetTree) String() string { - if this == nil { - return "nil" - } - repeatedStringForNodes := "[]ResourceNode{" - for _, f := range this.Nodes { - repeatedStringForNodes += strings.Replace(strings.Replace(f.String(), "ResourceNode", "ResourceNode", 1), `&`, ``, 1) + "," - } - repeatedStringForNodes += "}" - s := strings.Join([]string{`&ApplicationSetTree{`, - `Nodes:` + repeatedStringForNodes + `,`, - `}`, - }, "") - return s -} func (this *ApplicationSource) String() string { if this == nil { return "nil" @@ -24827,40 +24703,6 @@ func (m *ApplicationSetStatus) Unmarshal(dAtA []byte) error { return err } iNdEx = postIndex - case 3: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Resources", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Resources = append(m.Resources, ResourceStatus{}) - if err := m.Resources[len(m.Resources)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) @@ -25957,90 +25799,6 @@ func (m *ApplicationSetTerminalGenerator) Unmarshal(dAtA []byte) error { } return nil } -func (m *ApplicationSetTree) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: ApplicationSetTree: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: ApplicationSetTree: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Nodes", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Nodes = append(m.Nodes, ResourceNode{}) - if err := m.Nodes[len(m.Nodes)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipGenerated(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} func (m *ApplicationSource) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 diff --git a/pkg/apis/application/v1alpha1/generated.proto b/pkg/apis/application/v1alpha1/generated.proto index f81fe77229a93..bde433c406540 100644 --- a/pkg/apis/application/v1alpha1/generated.proto +++ b/pkg/apis/application/v1alpha1/generated.proto @@ -330,9 +330,6 @@ message ApplicationSetStatus { repeated ApplicationSetCondition conditions = 1; repeated ApplicationSetApplicationStatus applicationStatus = 2; - - // Resources is a list of Applications resources managed by this application set. - repeated ResourceStatus resources = 3; } // ApplicationSetStrategy configures how generated Applications are updated in sequence. @@ -398,13 +395,6 @@ message ApplicationSetTerminalGenerator { optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector selector = 8; } -// ApplicationSetTree holds nodes which belongs to the application -// Used to build a tree of an ApplicationSet and its children -message ApplicationSetTree { - // Nodes contains list of nodes which are directly managed by the applicationset - repeated ResourceNode nodes = 1; -} - // ApplicationSource contains all required information about the source of an application message ApplicationSource { // RepoURL is the URL to the repository (Git or Helm) that contains the application manifests diff --git a/pkg/apis/application/v1alpha1/openapi_generated.go b/pkg/apis/application/v1alpha1/openapi_generated.go index bf72c3819aedb..c5a41de677314 100644 --- a/pkg/apis/application/v1alpha1/openapi_generated.go +++ b/pkg/apis/application/v1alpha1/openapi_generated.go @@ -41,7 +41,6 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSetTemplate": schema_pkg_apis_application_v1alpha1_ApplicationSetTemplate(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSetTemplateMeta": schema_pkg_apis_application_v1alpha1_ApplicationSetTemplateMeta(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSetTerminalGenerator": schema_pkg_apis_application_v1alpha1_ApplicationSetTerminalGenerator(ref), - "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSetTree": schema_pkg_apis_application_v1alpha1_ApplicationSetTree(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSource": schema_pkg_apis_application_v1alpha1_ApplicationSource(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSourceDirectory": schema_pkg_apis_application_v1alpha1_ApplicationSourceDirectory(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSourceHelm": schema_pkg_apis_application_v1alpha1_ApplicationSourceHelm(ref), @@ -1339,25 +1338,11 @@ func schema_pkg_apis_application_v1alpha1_ApplicationSetStatus(ref common.Refere }, }, }, - "resources": { - SchemaProps: spec.SchemaProps{ - Description: "Resources is a list of Applications resources managed by this application set.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ResourceStatus"), - }, - }, - }, - }, - }, }, }, }, Dependencies: []string{ - "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSetApplicationStatus", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSetCondition", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ResourceStatus"}, + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSetApplicationStatus", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSetCondition"}, } } @@ -1567,35 +1552,6 @@ func schema_pkg_apis_application_v1alpha1_ApplicationSetTerminalGenerator(ref co } } -func schema_pkg_apis_application_v1alpha1_ApplicationSetTree(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "ApplicationSetTree holds nodes which belongs to the application Used to build a tree of an ApplicationSet and its children", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "nodes": { - SchemaProps: spec.SchemaProps{ - Description: "Nodes contains list of nodes which are directly managed by the applicationset", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ResourceNode"), - }, - }, - }, - }, - }, - }, - }, - }, - Dependencies: []string{ - "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ResourceNode"}, - } -} - func schema_pkg_apis_application_v1alpha1_ApplicationSource(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ diff --git a/pkg/apis/application/v1alpha1/types.go b/pkg/apis/application/v1alpha1/types.go index eb120b79bd4a5..1ea2277e30599 100644 --- a/pkg/apis/application/v1alpha1/types.go +++ b/pkg/apis/application/v1alpha1/types.go @@ -1694,7 +1694,7 @@ type ResourceStatus struct { SyncWave int64 `json:"syncWave,omitempty" protobuf:"bytes,10,opt,name=syncWave"` } -// GroupVersionKind returns the GVK schema type for given resource status +// GroupKindVersion returns the GVK schema type for given resource status func (r *ResourceStatus) GroupVersionKind() schema.GroupVersionKind { return schema.GroupVersionKind{Group: r.Group, Version: r.Version, Kind: r.Kind} } @@ -2090,12 +2090,6 @@ func isValidResource(resource string) bool { return validResources[resource] } -func isValidObject(proj string, object string) bool { - // match against [/]/ - objectRegexp, err := regexp.Compile(fmt.Sprintf(`^%s(/[*\w-.]+)?/[*\w-.]+$`, regexp.QuoteMeta(proj))) - return objectRegexp.MatchString(object) && err == nil -} - func validatePolicy(proj string, role string, policy string) error { policyComponents := strings.Split(policy, ",") if len(policyComponents) != 6 || strings.Trim(policyComponents[0], " ") != "p" { @@ -2119,8 +2113,9 @@ func validatePolicy(proj string, role string, policy string) error { } // object object := strings.Trim(policyComponents[4], " ") - if !isValidObject(proj, object) { - return status.Errorf(codes.InvalidArgument, "invalid policy rule '%s': object must be of form '%s/*', '%s[/]/' or '%s/', not '%s'", policy, proj, proj, proj, object) + objectRegexp, err := regexp.Compile(fmt.Sprintf(`^%s/[*\w-.]+$`, regexp.QuoteMeta(proj))) + if err != nil || !objectRegexp.MatchString(object) { + return status.Errorf(codes.InvalidArgument, "invalid policy rule '%s': object must be of form '%s/*' or '%s/', not '%s'", policy, proj, proj, object) } // effect effect := strings.Trim(policyComponents[5], " ") diff --git a/pkg/apis/application/v1alpha1/types_test.go b/pkg/apis/application/v1alpha1/types_test.go index 5d34e1dcf739c..817003b06a0ea 100644 --- a/pkg/apis/application/v1alpha1/types_test.go +++ b/pkg/apis/application/v1alpha1/types_test.go @@ -3085,69 +3085,6 @@ func TestOrphanedResourcesMonitorSettings_IsWarn(t *testing.T) { assert.True(t, settings.IsWarn()) } -func Test_isValidPolicy(t *testing.T) { - policyTests := []struct { - name string - policy string - isValid bool - }{ - { - name: "policy with full wildcard", - policy: "some-project/*", - isValid: true, - }, - { - name: "policy with specified project and application", - policy: "some-project/some-application", - isValid: true, - }, - { - name: "policy with full wildcard namespace and application", - policy: "some-project/*/*", - isValid: true, - }, - { - name: "policy with wildcard namespace and specified application", - policy: "some-project/*/some-application", - isValid: true, - }, - { - name: "policy with specified namespace and wildcard application", - policy: "some-project/some-namespace/*", - isValid: true, - }, - { - name: "policy with wildcard prefix namespace and specified application", - policy: "some-project/some-name*/some-application", - isValid: true, - }, - { - name: "policy with specified namespace and wildcard prefixed application", - policy: "some-project/some-namespace/some-app*", - isValid: true, - }, - { - name: "policy with valid namespace and application", - policy: "some-project/some-namespace/some-application", - isValid: true, - }, - { - name: "policy with invalid namespace character", - policy: "some-project/some~namespace/some-application", - isValid: false, - }, - { - name: "policy with invalid application character", - policy: "some-project/some-namespace/some^application", - isValid: false, - }, - } - - for _, policyTest := range policyTests { - assert.Equal(t, policyTest.isValid, isValidObject("some-project", policyTest.policy), policyTest.name) - } -} - func Test_validatePolicy_projIsNotRegex(t *testing.T) { // Make sure the "." in "some.project" isn't treated as the regex wildcard. err := validatePolicy("some.project", "org-admin", "p, proj:some.project:org-admin, applications, *, some-project/*, allow") diff --git a/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go index 9ecec3f0b8793..d61af65785b95 100644 --- a/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go @@ -768,13 +768,6 @@ func (in *ApplicationSetStatus) DeepCopyInto(out *ApplicationSetStatus) { (*in)[i].DeepCopyInto(&(*out)[i]) } } - if in.Resources != nil { - in, out := &in.Resources, &out.Resources - *out = make([]ResourceStatus, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } return } @@ -961,29 +954,6 @@ func (in ApplicationSetTerminalGenerators) DeepCopy() ApplicationSetTerminalGene return *out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ApplicationSetTree) DeepCopyInto(out *ApplicationSetTree) { - *out = *in - if in.Nodes != nil { - in, out := &in.Nodes, &out.Nodes - *out = make([]ResourceNode, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ApplicationSetTree. -func (in *ApplicationSetTree) DeepCopy() *ApplicationSetTree { - if in == nil { - return nil - } - out := new(ApplicationSetTree) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ApplicationSource) DeepCopyInto(out *ApplicationSource) { *out = *in diff --git a/reposerver/apiclient/clientset.go b/reposerver/apiclient/clientset.go index 41f8cef73eaa7..417dc758ef5bd 100644 --- a/reposerver/apiclient/clientset.go +++ b/reposerver/apiclient/clientset.go @@ -4,9 +4,6 @@ import ( "crypto/tls" "crypto/x509" "fmt" - "github.com/argoproj/argo-cd/v2/common" - "github.com/argoproj/argo-cd/v2/util/env" - "math" "time" grpc_middleware "github.com/grpc-ecosystem/go-grpc-middleware" @@ -22,9 +19,9 @@ import ( //go:generate go run github.com/vektra/mockery/v2@v2.15.0 --name=RepoServerServiceClient -var ( +const ( // MaxGRPCMessageSize contains max grpc message size - MaxGRPCMessageSize = env.ParseNumFromEnv(common.EnvGRPCMaxSizeMB, 100, 0, math.MaxInt32) * 1024 * 1024 + MaxGRPCMessageSize = 100 * 1024 * 1024 ) // TLSConfiguration describes parameters for TLS configuration to be used by a repo server API client diff --git a/reposerver/apiclient/repository.pb.go b/reposerver/apiclient/repository.pb.go index 707e1e95d9220..19ddddf2111dc 100644 --- a/reposerver/apiclient/repository.pb.go +++ b/reposerver/apiclient/repository.pb.go @@ -2310,6 +2310,7 @@ func (m *UpdateRevisionForPathsRequest) GetPaths() []string { } type UpdateRevisionForPathsResponse struct { + Changes bool `protobuf:"varint,1,opt,name=changes,proto3" json:"changes,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -2348,6 +2349,13 @@ func (m *UpdateRevisionForPathsResponse) XXX_DiscardUnknown() { var xxx_messageInfo_UpdateRevisionForPathsResponse proto.InternalMessageInfo +func (m *UpdateRevisionForPathsResponse) GetChanges() bool { + if m != nil { + return m.Changes + } + return false +} + func init() { proto.RegisterType((*ManifestRequest)(nil), "repository.ManifestRequest") proto.RegisterMapType((map[string]bool)(nil), "repository.ManifestRequest.EnabledSourceTypesEntry") @@ -2398,150 +2406,151 @@ func init() { } var fileDescriptor_dd8723cfcc820480 = []byte{ - // 2285 bytes of a gzipped FileDescriptorProto + // 2298 bytes of a gzipped FileDescriptorProto 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xdc, 0x5a, 0x5f, 0x73, 0x1b, 0x49, - 0x11, 0xf7, 0x4a, 0xb2, 0x2c, 0xb5, 0x1d, 0x5b, 0x9e, 0x24, 0xce, 0x46, 0x97, 0xb8, 0x7c, 0x0b, - 0x49, 0xe5, 0x92, 0x3b, 0xa9, 0xe2, 0xd4, 0x5d, 0x20, 0x77, 0x1c, 0xe5, 0xcb, 0x25, 0x76, 0x2e, - 0x71, 0x62, 0x36, 0x39, 0xa8, 0x40, 0x80, 0x1a, 0xad, 0x46, 0xd2, 0x9e, 0x56, 0xbb, 0x93, 0xdd, - 0x59, 0x1f, 0x4a, 0x15, 0x4f, 0x50, 0x7c, 0x04, 0x1e, 0x78, 0xe5, 0x0b, 0x50, 0x45, 0x51, 0x3c, - 0xf2, 0x40, 0xf1, 0xe7, 0x91, 0xe2, 0x0b, 0x40, 0xe5, 0x85, 0x2a, 0x3e, 0x05, 0x35, 0x7f, 0xf6, - 0xaf, 0x56, 0x8a, 0x0f, 0x39, 0x3e, 0xb8, 0x17, 0x7b, 0xa7, 0x67, 0xa6, 0xbb, 0xa7, 0xa7, 0xbb, - 0xe7, 0xd7, 0x33, 0x82, 0xcb, 0x3e, 0xa1, 0x5e, 0x40, 0xfc, 0x43, 0xe2, 0xb7, 0xc5, 0xa7, 0xcd, - 0x3c, 0x7f, 0x9c, 0xfa, 0x6c, 0x51, 0xdf, 0x63, 0x1e, 0x82, 0x84, 0xd2, 0x7c, 0xd0, 0xb7, 0xd9, - 0x20, 0xec, 0xb4, 0x2c, 0x6f, 0xd4, 0xc6, 0x7e, 0xdf, 0xa3, 0xbe, 0xf7, 0x99, 0xf8, 0x78, 0xc7, - 0xea, 0xb6, 0x0f, 0xb7, 0xdb, 0x74, 0xd8, 0x6f, 0x63, 0x6a, 0x07, 0x6d, 0x4c, 0xa9, 0x63, 0x5b, - 0x98, 0xd9, 0x9e, 0xdb, 0x3e, 0xbc, 0x8e, 0x1d, 0x3a, 0xc0, 0xd7, 0xdb, 0x7d, 0xe2, 0x12, 0x1f, - 0x33, 0xd2, 0x95, 0x9c, 0x9b, 0x6f, 0xf4, 0x3d, 0xaf, 0xef, 0x90, 0xb6, 0x68, 0x75, 0xc2, 0x5e, - 0x9b, 0x8c, 0x28, 0x53, 0x62, 0x8d, 0x7f, 0xaf, 0xc0, 0xda, 0x3e, 0x76, 0xed, 0x1e, 0x09, 0x98, - 0x49, 0x9e, 0x87, 0x24, 0x60, 0xe8, 0x19, 0x54, 0xb8, 0x32, 0xba, 0xb6, 0xa5, 0x5d, 0x59, 0xde, - 0xde, 0x6b, 0x25, 0xda, 0xb4, 0x22, 0x6d, 0xc4, 0xc7, 0x8f, 0xad, 0x6e, 0xeb, 0x70, 0xbb, 0x45, - 0x87, 0xfd, 0x16, 0xd7, 0xa6, 0x95, 0xd2, 0xa6, 0x15, 0x69, 0xd3, 0x32, 0xe3, 0x65, 0x99, 0x82, - 0x2b, 0x6a, 0x42, 0xcd, 0x27, 0x87, 0x76, 0x60, 0x7b, 0xae, 0x5e, 0xda, 0xd2, 0xae, 0xd4, 0xcd, - 0xb8, 0x8d, 0x74, 0x58, 0x72, 0xbd, 0xdb, 0xd8, 0x1a, 0x10, 0xbd, 0xbc, 0xa5, 0x5d, 0xa9, 0x99, - 0x51, 0x13, 0x6d, 0xc1, 0x32, 0xa6, 0xf4, 0x01, 0xee, 0x10, 0xe7, 0x3e, 0x19, 0xeb, 0x15, 0x31, - 0x31, 0x4d, 0xe2, 0x73, 0x31, 0xa5, 0x0f, 0xf1, 0x88, 0xe8, 0x8b, 0xa2, 0x37, 0x6a, 0xa2, 0x0b, - 0x50, 0x77, 0xf1, 0x88, 0x04, 0x14, 0x5b, 0x44, 0xaf, 0x89, 0xbe, 0x84, 0x80, 0x7e, 0x0a, 0xeb, - 0x29, 0xc5, 0x1f, 0x7b, 0xa1, 0x6f, 0x11, 0x1d, 0xc4, 0xd2, 0x1f, 0xcd, 0xb7, 0xf4, 0x9d, 0x3c, - 0x5b, 0x73, 0x52, 0x12, 0xfa, 0x11, 0x2c, 0x8a, 0x9d, 0xd7, 0x97, 0xb7, 0xca, 0xc7, 0x6a, 0x6d, - 0xc9, 0x16, 0xb9, 0xb0, 0x44, 0x9d, 0xb0, 0x6f, 0xbb, 0x81, 0xbe, 0x22, 0x24, 0x3c, 0x99, 0x4f, - 0xc2, 0x6d, 0xcf, 0xed, 0xd9, 0xfd, 0x7d, 0xec, 0xe2, 0x3e, 0x19, 0x11, 0x97, 0x1d, 0x08, 0xe6, - 0x66, 0x24, 0x04, 0xbd, 0x80, 0xc6, 0x30, 0x0c, 0x98, 0x37, 0xb2, 0x5f, 0x90, 0x47, 0x94, 0xcf, - 0x0d, 0xf4, 0x53, 0xc2, 0x9a, 0x0f, 0xe7, 0x13, 0x7c, 0x3f, 0xc7, 0xd5, 0x9c, 0x90, 0xc3, 0x9d, - 0x64, 0x18, 0x76, 0xc8, 0x77, 0x89, 0x2f, 0xbc, 0x6b, 0x55, 0x3a, 0x49, 0x8a, 0x24, 0xdd, 0xc8, - 0x56, 0xad, 0x40, 0x5f, 0xdb, 0x2a, 0x4b, 0x37, 0x8a, 0x49, 0xe8, 0x0a, 0xac, 0x1d, 0x12, 0xdf, - 0xee, 0x8d, 0x1f, 0xdb, 0x7d, 0x17, 0xb3, 0xd0, 0x27, 0x7a, 0x43, 0xb8, 0x62, 0x9e, 0x8c, 0x46, - 0x70, 0x6a, 0x40, 0x9c, 0x11, 0x37, 0xf9, 0x6d, 0x9f, 0x74, 0x03, 0x7d, 0x5d, 0xd8, 0x77, 0x77, - 0xfe, 0x1d, 0x14, 0xec, 0xcc, 0x2c, 0x77, 0xae, 0x98, 0xeb, 0x99, 0x2a, 0x52, 0x64, 0x8c, 0x20, - 0xa9, 0x58, 0x8e, 0x8c, 0x2e, 0xc3, 0x2a, 0xf3, 0xb1, 0x35, 0xb4, 0xdd, 0xfe, 0x3e, 0x61, 0x03, - 0xaf, 0xab, 0x9f, 0x16, 0x96, 0xc8, 0x51, 0x91, 0x05, 0x88, 0xb8, 0xb8, 0xe3, 0x90, 0xae, 0xf4, - 0xc5, 0x27, 0x63, 0x4a, 0x02, 0xfd, 0x8c, 0x58, 0xc5, 0x8d, 0x56, 0x2a, 0x43, 0xe5, 0x12, 0x44, - 0xeb, 0xce, 0xc4, 0xac, 0x3b, 0x2e, 0xf3, 0xc7, 0x66, 0x01, 0x3b, 0x34, 0x84, 0x65, 0xbe, 0x8e, - 0xc8, 0x15, 0xce, 0x0a, 0x57, 0xb8, 0x37, 0x9f, 0x8d, 0xf6, 0x12, 0x86, 0x66, 0x9a, 0x3b, 0x6a, - 0x01, 0x1a, 0xe0, 0x60, 0x3f, 0x74, 0x98, 0x4d, 0x1d, 0x22, 0xd5, 0x08, 0xf4, 0x0d, 0x61, 0xa6, - 0x82, 0x1e, 0x74, 0x1f, 0xc0, 0x27, 0xbd, 0x68, 0xdc, 0x39, 0xb1, 0xf2, 0x6b, 0xb3, 0x56, 0x6e, - 0xc6, 0xa3, 0xe5, 0x8a, 0x53, 0xd3, 0xb9, 0x70, 0xbe, 0x0c, 0x62, 0x31, 0x15, 0xed, 0x22, 0xac, - 0x75, 0xe1, 0x62, 0x05, 0x3d, 0xdc, 0x17, 0x15, 0x55, 0x24, 0xad, 0xf3, 0xd2, 0x5b, 0x53, 0xa4, - 0xe6, 0x1d, 0x38, 0x37, 0xc5, 0xd4, 0xa8, 0x01, 0xe5, 0x21, 0x19, 0x8b, 0x14, 0x5d, 0x37, 0xf9, - 0x27, 0x3a, 0x03, 0x8b, 0x87, 0xd8, 0x09, 0x89, 0x48, 0xaa, 0x35, 0x53, 0x36, 0x6e, 0x95, 0xbe, - 0xa1, 0x35, 0x7f, 0xa1, 0xc1, 0x5a, 0x4e, 0xf1, 0x82, 0xf9, 0x3f, 0x4c, 0xcf, 0x3f, 0x06, 0x37, - 0xee, 0x3d, 0xc1, 0x7e, 0x9f, 0xb0, 0x94, 0x22, 0xc6, 0xdf, 0x35, 0xd0, 0x73, 0x16, 0xfd, 0x9e, - 0xcd, 0x06, 0x77, 0x6d, 0x87, 0x04, 0xe8, 0x26, 0x2c, 0xf9, 0x92, 0xa6, 0x0e, 0x9e, 0x37, 0x66, - 0x6c, 0xc4, 0xde, 0x82, 0x19, 0x8d, 0x46, 0x1f, 0x42, 0x6d, 0x44, 0x18, 0xee, 0x62, 0x86, 0x95, - 0xee, 0x5b, 0x45, 0x33, 0xb9, 0x94, 0x7d, 0x35, 0x6e, 0x6f, 0xc1, 0x8c, 0xe7, 0xa0, 0x77, 0x61, - 0xd1, 0x1a, 0x84, 0xee, 0x50, 0x1c, 0x39, 0xcb, 0xdb, 0x17, 0xa7, 0x4d, 0xbe, 0xcd, 0x07, 0xed, - 0x2d, 0x98, 0x72, 0xf4, 0x47, 0x55, 0xa8, 0x50, 0xec, 0x33, 0xe3, 0x2e, 0x9c, 0x29, 0x12, 0xc1, - 0xcf, 0x39, 0x6b, 0x40, 0xac, 0x61, 0x10, 0x8e, 0x94, 0x99, 0xe3, 0x36, 0x42, 0x50, 0x09, 0xec, - 0x17, 0xd2, 0xd4, 0x65, 0x53, 0x7c, 0x1b, 0x6f, 0xc1, 0xfa, 0x84, 0x34, 0xbe, 0xa9, 0x52, 0x37, - 0xce, 0x61, 0x45, 0x89, 0x36, 0x42, 0x38, 0xfb, 0x44, 0xd8, 0x22, 0x4e, 0xf6, 0x27, 0x71, 0x72, - 0x1b, 0x7b, 0xb0, 0x91, 0x17, 0x1b, 0x50, 0xcf, 0x0d, 0x08, 0x77, 0x7d, 0x91, 0x1d, 0x6d, 0xd2, - 0x4d, 0x7a, 0x85, 0x16, 0x35, 0xb3, 0xa0, 0xc7, 0xf8, 0x75, 0x09, 0x36, 0x4c, 0x12, 0x78, 0xce, - 0x21, 0x89, 0x52, 0xd7, 0xc9, 0x80, 0x8f, 0x1f, 0x40, 0x19, 0x53, 0xaa, 0xdc, 0xe4, 0xde, 0xb1, - 0x1d, 0xef, 0x26, 0xe7, 0x8a, 0xde, 0x86, 0x75, 0x3c, 0xea, 0xd8, 0xfd, 0xd0, 0x0b, 0x83, 0x68, - 0x59, 0xc2, 0xa9, 0xea, 0xe6, 0x64, 0x07, 0x0f, 0xff, 0x40, 0x44, 0xe4, 0x3d, 0xb7, 0x4b, 0x7e, - 0x22, 0x10, 0x4d, 0xd9, 0x4c, 0x93, 0x0c, 0x0b, 0xce, 0x4d, 0x18, 0x49, 0x19, 0x3c, 0x0d, 0xa2, - 0xb4, 0x1c, 0x88, 0x2a, 0x54, 0xa3, 0x34, 0x45, 0x0d, 0xe3, 0xcf, 0x1a, 0x34, 0x92, 0xe0, 0x52, - 0xec, 0x2f, 0x40, 0x7d, 0xa4, 0x68, 0x81, 0xae, 0x89, 0x0c, 0x96, 0x10, 0xb2, 0x78, 0xaa, 0x94, - 0xc7, 0x53, 0x1b, 0x50, 0x95, 0x70, 0x57, 0x2d, 0x5d, 0xb5, 0x32, 0x2a, 0x57, 0x72, 0x2a, 0x6f, - 0x02, 0x04, 0x71, 0x86, 0xd3, 0xab, 0xa2, 0x37, 0x45, 0x41, 0x06, 0xac, 0xc8, 0xd3, 0xd7, 0x24, - 0x41, 0xe8, 0x30, 0x7d, 0x49, 0x8c, 0xc8, 0xd0, 0x0c, 0x0f, 0xd6, 0x1e, 0xd8, 0x7c, 0x0d, 0xbd, - 0xe0, 0x64, 0xc2, 0xe1, 0x3d, 0xa8, 0x70, 0x61, 0x7c, 0x61, 0x1d, 0x1f, 0xbb, 0xd6, 0x80, 0x44, - 0xb6, 0x8a, 0xdb, 0x3c, 0xd0, 0x19, 0xee, 0x07, 0x7a, 0x49, 0xd0, 0xc5, 0xb7, 0xf1, 0xfb, 0x92, - 0xd4, 0x74, 0x87, 0xd2, 0xe0, 0xcb, 0x87, 0xdc, 0xc5, 0x20, 0xa0, 0x3c, 0x09, 0x02, 0x72, 0x2a, - 0x7f, 0x11, 0x10, 0x70, 0x4c, 0x07, 0x99, 0x11, 0xc2, 0xd2, 0x0e, 0xa5, 0x5c, 0x11, 0x74, 0x1d, - 0x2a, 0x98, 0x52, 0x69, 0xf0, 0x5c, 0xce, 0x56, 0x43, 0xf8, 0x7f, 0xa5, 0x92, 0x18, 0xda, 0xbc, - 0x09, 0xf5, 0x98, 0xf4, 0x2a, 0xb1, 0xf5, 0xb4, 0xd8, 0x2d, 0x00, 0x89, 0x72, 0xef, 0xb9, 0x3d, - 0x8f, 0x6f, 0x29, 0x77, 0x76, 0x35, 0x55, 0x7c, 0x1b, 0xb7, 0xa2, 0x11, 0x42, 0xb7, 0xb7, 0x61, - 0xd1, 0x66, 0x64, 0x14, 0x29, 0xb7, 0x91, 0x56, 0x2e, 0x61, 0x64, 0xca, 0x41, 0xc6, 0x5f, 0x6a, - 0x70, 0x9e, 0xef, 0xd8, 0x63, 0x11, 0x26, 0x3b, 0x94, 0x7e, 0x4c, 0x18, 0xb6, 0x9d, 0xe0, 0x3b, - 0x21, 0xf1, 0xc7, 0xaf, 0xd9, 0x31, 0xfa, 0x50, 0x95, 0x51, 0xa6, 0x32, 0xe2, 0xb1, 0x17, 0x3c, - 0x8a, 0x7d, 0x52, 0xe5, 0x94, 0x5f, 0x4f, 0x95, 0x53, 0x54, 0x75, 0x54, 0x4e, 0xa8, 0xea, 0x98, - 0x5e, 0x78, 0xa6, 0xca, 0xd9, 0x6a, 0xb6, 0x9c, 0x2d, 0x00, 0xf3, 0x4b, 0x47, 0x05, 0xf3, 0xb5, - 0x42, 0x30, 0x3f, 0x2a, 0x8c, 0xe3, 0xba, 0x30, 0xf7, 0xb7, 0xd2, 0x1e, 0x38, 0xd5, 0xd7, 0xe6, - 0x81, 0xf5, 0xf0, 0x5a, 0x61, 0xfd, 0xa7, 0x19, 0x98, 0x2e, 0x0b, 0xe5, 0x77, 0x8f, 0xb6, 0xa6, - 0x19, 0x80, 0xfd, 0x2b, 0x07, 0xaf, 0x7f, 0x2e, 0x50, 0x15, 0xf5, 0x12, 0x1b, 0xc4, 0x07, 0x3a, - 0x3f, 0x87, 0xf8, 0xd1, 0xaa, 0x92, 0x16, 0xff, 0x46, 0xd7, 0xa0, 0xc2, 0x8d, 0xac, 0x60, 0xef, - 0xb9, 0xb4, 0x3d, 0xf9, 0x4e, 0xec, 0x50, 0xfa, 0x98, 0x12, 0xcb, 0x14, 0x83, 0xd0, 0x2d, 0xa8, - 0xc7, 0x8e, 0xaf, 0x22, 0xeb, 0x42, 0x7a, 0x46, 0x1c, 0x27, 0xd1, 0xb4, 0x64, 0x38, 0x9f, 0xdb, - 0xb5, 0x7d, 0x62, 0x09, 0x50, 0xb8, 0x38, 0x39, 0xf7, 0xe3, 0xa8, 0x33, 0x9e, 0x1b, 0x0f, 0x47, - 0xd7, 0xa1, 0x2a, 0x6f, 0x16, 0x44, 0x04, 0x2d, 0x6f, 0x9f, 0x9f, 0x4c, 0xa6, 0xd1, 0x2c, 0x35, - 0xd0, 0xf8, 0x93, 0x06, 0x6f, 0x26, 0x0e, 0x11, 0x45, 0x53, 0x84, 0xcb, 0xbf, 0xfc, 0x13, 0xf7, - 0x32, 0xac, 0x8a, 0x42, 0x20, 0xb9, 0x60, 0x90, 0x77, 0x5d, 0x39, 0xaa, 0xf1, 0x3b, 0x0d, 0x2e, - 0x4d, 0xae, 0xe3, 0xf6, 0x00, 0xfb, 0x2c, 0xde, 0xde, 0x93, 0x58, 0x4b, 0x74, 0xe0, 0x95, 0x92, - 0x03, 0x2f, 0xb3, 0xbe, 0x72, 0x76, 0x7d, 0xc6, 0x1f, 0x4a, 0xb0, 0x9c, 0x72, 0xa0, 0xa2, 0x03, - 0x93, 0x03, 0x3e, 0xe1, 0xb7, 0xa2, 0xf4, 0x13, 0x87, 0x42, 0xdd, 0x4c, 0x51, 0xd0, 0x10, 0x80, - 0x62, 0x1f, 0x8f, 0x08, 0x23, 0x3e, 0xcf, 0xe4, 0x3c, 0xe2, 0xef, 0xcf, 0x9f, 0x5d, 0x0e, 0x22, - 0x9e, 0x66, 0x8a, 0x3d, 0x47, 0xac, 0x42, 0x74, 0xa0, 0xf2, 0xb7, 0x6a, 0xa1, 0xcf, 0x61, 0xb5, - 0x67, 0x3b, 0xe4, 0x20, 0x51, 0xa4, 0x2a, 0x14, 0x79, 0x34, 0xbf, 0x22, 0x77, 0xd3, 0x7c, 0xcd, - 0x9c, 0x18, 0xe3, 0x2a, 0x34, 0xf2, 0xf1, 0xc4, 0x95, 0xb4, 0x47, 0xb8, 0x1f, 0x5b, 0x4b, 0xb5, - 0x0c, 0x04, 0x8d, 0x7c, 0xfc, 0x18, 0xff, 0x28, 0xc1, 0xd9, 0x98, 0xdd, 0x8e, 0xeb, 0x7a, 0xa1, - 0x6b, 0x89, 0xcb, 0xba, 0xc2, 0xbd, 0x38, 0x03, 0x8b, 0xcc, 0x66, 0x4e, 0x0c, 0x7c, 0x44, 0x83, - 0x9f, 0x5d, 0xcc, 0xf3, 0x1c, 0x66, 0x53, 0xb5, 0xc1, 0x51, 0x53, 0xee, 0xfd, 0xf3, 0xd0, 0xf6, - 0x49, 0x57, 0x64, 0x82, 0x9a, 0x19, 0xb7, 0x79, 0x1f, 0x47, 0x35, 0x02, 0xc6, 0x4b, 0x63, 0xc6, - 0x6d, 0xe1, 0xf7, 0x9e, 0xe3, 0x10, 0x8b, 0x9b, 0x23, 0x05, 0xf4, 0x73, 0x54, 0x51, 0x40, 0x30, - 0xdf, 0x76, 0xfb, 0x0a, 0xe6, 0xab, 0x16, 0xd7, 0x13, 0xfb, 0x3e, 0x1e, 0xeb, 0x35, 0x61, 0x00, - 0xd9, 0x40, 0x1f, 0x40, 0x79, 0x84, 0xa9, 0x3a, 0xe8, 0xae, 0x66, 0xb2, 0x43, 0x91, 0x05, 0x5a, - 0xfb, 0x98, 0xca, 0x93, 0x80, 0x4f, 0x6b, 0xbe, 0x07, 0xb5, 0x88, 0xf0, 0x85, 0x20, 0xe1, 0x67, - 0x70, 0x2a, 0x93, 0x7c, 0xd0, 0x53, 0xd8, 0x48, 0x3c, 0x2a, 0x2d, 0x50, 0x81, 0xc0, 0x37, 0x5f, - 0xa9, 0x99, 0x39, 0x85, 0x81, 0xf1, 0x1c, 0xd6, 0xb9, 0xcb, 0x88, 0xc0, 0x3f, 0xa1, 0xd2, 0xe6, - 0x7d, 0xa8, 0xc7, 0x22, 0x0b, 0x7d, 0xa6, 0x09, 0xb5, 0xc3, 0xe8, 0x12, 0x55, 0xd6, 0x36, 0x71, - 0xdb, 0xd8, 0x01, 0x94, 0xd6, 0x57, 0x9d, 0x40, 0xd7, 0xb2, 0xa0, 0xf8, 0x6c, 0xfe, 0xb8, 0x11, - 0xc3, 0x23, 0x4c, 0xfc, 0xdb, 0x12, 0xac, 0xed, 0xda, 0xe2, 0x1e, 0xe4, 0x84, 0x92, 0xdc, 0x55, - 0x68, 0x04, 0x61, 0x67, 0xe4, 0x75, 0x43, 0x87, 0x28, 0x50, 0xa0, 0x4e, 0xfa, 0x09, 0xfa, 0xac, - 0xe4, 0xc7, 0x8d, 0x45, 0x31, 0x1b, 0xa8, 0x0a, 0x57, 0x7c, 0xa3, 0x0f, 0xe0, 0xfc, 0x43, 0xf2, - 0xb9, 0x5a, 0xcf, 0xae, 0xe3, 0x75, 0x3a, 0xb6, 0xdb, 0x8f, 0x84, 0x2c, 0x0a, 0x21, 0xd3, 0x07, - 0x14, 0x41, 0xc5, 0x6a, 0x21, 0x54, 0x34, 0x7e, 0xa6, 0x41, 0x23, 0xb1, 0x9a, 0xb2, 0xfb, 0x4d, - 0x19, 0x1f, 0xd2, 0xea, 0x97, 0xd2, 0x56, 0xcf, 0x0f, 0xfd, 0xef, 0x43, 0x63, 0x25, 0x1d, 0x1a, - 0xff, 0xd2, 0xe0, 0xec, 0xae, 0xcd, 0xa2, 0xa4, 0x64, 0xff, 0xbf, 0xed, 0x60, 0x81, 0xbd, 0x2b, - 0xc5, 0xf6, 0x6e, 0xc1, 0x46, 0x7e, 0xa1, 0xca, 0xe8, 0x67, 0x60, 0x91, 0xef, 0x7c, 0x74, 0x1f, - 0x20, 0x1b, 0xc6, 0x6f, 0xaa, 0x70, 0xf1, 0x53, 0xda, 0xc5, 0x2c, 0xbe, 0xcf, 0xb9, 0xeb, 0xf9, - 0x07, 0xbc, 0xeb, 0x64, 0x2c, 0x94, 0x7b, 0x43, 0x2b, 0xcd, 0x7c, 0x43, 0x2b, 0xcf, 0x78, 0x43, - 0xab, 0x1c, 0xe9, 0x0d, 0x6d, 0xf1, 0xc4, 0xde, 0xd0, 0x26, 0x6b, 0xa4, 0x6a, 0x61, 0x8d, 0xf4, - 0x34, 0x53, 0x47, 0x2c, 0x89, 0x90, 0xf8, 0x66, 0x3a, 0x24, 0x66, 0xee, 0xce, 0xcc, 0xcb, 0xff, - 0xdc, 0xd3, 0x53, 0xed, 0x95, 0x4f, 0x4f, 0xf5, 0xc9, 0xa7, 0xa7, 0xe2, 0xd7, 0x0b, 0x98, 0xfa, - 0x7a, 0x71, 0x19, 0x56, 0x83, 0xb1, 0x6b, 0x91, 0x6e, 0x7c, 0xcb, 0xb7, 0x2c, 0x97, 0x9d, 0xa5, - 0x66, 0xbc, 0x7d, 0x25, 0xe7, 0xed, 0xb1, 0xa7, 0x9e, 0x4a, 0x79, 0xea, 0xff, 0x4e, 0x49, 0xb3, - 0x05, 0x9b, 0xd3, 0xf6, 0x44, 0x86, 0xda, 0xf6, 0x1f, 0x01, 0xd6, 0x13, 0x94, 0xcc, 0xff, 0xda, - 0x16, 0x41, 0x8f, 0xa0, 0xb1, 0xab, 0x9e, 0xc1, 0xa3, 0xcb, 0x4d, 0x34, 0xeb, 0x3d, 0xa1, 0x79, - 0xa1, 0xb8, 0x53, 0x0a, 0x31, 0x16, 0x90, 0x05, 0xe7, 0xf3, 0x0c, 0x93, 0xa7, 0x8b, 0xaf, 0xcf, - 0xe0, 0x1c, 0x8f, 0x7a, 0x95, 0x88, 0x2b, 0x1a, 0x7a, 0x0a, 0xab, 0xd9, 0x0b, 0x76, 0x94, 0x81, - 0x0d, 0x85, 0x77, 0xfe, 0x4d, 0x63, 0xd6, 0x90, 0x58, 0xff, 0x67, 0x7c, 0x43, 0x33, 0x77, 0xc9, - 0xc8, 0xc8, 0x56, 0xd0, 0x45, 0xb7, 0xf1, 0xcd, 0xaf, 0xcd, 0x1c, 0x13, 0x73, 0x7f, 0x1f, 0x6a, - 0xd1, 0xdd, 0x6b, 0xd6, 0xcc, 0xb9, 0x1b, 0xd9, 0x66, 0x23, 0xcb, 0xaf, 0x17, 0x18, 0x0b, 0xe8, - 0x43, 0x39, 0x79, 0x87, 0xd2, 0x82, 0xc9, 0xa9, 0x1b, 0xc7, 0xe6, 0xe9, 0x82, 0x5b, 0x3e, 0x63, - 0x01, 0x7d, 0x1b, 0x96, 0xf9, 0xd7, 0x81, 0x7a, 0x80, 0xde, 0x68, 0xc9, 0xdf, 0x3b, 0xb4, 0xa2, - 0xdf, 0x3b, 0xb4, 0xee, 0x8c, 0x28, 0x1b, 0x37, 0x0b, 0xae, 0xe1, 0x14, 0x83, 0x67, 0x70, 0x6a, - 0x97, 0xb0, 0xa4, 0x6a, 0x46, 0x97, 0x8e, 0x74, 0xb7, 0xd0, 0x34, 0xf2, 0xc3, 0x26, 0x0b, 0x6f, - 0x63, 0x01, 0xfd, 0x52, 0x83, 0xd3, 0xbb, 0x84, 0xe5, 0xeb, 0x50, 0xf4, 0x4e, 0xb1, 0x90, 0x29, - 0xf5, 0x6a, 0xf3, 0xe1, 0xbc, 0xd1, 0x95, 0x65, 0x6b, 0x2c, 0xa0, 0x5f, 0x69, 0x70, 0x2e, 0xa5, - 0x58, 0xba, 0xb0, 0x44, 0xd7, 0x67, 0x2b, 0x57, 0x50, 0x84, 0x36, 0x3f, 0x99, 0xf3, 0x77, 0x05, - 0x29, 0x96, 0xc6, 0x02, 0x3a, 0x10, 0x7b, 0x92, 0xe0, 0x48, 0x74, 0xb1, 0x10, 0x30, 0xc6, 0xd2, - 0x37, 0xa7, 0x75, 0xc7, 0xfb, 0xf0, 0x09, 0x2c, 0xef, 0x12, 0x16, 0x81, 0x9e, 0xac, 0xa7, 0xe5, - 0xb0, 0x66, 0x36, 0x54, 0xf3, 0x38, 0x49, 0x78, 0xcc, 0xba, 0xe4, 0x95, 0x3a, 0xfc, 0xb3, 0xb1, - 0x5a, 0x88, 0x80, 0xb2, 0x1e, 0x53, 0x8c, 0x1d, 0x8c, 0x05, 0xf4, 0x1c, 0x36, 0x8a, 0x93, 0x1e, - 0x7a, 0xeb, 0xc8, 0x87, 0x55, 0xf3, 0xea, 0x51, 0x86, 0x46, 0x22, 0x3f, 0xda, 0xf9, 0xeb, 0xcb, - 0x4d, 0xed, 0x6f, 0x2f, 0x37, 0xb5, 0x7f, 0xbe, 0xdc, 0xd4, 0xbe, 0x7f, 0xe3, 0x15, 0xbf, 0x3f, - 0x4a, 0xfd, 0xa4, 0x09, 0x53, 0xdb, 0x72, 0x6c, 0xe2, 0xb2, 0x4e, 0x55, 0xc4, 0xdb, 0x8d, 0xff, - 0x04, 0x00, 0x00, 0xff, 0xff, 0x0f, 0x5b, 0x4a, 0xde, 0xf1, 0x24, 0x00, 0x00, + 0x11, 0xf7, 0xea, 0x9f, 0xa5, 0x96, 0x63, 0xcb, 0x93, 0xc4, 0xd9, 0xe8, 0x12, 0x97, 0x6f, 0x21, + 0xa9, 0x5c, 0x72, 0x27, 0x55, 0x9c, 0xba, 0x0b, 0xe4, 0x8e, 0xa3, 0x7c, 0xb9, 0xc4, 0xce, 0x25, + 0x4e, 0xcc, 0x26, 0x07, 0x15, 0x08, 0x50, 0xa3, 0xd5, 0x68, 0xb5, 0xa7, 0xd5, 0xee, 0x64, 0x77, + 0xd6, 0x87, 0x52, 0xc5, 0x13, 0x14, 0x1f, 0x81, 0x07, 0x5e, 0xf9, 0x02, 0x54, 0x51, 0x14, 0x8f, + 0x3c, 0x50, 0xfc, 0x79, 0xa4, 0xf8, 0x02, 0x50, 0x79, 0xa1, 0x8a, 0x4f, 0x41, 0xcd, 0xec, 0xec, + 0x5f, 0xad, 0x14, 0x1f, 0x72, 0x7c, 0x70, 0x2f, 0xf6, 0x4e, 0xcf, 0x4c, 0x77, 0x4f, 0x4f, 0x77, + 0xcf, 0xaf, 0x67, 0x04, 0x97, 0x3d, 0x42, 0x5d, 0x9f, 0x78, 0x87, 0xc4, 0xeb, 0x8a, 0x4f, 0x8b, + 0xb9, 0xde, 0x24, 0xf5, 0xd9, 0xa1, 0x9e, 0xcb, 0x5c, 0x04, 0x09, 0xa5, 0xfd, 0xc0, 0xb4, 0xd8, + 0x30, 0xe8, 0x75, 0x0c, 0x77, 0xdc, 0xc5, 0x9e, 0xe9, 0x52, 0xcf, 0xfd, 0x4c, 0x7c, 0xbc, 0x63, + 0xf4, 0xbb, 0x87, 0xdb, 0x5d, 0x3a, 0x32, 0xbb, 0x98, 0x5a, 0x7e, 0x17, 0x53, 0x6a, 0x5b, 0x06, + 0x66, 0x96, 0xeb, 0x74, 0x0f, 0xaf, 0x63, 0x9b, 0x0e, 0xf1, 0xf5, 0xae, 0x49, 0x1c, 0xe2, 0x61, + 0x46, 0xfa, 0x21, 0xe7, 0xf6, 0x1b, 0xa6, 0xeb, 0x9a, 0x36, 0xe9, 0x8a, 0x56, 0x2f, 0x18, 0x74, + 0xc9, 0x98, 0x32, 0x29, 0x56, 0xfb, 0xf7, 0x0a, 0xac, 0xed, 0x63, 0xc7, 0x1a, 0x10, 0x9f, 0xe9, + 0xe4, 0x79, 0x40, 0x7c, 0x86, 0x9e, 0x41, 0x85, 0x2b, 0xa3, 0x2a, 0x5b, 0xca, 0x95, 0xe6, 0xf6, + 0x5e, 0x27, 0xd1, 0xa6, 0x13, 0x69, 0x23, 0x3e, 0x7e, 0x6c, 0xf4, 0x3b, 0x87, 0xdb, 0x1d, 0x3a, + 0x32, 0x3b, 0x5c, 0x9b, 0x4e, 0x4a, 0x9b, 0x4e, 0xa4, 0x4d, 0x47, 0x8f, 0x97, 0xa5, 0x0b, 0xae, + 0xa8, 0x0d, 0x75, 0x8f, 0x1c, 0x5a, 0xbe, 0xe5, 0x3a, 0x6a, 0x69, 0x4b, 0xb9, 0xd2, 0xd0, 0xe3, + 0x36, 0x52, 0x61, 0xd9, 0x71, 0x6f, 0x63, 0x63, 0x48, 0xd4, 0xf2, 0x96, 0x72, 0xa5, 0xae, 0x47, + 0x4d, 0xb4, 0x05, 0x4d, 0x4c, 0xe9, 0x03, 0xdc, 0x23, 0xf6, 0x7d, 0x32, 0x51, 0x2b, 0x62, 0x62, + 0x9a, 0xc4, 0xe7, 0x62, 0x4a, 0x1f, 0xe2, 0x31, 0x51, 0xab, 0xa2, 0x37, 0x6a, 0xa2, 0x0b, 0xd0, + 0x70, 0xf0, 0x98, 0xf8, 0x14, 0x1b, 0x44, 0xad, 0x8b, 0xbe, 0x84, 0x80, 0x7e, 0x0a, 0xeb, 0x29, + 0xc5, 0x1f, 0xbb, 0x81, 0x67, 0x10, 0x15, 0xc4, 0xd2, 0x1f, 0x2d, 0xb6, 0xf4, 0x9d, 0x3c, 0x5b, + 0x7d, 0x5a, 0x12, 0xfa, 0x11, 0x54, 0xc5, 0xce, 0xab, 0xcd, 0xad, 0xf2, 0xb1, 0x5a, 0x3b, 0x64, + 0x8b, 0x1c, 0x58, 0xa6, 0x76, 0x60, 0x5a, 0x8e, 0xaf, 0xae, 0x08, 0x09, 0x4f, 0x16, 0x93, 0x70, + 0xdb, 0x75, 0x06, 0x96, 0xb9, 0x8f, 0x1d, 0x6c, 0x92, 0x31, 0x71, 0xd8, 0x81, 0x60, 0xae, 0x47, + 0x42, 0xd0, 0x0b, 0x68, 0x8d, 0x02, 0x9f, 0xb9, 0x63, 0xeb, 0x05, 0x79, 0x44, 0xf9, 0x5c, 0x5f, + 0x3d, 0x25, 0xac, 0xf9, 0x70, 0x31, 0xc1, 0xf7, 0x73, 0x5c, 0xf5, 0x29, 0x39, 0xdc, 0x49, 0x46, + 0x41, 0x8f, 0x7c, 0x97, 0x78, 0xc2, 0xbb, 0x56, 0x43, 0x27, 0x49, 0x91, 0x42, 0x37, 0xb2, 0x64, + 0xcb, 0x57, 0xd7, 0xb6, 0xca, 0xa1, 0x1b, 0xc5, 0x24, 0x74, 0x05, 0xd6, 0x0e, 0x89, 0x67, 0x0d, + 0x26, 0x8f, 0x2d, 0xd3, 0xc1, 0x2c, 0xf0, 0x88, 0xda, 0x12, 0xae, 0x98, 0x27, 0xa3, 0x31, 0x9c, + 0x1a, 0x12, 0x7b, 0xcc, 0x4d, 0x7e, 0xdb, 0x23, 0x7d, 0x5f, 0x5d, 0x17, 0xf6, 0xdd, 0x5d, 0x7c, + 0x07, 0x05, 0x3b, 0x3d, 0xcb, 0x9d, 0x2b, 0xe6, 0xb8, 0xba, 0x8c, 0x94, 0x30, 0x46, 0x50, 0xa8, + 0x58, 0x8e, 0x8c, 0x2e, 0xc3, 0x2a, 0xf3, 0xb0, 0x31, 0xb2, 0x1c, 0x73, 0x9f, 0xb0, 0xa1, 0xdb, + 0x57, 0x4f, 0x0b, 0x4b, 0xe4, 0xa8, 0xc8, 0x00, 0x44, 0x1c, 0xdc, 0xb3, 0x49, 0x3f, 0xf4, 0xc5, + 0x27, 0x13, 0x4a, 0x7c, 0xf5, 0x8c, 0x58, 0xc5, 0x8d, 0x4e, 0x2a, 0x43, 0xe5, 0x12, 0x44, 0xe7, + 0xce, 0xd4, 0xac, 0x3b, 0x0e, 0xf3, 0x26, 0x7a, 0x01, 0x3b, 0x34, 0x82, 0x26, 0x5f, 0x47, 0xe4, + 0x0a, 0x67, 0x85, 0x2b, 0xdc, 0x5b, 0xcc, 0x46, 0x7b, 0x09, 0x43, 0x3d, 0xcd, 0x1d, 0x75, 0x00, + 0x0d, 0xb1, 0xbf, 0x1f, 0xd8, 0xcc, 0xa2, 0x36, 0x09, 0xd5, 0xf0, 0xd5, 0x0d, 0x61, 0xa6, 0x82, + 0x1e, 0x74, 0x1f, 0xc0, 0x23, 0x83, 0x68, 0xdc, 0x39, 0xb1, 0xf2, 0x6b, 0xf3, 0x56, 0xae, 0xc7, + 0xa3, 0xc3, 0x15, 0xa7, 0xa6, 0x73, 0xe1, 0x7c, 0x19, 0xc4, 0x60, 0x32, 0xda, 0x45, 0x58, 0xab, + 0xc2, 0xc5, 0x0a, 0x7a, 0xb8, 0x2f, 0x4a, 0xaa, 0x48, 0x5a, 0xe7, 0x43, 0x6f, 0x4d, 0x91, 0xda, + 0x77, 0xe0, 0xdc, 0x0c, 0x53, 0xa3, 0x16, 0x94, 0x47, 0x64, 0x22, 0x52, 0x74, 0x43, 0xe7, 0x9f, + 0xe8, 0x0c, 0x54, 0x0f, 0xb1, 0x1d, 0x10, 0x91, 0x54, 0xeb, 0x7a, 0xd8, 0xb8, 0x55, 0xfa, 0x86, + 0xd2, 0xfe, 0x85, 0x02, 0x6b, 0x39, 0xc5, 0x0b, 0xe6, 0xff, 0x30, 0x3d, 0xff, 0x18, 0xdc, 0x78, + 0xf0, 0x04, 0x7b, 0x26, 0x61, 0x29, 0x45, 0xb4, 0xbf, 0x2b, 0xa0, 0xe6, 0x2c, 0xfa, 0x3d, 0x8b, + 0x0d, 0xef, 0x5a, 0x36, 0xf1, 0xd1, 0x4d, 0x58, 0xf6, 0x42, 0x9a, 0x3c, 0x78, 0xde, 0x98, 0xb3, + 0x11, 0x7b, 0x4b, 0x7a, 0x34, 0x1a, 0x7d, 0x08, 0xf5, 0x31, 0x61, 0xb8, 0x8f, 0x19, 0x96, 0xba, + 0x6f, 0x15, 0xcd, 0xe4, 0x52, 0xf6, 0xe5, 0xb8, 0xbd, 0x25, 0x3d, 0x9e, 0x83, 0xde, 0x85, 0xaa, + 0x31, 0x0c, 0x9c, 0x91, 0x38, 0x72, 0x9a, 0xdb, 0x17, 0x67, 0x4d, 0xbe, 0xcd, 0x07, 0xed, 0x2d, + 0xe9, 0xe1, 0xe8, 0x8f, 0x6a, 0x50, 0xa1, 0xd8, 0x63, 0xda, 0x5d, 0x38, 0x53, 0x24, 0x82, 0x9f, + 0x73, 0xc6, 0x90, 0x18, 0x23, 0x3f, 0x18, 0x4b, 0x33, 0xc7, 0x6d, 0x84, 0xa0, 0xe2, 0x5b, 0x2f, + 0x42, 0x53, 0x97, 0x75, 0xf1, 0xad, 0xbd, 0x05, 0xeb, 0x53, 0xd2, 0xf8, 0xa6, 0x86, 0xba, 0x71, + 0x0e, 0x2b, 0x52, 0xb4, 0x16, 0xc0, 0xd9, 0x27, 0xc2, 0x16, 0x71, 0xb2, 0x3f, 0x89, 0x93, 0x5b, + 0xdb, 0x83, 0x8d, 0xbc, 0x58, 0x9f, 0xba, 0x8e, 0x4f, 0xb8, 0xeb, 0x8b, 0xec, 0x68, 0x91, 0x7e, + 0xd2, 0x2b, 0xb4, 0xa8, 0xeb, 0x05, 0x3d, 0xda, 0xaf, 0x4b, 0xb0, 0xa1, 0x13, 0xdf, 0xb5, 0x0f, + 0x49, 0x94, 0xba, 0x4e, 0x06, 0x7c, 0xfc, 0x00, 0xca, 0x98, 0x52, 0xe9, 0x26, 0xf7, 0x8e, 0xed, + 0x78, 0xd7, 0x39, 0x57, 0xf4, 0x36, 0xac, 0xe3, 0x71, 0xcf, 0x32, 0x03, 0x37, 0xf0, 0xa3, 0x65, + 0x09, 0xa7, 0x6a, 0xe8, 0xd3, 0x1d, 0x3c, 0xfc, 0x7d, 0x11, 0x91, 0xf7, 0x9c, 0x3e, 0xf9, 0x89, + 0x40, 0x34, 0x65, 0x3d, 0x4d, 0xd2, 0x0c, 0x38, 0x37, 0x65, 0x24, 0x69, 0xf0, 0x34, 0x88, 0x52, + 0x72, 0x20, 0xaa, 0x50, 0x8d, 0xd2, 0x0c, 0x35, 0xb4, 0x3f, 0x2b, 0xd0, 0x4a, 0x82, 0x4b, 0xb2, + 0xbf, 0x00, 0x8d, 0xb1, 0xa4, 0xf9, 0xaa, 0x22, 0x32, 0x58, 0x42, 0xc8, 0xe2, 0xa9, 0x52, 0x1e, + 0x4f, 0x6d, 0x40, 0x2d, 0x84, 0xbb, 0x72, 0xe9, 0xb2, 0x95, 0x51, 0xb9, 0x92, 0x53, 0x79, 0x13, + 0xc0, 0x8f, 0x33, 0x9c, 0x5a, 0x13, 0xbd, 0x29, 0x0a, 0xd2, 0x60, 0x25, 0x3c, 0x7d, 0x75, 0xe2, + 0x07, 0x36, 0x53, 0x97, 0xc5, 0x88, 0x0c, 0x4d, 0x73, 0x61, 0xed, 0x81, 0xc5, 0xd7, 0x30, 0xf0, + 0x4f, 0x26, 0x1c, 0xde, 0x83, 0x0a, 0x17, 0xc6, 0x17, 0xd6, 0xf3, 0xb0, 0x63, 0x0c, 0x49, 0x64, + 0xab, 0xb8, 0xcd, 0x03, 0x9d, 0x61, 0xd3, 0x57, 0x4b, 0x82, 0x2e, 0xbe, 0xb5, 0xdf, 0x97, 0x42, + 0x4d, 0x77, 0x28, 0xf5, 0xbf, 0x7c, 0xc8, 0x5d, 0x0c, 0x02, 0xca, 0xd3, 0x20, 0x20, 0xa7, 0xf2, + 0x17, 0x01, 0x01, 0xc7, 0x74, 0x90, 0x69, 0x01, 0x2c, 0xef, 0x50, 0xca, 0x15, 0x41, 0xd7, 0xa1, + 0x82, 0x29, 0x0d, 0x0d, 0x9e, 0xcb, 0xd9, 0x72, 0x08, 0xff, 0x2f, 0x55, 0x12, 0x43, 0xdb, 0x37, + 0xa1, 0x11, 0x93, 0x5e, 0x25, 0xb6, 0x91, 0x16, 0xbb, 0x05, 0x10, 0xa2, 0xdc, 0x7b, 0xce, 0xc0, + 0xe5, 0x5b, 0xca, 0x9d, 0x5d, 0x4e, 0x15, 0xdf, 0xda, 0xad, 0x68, 0x84, 0xd0, 0xed, 0x6d, 0xa8, + 0x5a, 0x8c, 0x8c, 0x23, 0xe5, 0x36, 0xd2, 0xca, 0x25, 0x8c, 0xf4, 0x70, 0x90, 0xf6, 0x97, 0x3a, + 0x9c, 0xe7, 0x3b, 0xf6, 0x58, 0x84, 0xc9, 0x0e, 0xa5, 0x1f, 0x13, 0x86, 0x2d, 0xdb, 0xff, 0x4e, + 0x40, 0xbc, 0xc9, 0x6b, 0x76, 0x0c, 0x13, 0x6a, 0x61, 0x94, 0xc9, 0x8c, 0x78, 0xec, 0x05, 0x8f, + 0x64, 0x9f, 0x54, 0x39, 0xe5, 0xd7, 0x53, 0xe5, 0x14, 0x55, 0x1d, 0x95, 0x13, 0xaa, 0x3a, 0x66, + 0x17, 0x9e, 0xa9, 0x72, 0xb6, 0x96, 0x2d, 0x67, 0x0b, 0xc0, 0xfc, 0xf2, 0x51, 0xc1, 0x7c, 0xbd, + 0x10, 0xcc, 0x8f, 0x0b, 0xe3, 0xb8, 0x21, 0xcc, 0xfd, 0xad, 0xb4, 0x07, 0xce, 0xf4, 0xb5, 0x45, + 0x60, 0x3d, 0xbc, 0x56, 0x58, 0xff, 0x69, 0x06, 0xa6, 0x87, 0x85, 0xf2, 0xbb, 0x47, 0x5b, 0xd3, + 0x1c, 0xc0, 0xfe, 0x95, 0x83, 0xd7, 0x3f, 0x17, 0xa8, 0x8a, 0xba, 0x89, 0x0d, 0xe2, 0x03, 0x9d, + 0x9f, 0x43, 0xfc, 0x68, 0x95, 0x49, 0x8b, 0x7f, 0xa3, 0x6b, 0x50, 0xe1, 0x46, 0x96, 0xb0, 0xf7, + 0x5c, 0xda, 0x9e, 0x7c, 0x27, 0x76, 0x28, 0x7d, 0x4c, 0x89, 0xa1, 0x8b, 0x41, 0xe8, 0x16, 0x34, + 0x62, 0xc7, 0x97, 0x91, 0x75, 0x21, 0x3d, 0x23, 0x8e, 0x93, 0x68, 0x5a, 0x32, 0x9c, 0xcf, 0xed, + 0x5b, 0x1e, 0x31, 0x04, 0x28, 0xac, 0x4e, 0xcf, 0xfd, 0x38, 0xea, 0x8c, 0xe7, 0xc6, 0xc3, 0xd1, + 0x75, 0xa8, 0x85, 0x37, 0x0b, 0x22, 0x82, 0x9a, 0xdb, 0xe7, 0xa7, 0x93, 0x69, 0x34, 0x4b, 0x0e, + 0xd4, 0xfe, 0xa4, 0xc0, 0x9b, 0x89, 0x43, 0x44, 0xd1, 0x14, 0xe1, 0xf2, 0x2f, 0xff, 0xc4, 0xbd, + 0x0c, 0xab, 0xa2, 0x10, 0x48, 0x2e, 0x18, 0xc2, 0xbb, 0xae, 0x1c, 0x55, 0xfb, 0x9d, 0x02, 0x97, + 0xa6, 0xd7, 0x71, 0x7b, 0x88, 0x3d, 0x16, 0x6f, 0xef, 0x49, 0xac, 0x25, 0x3a, 0xf0, 0x4a, 0xc9, + 0x81, 0x97, 0x59, 0x5f, 0x39, 0xbb, 0x3e, 0xed, 0x0f, 0x25, 0x68, 0xa6, 0x1c, 0xa8, 0xe8, 0xc0, + 0xe4, 0x80, 0x4f, 0xf8, 0xad, 0x28, 0xfd, 0xc4, 0xa1, 0xd0, 0xd0, 0x53, 0x14, 0x34, 0x02, 0xa0, + 0xd8, 0xc3, 0x63, 0xc2, 0x88, 0xc7, 0x33, 0x39, 0x8f, 0xf8, 0xfb, 0x8b, 0x67, 0x97, 0x83, 0x88, + 0xa7, 0x9e, 0x62, 0xcf, 0x11, 0xab, 0x10, 0xed, 0xcb, 0xfc, 0x2d, 0x5b, 0xe8, 0x73, 0x58, 0x1d, + 0x58, 0x36, 0x39, 0x48, 0x14, 0xa9, 0x09, 0x45, 0x1e, 0x2d, 0xae, 0xc8, 0xdd, 0x34, 0x5f, 0x3d, + 0x27, 0x46, 0xbb, 0x0a, 0xad, 0x7c, 0x3c, 0x71, 0x25, 0xad, 0x31, 0x36, 0x63, 0x6b, 0xc9, 0x96, + 0x86, 0xa0, 0x95, 0x8f, 0x1f, 0xed, 0x1f, 0x25, 0x38, 0x1b, 0xb3, 0xdb, 0x71, 0x1c, 0x37, 0x70, + 0x0c, 0x71, 0x59, 0x57, 0xb8, 0x17, 0x67, 0xa0, 0xca, 0x2c, 0x66, 0xc7, 0xc0, 0x47, 0x34, 0xf8, + 0xd9, 0xc5, 0x5c, 0xd7, 0x66, 0x16, 0x95, 0x1b, 0x1c, 0x35, 0xc3, 0xbd, 0x7f, 0x1e, 0x58, 0x1e, + 0xe9, 0x8b, 0x4c, 0x50, 0xd7, 0xe3, 0x36, 0xef, 0xe3, 0xa8, 0x46, 0xc0, 0xf8, 0xd0, 0x98, 0x71, + 0x5b, 0xf8, 0xbd, 0x6b, 0xdb, 0xc4, 0xe0, 0xe6, 0x48, 0x01, 0xfd, 0x1c, 0x55, 0x14, 0x10, 0xcc, + 0xb3, 0x1c, 0x53, 0xc2, 0x7c, 0xd9, 0xe2, 0x7a, 0x62, 0xcf, 0xc3, 0x13, 0xb5, 0x2e, 0x0c, 0x10, + 0x36, 0xd0, 0x07, 0x50, 0x1e, 0x63, 0x2a, 0x0f, 0xba, 0xab, 0x99, 0xec, 0x50, 0x64, 0x81, 0xce, + 0x3e, 0xa6, 0xe1, 0x49, 0xc0, 0xa7, 0xb5, 0xdf, 0x83, 0x7a, 0x44, 0xf8, 0x42, 0x90, 0xf0, 0x33, + 0x38, 0x95, 0x49, 0x3e, 0xe8, 0x29, 0x6c, 0x24, 0x1e, 0x95, 0x16, 0x28, 0x41, 0xe0, 0x9b, 0xaf, + 0xd4, 0x4c, 0x9f, 0xc1, 0x40, 0x7b, 0x0e, 0xeb, 0xdc, 0x65, 0x44, 0xe0, 0x9f, 0x50, 0x69, 0xf3, + 0x3e, 0x34, 0x62, 0x91, 0x85, 0x3e, 0xd3, 0x86, 0xfa, 0x61, 0x74, 0x89, 0x1a, 0xd6, 0x36, 0x71, + 0x5b, 0xdb, 0x01, 0x94, 0xd6, 0x57, 0x9e, 0x40, 0xd7, 0xb2, 0xa0, 0xf8, 0x6c, 0xfe, 0xb8, 0x11, + 0xc3, 0x23, 0x4c, 0xfc, 0xdb, 0x12, 0xac, 0xed, 0x5a, 0xe2, 0x1e, 0xe4, 0x84, 0x92, 0xdc, 0x55, + 0x68, 0xf9, 0x41, 0x6f, 0xec, 0xf6, 0x03, 0x9b, 0x48, 0x50, 0x20, 0x4f, 0xfa, 0x29, 0xfa, 0xbc, + 0xe4, 0xc7, 0x8d, 0x45, 0x31, 0x1b, 0xca, 0x0a, 0x57, 0x7c, 0xa3, 0x0f, 0xe0, 0xfc, 0x43, 0xf2, + 0xb9, 0x5c, 0xcf, 0xae, 0xed, 0xf6, 0x7a, 0x96, 0x63, 0x46, 0x42, 0xaa, 0x42, 0xc8, 0xec, 0x01, + 0x45, 0x50, 0xb1, 0x56, 0x08, 0x15, 0xb5, 0x9f, 0x29, 0xd0, 0x4a, 0xac, 0x26, 0xed, 0x7e, 0x33, + 0x8c, 0x8f, 0xd0, 0xea, 0x97, 0xd2, 0x56, 0xcf, 0x0f, 0xfd, 0xef, 0x43, 0x63, 0x25, 0x1d, 0x1a, + 0xff, 0x52, 0xe0, 0xec, 0xae, 0xc5, 0xa2, 0xa4, 0x64, 0xfd, 0xbf, 0xed, 0x60, 0x81, 0xbd, 0x2b, + 0xc5, 0xf6, 0xee, 0xc0, 0x46, 0x7e, 0xa1, 0xd2, 0xe8, 0x67, 0xa0, 0xca, 0x77, 0x3e, 0xba, 0x0f, + 0x08, 0x1b, 0xda, 0x6f, 0x6a, 0x70, 0xf1, 0x53, 0xda, 0xc7, 0x2c, 0xbe, 0xcf, 0xb9, 0xeb, 0x7a, + 0x07, 0xbc, 0xeb, 0x64, 0x2c, 0x94, 0x7b, 0x43, 0x2b, 0xcd, 0x7d, 0x43, 0x2b, 0xcf, 0x79, 0x43, + 0xab, 0x1c, 0xe9, 0x0d, 0xad, 0x7a, 0x62, 0x6f, 0x68, 0xd3, 0x35, 0x52, 0xad, 0xb0, 0x46, 0x7a, + 0x9a, 0xa9, 0x23, 0x96, 0x45, 0x48, 0x7c, 0x33, 0x1d, 0x12, 0x73, 0x77, 0x67, 0xee, 0xe5, 0x7f, + 0xee, 0xe9, 0xa9, 0xfe, 0xca, 0xa7, 0xa7, 0xc6, 0xf4, 0xd3, 0x53, 0xf1, 0xeb, 0x05, 0xcc, 0x7c, + 0xbd, 0xb8, 0x0c, 0xab, 0xfe, 0xc4, 0x31, 0x48, 0x3f, 0xbe, 0xe5, 0x6b, 0x86, 0xcb, 0xce, 0x52, + 0x33, 0xde, 0xbe, 0x92, 0xf3, 0xf6, 0xd8, 0x53, 0x4f, 0xa5, 0x3c, 0xf5, 0x7f, 0xa7, 0xa4, 0xb9, + 0x05, 0x9b, 0xb3, 0xf6, 0x44, 0x86, 0x9a, 0x0a, 0xcb, 0xc6, 0x10, 0x3b, 0xa6, 0xb8, 0x7c, 0x13, + 0x35, 0xb6, 0x6c, 0x6e, 0xff, 0x11, 0x60, 0x3d, 0xc1, 0xcf, 0xfc, 0xaf, 0x65, 0x10, 0xf4, 0x08, + 0x5a, 0xbb, 0xf2, 0x81, 0x3c, 0xba, 0xf6, 0x44, 0xf3, 0x5e, 0x1a, 0xda, 0x17, 0x8a, 0x3b, 0x43, + 0xf1, 0xda, 0x12, 0x32, 0xe0, 0x7c, 0x9e, 0x61, 0xf2, 0xa8, 0xf1, 0xf5, 0x39, 0x9c, 0xe3, 0x51, + 0xaf, 0x12, 0x71, 0x45, 0x41, 0x4f, 0x61, 0x35, 0x7b, 0xf5, 0x8e, 0x32, 0x80, 0xa2, 0xf0, 0x35, + 0xa0, 0xad, 0xcd, 0x1b, 0x12, 0xeb, 0xff, 0x8c, 0x6f, 0x75, 0xe6, 0x96, 0x19, 0x69, 0xd9, 0xda, + 0xba, 0xe8, 0x9e, 0xbe, 0xfd, 0xb5, 0xb9, 0x63, 0x62, 0xee, 0xef, 0x43, 0x3d, 0xba, 0x95, 0xcd, + 0x9a, 0x39, 0x77, 0x57, 0xdb, 0x6e, 0x65, 0xf9, 0x0d, 0x7c, 0x6d, 0x09, 0x7d, 0x18, 0x4e, 0xde, + 0xa1, 0xb4, 0x60, 0x72, 0xea, 0x2e, 0xb2, 0x7d, 0xba, 0xe0, 0xfe, 0x4f, 0x5b, 0x42, 0xdf, 0x86, + 0x26, 0xff, 0x3a, 0x90, 0x4f, 0xd3, 0x1b, 0x9d, 0xf0, 0x97, 0x10, 0x9d, 0xe8, 0x97, 0x10, 0x9d, + 0x3b, 0x63, 0xca, 0x26, 0xed, 0x82, 0x0b, 0x3a, 0xc9, 0xe0, 0x19, 0x9c, 0xda, 0x25, 0x2c, 0xa9, + 0xa7, 0xd1, 0xa5, 0x23, 0xdd, 0x3a, 0xb4, 0xb5, 0xfc, 0xb0, 0xe9, 0x92, 0x5c, 0x5b, 0x42, 0xbf, + 0x54, 0xe0, 0xf4, 0x2e, 0x61, 0xf9, 0x0a, 0x15, 0xbd, 0x53, 0x2c, 0x64, 0x46, 0x25, 0xdb, 0x7e, + 0xb8, 0x68, 0xdc, 0x65, 0xd9, 0x6a, 0x4b, 0xe8, 0x57, 0x0a, 0x9c, 0x4b, 0x29, 0x96, 0x2e, 0x39, + 0xd1, 0xf5, 0xf9, 0xca, 0x15, 0x94, 0xa7, 0xed, 0x4f, 0x16, 0xfc, 0xc5, 0x41, 0x8a, 0xa5, 0xb6, + 0x84, 0x0e, 0xc4, 0x9e, 0x24, 0x08, 0x13, 0x5d, 0x2c, 0x84, 0x92, 0xb1, 0xf4, 0xcd, 0x59, 0xdd, + 0xf1, 0x3e, 0x7c, 0x02, 0xcd, 0x5d, 0xc2, 0x22, 0x38, 0x94, 0xf5, 0xb4, 0x1c, 0x0a, 0xcd, 0x86, + 0x6a, 0x1e, 0x41, 0x09, 0x8f, 0x59, 0x0f, 0x79, 0xa5, 0x60, 0x41, 0x36, 0x56, 0x0b, 0xb1, 0x51, + 0xd6, 0x63, 0x8a, 0x51, 0x85, 0xb6, 0x84, 0x9e, 0xc3, 0x46, 0x71, 0x3a, 0x44, 0x6f, 0x1d, 0xf9, + 0x18, 0x6b, 0x5f, 0x3d, 0xca, 0xd0, 0x48, 0xe4, 0x47, 0x3b, 0x7f, 0x7d, 0xb9, 0xa9, 0xfc, 0xed, + 0xe5, 0xa6, 0xf2, 0xcf, 0x97, 0x9b, 0xca, 0xf7, 0x6f, 0xbc, 0xe2, 0x97, 0x49, 0xa9, 0x1f, 0x3b, + 0x61, 0x6a, 0x19, 0xb6, 0x45, 0x1c, 0xd6, 0xab, 0x89, 0x78, 0xbb, 0xf1, 0x9f, 0x00, 0x00, 0x00, + 0xff, 0xff, 0xe7, 0xa3, 0xda, 0xab, 0x0b, 0x25, 0x00, 0x00, } // Reference imports to suppress errors if they are not otherwise used. @@ -5328,6 +5337,16 @@ func (m *UpdateRevisionForPathsResponse) MarshalToSizedBuffer(dAtA []byte) (int, i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + if m.Changes { + i-- + if m.Changes { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x8 + } return len(dAtA) - i, nil } @@ -6311,6 +6330,9 @@ func (m *UpdateRevisionForPathsResponse) Size() (n int) { } var l int _ = l + if m.Changes { + n += 2 + } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -12505,6 +12527,26 @@ func (m *UpdateRevisionForPathsResponse) Unmarshal(dAtA []byte) error { return fmt.Errorf("proto: UpdateRevisionForPathsResponse: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { + case 1: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field Changes", wireType) + } + var v int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowRepository + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.Changes = bool(v != 0) default: iNdEx = preIndex skippy, err := skipRepository(dAtA[iNdEx:]) diff --git a/reposerver/repository/repository.go b/reposerver/repository/repository.go index 1527c4b372c27..c656ddcc86961 100644 --- a/reposerver/repository/repository.go +++ b/reposerver/repository/repository.go @@ -2747,7 +2747,7 @@ func (s *Service) UpdateRevisionForPaths(_ context.Context, request *apiclient.U } logCtx.Debugf("changes found for application %s in repo %s from revision %s to revision %s", request.AppName, repo.Repo, syncedRevision, revision) - return &apiclient.UpdateRevisionForPathsResponse{}, nil + return &apiclient.UpdateRevisionForPathsResponse{Changes: true}, nil } func (s *Service) updateCachedRevision(logCtx *log.Entry, oldRev string, newRev string, request *apiclient.UpdateRevisionForPathsRequest, gitClientOpts git.ClientOpts) error { @@ -2758,8 +2758,10 @@ func (s *Service) updateCachedRevision(logCtx *log.Entry, oldRev string, newRev if err != nil { return fmt.Errorf("failed to get repo refs for application %s in repo %s from revision %s: %w", request.AppName, request.GetRepo().Repo, request.Revision, err) } + } - // Update revision in refSource + // Update revision in refSource + if request.HasMultipleSources && request.ApplicationSource.Helm != nil { for normalizedURL := range repoRefs { repoRefs[normalizedURL] = newRev } diff --git a/reposerver/repository/repository.proto b/reposerver/repository/repository.proto index f715ff8ce4c8c..5b96d6cd61bbb 100644 --- a/reposerver/repository/repository.proto +++ b/reposerver/repository/repository.proto @@ -276,6 +276,7 @@ message UpdateRevisionForPathsRequest { } message UpdateRevisionForPathsResponse { + bool changes = 1; } // ManifestService diff --git a/reposerver/repository/repository_test.go b/reposerver/repository/repository_test.go index f99ce611777c2..00a348fee21c9 100644 --- a/reposerver/repository/repository_test.go +++ b/reposerver/repository/repository_test.go @@ -123,8 +123,8 @@ func newServiceWithMocks(t *testing.T, root string, signed bool) (*Service, *git chart: {{Version: "1.0.0"}, {Version: version}}, oobChart: {{Version: "1.0.0"}, {Version: version}}, }}, nil) - helmClient.On("ExtractChart", chart, version, false, int64(0), false).Return("./testdata/my-chart", io.NopCloser, nil) - helmClient.On("ExtractChart", oobChart, version, false, int64(0), false).Return("./testdata2/out-of-bounds-chart", io.NopCloser, nil) + helmClient.On("ExtractChart", chart, version).Return("./testdata/my-chart", io.NopCloser, nil) + helmClient.On("ExtractChart", oobChart, version).Return("./testdata2/out-of-bounds-chart", io.NopCloser, nil) helmClient.On("CleanChartCache", chart, version).Return(nil) helmClient.On("CleanChartCache", oobChart, version).Return(nil) helmClient.On("DependencyBuild").Return(nil) @@ -205,7 +205,7 @@ func TestGenerateYamlManifestInDir(t *testing.T) { } // update this value if we add/remove manifests - const countOfManifests = 48 + const countOfManifests = 50 res1, err := service.GenerateManifest(context.Background(), &q) @@ -3570,7 +3570,9 @@ func TestUpdateRevisionForPaths(t *testing.T) { SyncedRevision: "SYNCEDHEAD", Paths: []string{"."}, }, - }, want: &apiclient.UpdateRevisionForPathsResponse{}, wantErr: assert.NoError}, + }, want: &apiclient.UpdateRevisionForPathsResponse{ + Changes: true, + }, wantErr: assert.NoError}, {name: "NoChangesUpdateCache", fields: func() fields { s, _, c := newServiceWithOpt(t, func(gitClient *gitmocks.Client, helmClient *helmmocks.Client, paths *iomocks.TempPaths) { gitClient.On("Init").Return(nil) diff --git a/reposerver/server.go b/reposerver/server.go index e1d611801c3ec..5d280329deed3 100644 --- a/reposerver/server.go +++ b/reposerver/server.go @@ -70,13 +70,13 @@ func NewServer(metricsServer *metrics.MetricsServer, cache *reposervercache.Cach serverLog := log.NewEntry(log.StandardLogger()) streamInterceptors := []grpc.StreamServerInterceptor{ - otelgrpc.StreamServerInterceptor(), + otelgrpc.StreamServerInterceptor(), //nolint:staticcheck // TODO: ignore SA1019 for depreciation: see https://github.com/argoproj/argo-cd/issues/18258 grpc_logrus.StreamServerInterceptor(serverLog), grpc_prometheus.StreamServerInterceptor, grpc_util.PanicLoggerStreamServerInterceptor(serverLog), } unaryInterceptors := []grpc.UnaryServerInterceptor{ - otelgrpc.UnaryServerInterceptor(), + otelgrpc.UnaryServerInterceptor(), //nolint:staticcheck // TODO: ignore SA1019 for depreciation: see https://github.com/argoproj/argo-cd/issues/18258 grpc_logrus.UnaryServerInterceptor(serverLog), grpc_prometheus.UnaryServerInterceptor, grpc_util.PanicLoggerUnaryServerInterceptor(serverLog), diff --git a/resource_customizations/astra.netapp.io/AppVault/health.lua b/resource_customizations/astra.netapp.io/AppVault/health.lua deleted file mode 100644 index 7490ed2a89fd0..0000000000000 --- a/resource_customizations/astra.netapp.io/AppVault/health.lua +++ /dev/null @@ -1,13 +0,0 @@ -hs = { status = "Progressing", message = "No status available" } -if obj.status ~= nil then - if obj.status.state ~= nil then - if obj.status.state == "available" or obj.status.state == "Available" then - hs.status = "Healthy" - hs.message = obj.kind .. " Available" - elseif obj.status.state == "failed" or obj.status.state == "Failed" then - hs.status = "Degraded" - hs.message = obj.kind .. " Failed" - end - end -end -return hs diff --git a/resource_customizations/astra.netapp.io/AppVault/health_test.yaml b/resource_customizations/astra.netapp.io/AppVault/health_test.yaml deleted file mode 100644 index 03918c3ecaa56..0000000000000 --- a/resource_customizations/astra.netapp.io/AppVault/health_test.yaml +++ /dev/null @@ -1,13 +0,0 @@ -tests: - - healthStatus: - status: Progressing - message: "No status available" - inputPath: testdata/progressing_nostatus.yaml - - healthStatus: - status: Healthy - message: "AppVault Available" - inputPath: testdata/healthy.yaml - - healthStatus: - status: Degraded - message: "AppVault Failed" - inputPath: testdata/degraded.yaml diff --git a/resource_customizations/astra.netapp.io/AppVault/testdata/degraded.yaml b/resource_customizations/astra.netapp.io/AppVault/testdata/degraded.yaml deleted file mode 100644 index 0ece84574b9b2..0000000000000 --- a/resource_customizations/astra.netapp.io/AppVault/testdata/degraded.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: AppVault -metadata: - creationTimestamp: "2024-04-26T14:25:45Z" - generation: 1 - name: astra-gcp-backup-743cfd150129 - namespace: astra-connector - resourceVersion: "12094908" - uid: 12943b68-323a-4e8a-ba78-604da0801d11 -spec: - providerConfig: - bucketName: astra-gcp-backup-743cfd150129 - providerCredentials: - credentials: - valueFromSecret: - key: credentials.json - name: astra-gcp-backup-734ced050128-5rdt4 - providerType: gcp -status: - error: - 'failed to close GCP object "appVault.json" in bucket "astra-gcp-backup-743cfd150129": - googleapi: Error 404: The specified bucket does not exist., notFound' - state: failed diff --git a/resource_customizations/astra.netapp.io/AppVault/testdata/healthy.yaml b/resource_customizations/astra.netapp.io/AppVault/testdata/healthy.yaml deleted file mode 100644 index 3ea713e8ef74e..0000000000000 --- a/resource_customizations/astra.netapp.io/AppVault/testdata/healthy.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: AppVault -metadata: - creationTimestamp: "2024-04-11T21:28:27Z" - generation: 1 - name: astra-gcp-backup-743cfd150129 - namespace: astra-connector - resourceVersion: "70908" - uid: d1b552b2-5d8e-467b-829b-1e6af7240400 -spec: - providerConfig: - bucketName: astra-gcp-backup-743cfd150129 - providerCredentials: - credentials: - valueFromSecret: - key: credentials.json - name: astra-gcp-backup-743cfd150129-5rdt4 - providerType: gcp -status: - state: available - uid: c708262e-3944-49bf-af96-ad1c3eb6cafb diff --git a/resource_customizations/astra.netapp.io/AppVault/testdata/progressing_nostatus.yaml b/resource_customizations/astra.netapp.io/AppVault/testdata/progressing_nostatus.yaml deleted file mode 100644 index d6987da72c348..0000000000000 --- a/resource_customizations/astra.netapp.io/AppVault/testdata/progressing_nostatus.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: AppVault -metadata: - creationTimestamp: "2024-04-26T14:25:45Z" - generation: 1 - name: astra-gcp-backup-743cfd150129 - namespace: astra-connector - resourceVersion: "12094608" - uid: 12943b68-323a-4e8a-ba78-604da0801d11 -spec: - providerConfig: - bucketName: astra-gcp-backup-743cfd150129 - providerCredentials: - credentials: - valueFromSecret: - key: credentials.json - name: astra-gcp-backup-734ced050128-5rdt4 - providerType: gcp diff --git a/resource_customizations/astra.netapp.io/Application/health.lua b/resource_customizations/astra.netapp.io/Application/health.lua deleted file mode 100644 index 967400d8819b0..0000000000000 --- a/resource_customizations/astra.netapp.io/Application/health.lua +++ /dev/null @@ -1,17 +0,0 @@ -hs = { status = "Progressing", message = "No status available" } -if obj.status ~= nil then - if obj.status.conditions ~= nil then - for _, condition in ipairs(obj.status.conditions) do - if condition.type == "Ready" and condition.status == "True" then - hs.status = "Healthy" - hs.message = "Astra Application Ready, protectionState: " .. obj.status.protectionState - return hs - elseif condition.type == "Ready" and condition.status == "False" then - hs.status = "Degraded" - hs.message = "Astra Application Degraded, message: " .. condition.message - return hs - end - end - end -end -return hs diff --git a/resource_customizations/astra.netapp.io/Application/health_test.yaml b/resource_customizations/astra.netapp.io/Application/health_test.yaml deleted file mode 100644 index d1c2bc9b769cb..0000000000000 --- a/resource_customizations/astra.netapp.io/Application/health_test.yaml +++ /dev/null @@ -1,13 +0,0 @@ -tests: - - healthStatus: - status: Progressing - message: "No status available" - inputPath: testdata/progressing.yaml - - healthStatus: - status: Healthy - message: "Astra Application Ready, protectionState: protected" - inputPath: testdata/healthy.yaml - - healthStatus: - status: Degraded - message: "Astra Application Degraded, message: namespace wordpress is in terminating state" - inputPath: testdata/degraded.yaml diff --git a/resource_customizations/astra.netapp.io/Application/testdata/degraded.yaml b/resource_customizations/astra.netapp.io/Application/testdata/degraded.yaml deleted file mode 100644 index 9b25186fa9587..0000000000000 --- a/resource_customizations/astra.netapp.io/Application/testdata/degraded.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: Application -metadata: - creationTimestamp: "2024-04-15T20:59:56Z" - finalizers: - - astra.netapp.io/finalizer - generation: 2 - name: wordpress - namespace: astra-connector - resourceVersion: "10484469" - uid: 5ab7cd7d-7a9b-4508-9da2-c7dcb10a69b3 -spec: - includedNamespaces: - - labelSelector: {} - namespace: wordpress -status: - conditions: - - lastTransitionTime: "2024-04-24T16:13:26Z" - message: namespace wordpress is in terminating state - reason: Ready - status: "False" - type: Ready - protectionState: partial - protectionStateDetails: - - Active backup schedule missing - - Application unavailable diff --git a/resource_customizations/astra.netapp.io/Application/testdata/healthy.yaml b/resource_customizations/astra.netapp.io/Application/testdata/healthy.yaml deleted file mode 100644 index f42f84b1a60ae..0000000000000 --- a/resource_customizations/astra.netapp.io/Application/testdata/healthy.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: Application -metadata: - creationTimestamp: "2024-04-15T20:46:16Z" - finalizers: - - astra.netapp.io/finalizer - generation: 3 - labels: - argocd.argoproj.io/instance: ghost-demo - name: ghost - namespace: astra-connector - resourceVersion: "3235325" - uid: 0af10ee8-772b-4367-8334-44f9e4ad2849 -spec: - includedNamespaces: - - namespace: ghost -status: - conditions: - - lastTransitionTime: "2024-04-15T20:46:16Z" - message: "" - reason: Ready - status: "True" - type: Ready - protectionState: protected diff --git a/resource_customizations/astra.netapp.io/Application/testdata/progressing.yaml b/resource_customizations/astra.netapp.io/Application/testdata/progressing.yaml deleted file mode 100644 index 64450c1aebc8a..0000000000000 --- a/resource_customizations/astra.netapp.io/Application/testdata/progressing.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: Application -metadata: - creationTimestamp: "2024-04-15T20:46:16Z" - finalizers: - - astra.netapp.io/finalizer - generation: 3 - labels: - argocd.argoproj.io/instance: ghost-demo - name: ghost - namespace: astra-connector - resourceVersion: "3235325" - uid: 0af10ee8-772b-4367-8334-44f9e4ad2849 -spec: - includedNamespaces: - - namespace: ghost diff --git a/resource_customizations/astra.netapp.io/Backup/health.lua b/resource_customizations/astra.netapp.io/Backup/health.lua deleted file mode 100644 index 39de4ac74eb68..0000000000000 --- a/resource_customizations/astra.netapp.io/Backup/health.lua +++ /dev/null @@ -1,16 +0,0 @@ -hs = { status = "Progressing", message = "No status available" } -if obj.status ~= nil then - if obj.status.state ~= nil then - if obj.status.state == "Completed" then - hs.status = "Healthy" - hs.message = obj.kind .. " Completed" - elseif obj.status.state == "Running" then - hs.status = "Progressing" - hs.message = obj.kind .. " Running" - else - hs.status = "Degraded" - hs.message = obj.status.state - end - end -end -return hs diff --git a/resource_customizations/astra.netapp.io/Backup/health_test.yaml b/resource_customizations/astra.netapp.io/Backup/health_test.yaml deleted file mode 100644 index 56385a102f681..0000000000000 --- a/resource_customizations/astra.netapp.io/Backup/health_test.yaml +++ /dev/null @@ -1,17 +0,0 @@ -tests: - - healthStatus: - status: Progressing - message: "No status available" - inputPath: testdata/progressing_nostatus.yaml - - healthStatus: - status: Progressing - message: "Backup Running" - inputPath: testdata/progressing_status.yaml - - healthStatus: - status: Healthy - message: "Backup Completed" - inputPath: testdata/healthy.yaml - - healthStatus: - status: Degraded - message: "Failed" - inputPath: testdata/degraded.yaml diff --git a/resource_customizations/astra.netapp.io/Backup/testdata/degraded.yaml b/resource_customizations/astra.netapp.io/Backup/testdata/degraded.yaml deleted file mode 100644 index 8dbe9ca86c361..0000000000000 --- a/resource_customizations/astra.netapp.io/Backup/testdata/degraded.yaml +++ /dev/null @@ -1,79 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: Backup -metadata: - creationTimestamp: "2024-04-24T19:54:18Z" - finalizers: - - astra.netapp.io/finalizer - generation: 1 - name: backup-20240424193746 - namespace: astra-connector - ownerReferences: - - apiVersion: astra.netapp.io/v1 - kind: Application - name: ghost - uid: 0af10ee8-772b-4367-8334-44f9e4ad2849 - resourceVersion: "10641332" - uid: ad301b6a-6536-4313-89c1-d10ad0275430 -spec: - appVaultRef: astra-gcp-backup-743cfd150129 - applicationRef: ghost -status: - conditions: - - lastTransitionTime: "2024-04-24T19:54:18Z" - message: Successfully reconciled - reason: Done - status: "True" - type: AppOwnerReferenceCreated - - lastTransitionTime: "2024-04-24T19:54:18Z" - message: Successfully reconciled - reason: Done - status: "True" - type: SourceSnapshotExists - - lastTransitionTime: "2024-04-24T19:54:19Z" - message: - "Source snapshot failed with permanent error: reconcile timeout of 1h0m0s - exceeded" - reason: Failed - status: "False" - type: SourceSnapshotCompleted - - lastTransitionTime: "2024-04-24T19:54:18Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: SnapshotAppArchiveCopied - - lastTransitionTime: "2024-04-24T19:54:18Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: PreBackupExecHooksRunCompleted - - lastTransitionTime: "2024-04-24T19:54:18Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: VolumeBackupsCompleted - - lastTransitionTime: "2024-04-24T19:54:18Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: PostBackupExecHooksRunCompleted - - lastTransitionTime: "2024-04-24T19:54:18Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: TemporarySnapshotCleanedUp - - lastTransitionTime: "2024-04-24T19:54:18Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: Completed - - lastTransitionTime: "2024-04-24T19:54:18Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: OnFailurePostBackupExecHooksRunCompleted - error: - "Source snapshot failed with permanent error: reconcile timeout of 1h0m0s - exceeded" - progress: {} - sourceSnapshotName: backup-ad301b6a-6536-4313-89c1-d10ad0275430 - state: Failed diff --git a/resource_customizations/astra.netapp.io/Backup/testdata/healthy.yaml b/resource_customizations/astra.netapp.io/Backup/testdata/healthy.yaml deleted file mode 100644 index d3f32fbf93d20..0000000000000 --- a/resource_customizations/astra.netapp.io/Backup/testdata/healthy.yaml +++ /dev/null @@ -1,116 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: Backup -metadata: - annotations: - astra.netapp.io/correlationid: 3c492b7e-8b1f-491a-af99-aa3fca9d54cf - created-by-astra-schedule-name: ghost-daily - created-by-astra-schedule-namespace: astra-connector - creationTimestamp: "2024-04-24T01:00:00Z" - finalizers: - - astra.netapp.io/finalizer - generation: 1 - labels: - created-by-astra-schedule-uid: a2736922-6801-482c-a199-03ef8a3f35d7 - name: daily-a4587-20240424010000 - namespace: astra-connector - ownerReferences: - - apiVersion: astra.netapp.io/v1 - kind: Application - name: ghost - uid: 0af10ee8-772b-4367-8334-44f9e4ad2849 - resourceVersion: "9965658" - uid: d4b61932-5c8e-4310-82a5-37a0b671aa2d -spec: - appVaultRef: astra-gcp-backup-743cfd150129 - applicationRef: ghost - snapshotRef: daily-a4587-20240424010000 -status: - appArchivePath: ghost_0af10ee8-772b-4367-8334-44f9e4ad2849/backups/daily-a4587-20240424010000_d4b61932-5c8e-4310-82a5-37a0b671aa2d - completionTimestamp: "2024-04-24T01:02:30Z" - conditions: - - lastTransitionTime: "2024-04-24T01:00:00Z" - message: Successfully reconciled - reason: Done - status: "True" - type: AppOwnerReferenceCreated - - lastTransitionTime: "2024-04-24T01:00:00Z" - message: Successfully reconciled - reason: Done - status: "True" - type: SourceSnapshotExists - - lastTransitionTime: "2024-04-24T01:00:30Z" - message: Successfully reconciled - reason: Done - status: "True" - type: SourceSnapshotCompleted - - lastTransitionTime: "2024-04-24T01:00:33Z" - message: Successfully reconciled - reason: Done - status: "True" - type: SnapshotAppArchiveCopied - - lastTransitionTime: "2024-04-24T01:00:34Z" - message: Successfully reconciled - reason: Done - status: "True" - type: PreBackupExecHooksRunCompleted - - lastTransitionTime: "2024-04-24T01:02:30Z" - message: Successfully reconciled - reason: Done - status: "True" - type: VolumeBackupsCompleted - - lastTransitionTime: "2024-04-24T01:02:30Z" - message: Successfully reconciled - reason: Done - status: "True" - type: PostBackupExecHooksRunCompleted - - lastTransitionTime: "2024-04-24T01:02:30Z" - message: Successfully reconciled - reason: Done - status: "True" - type: TemporarySnapshotCleanedUp - - lastTransitionTime: "2024-04-24T01:02:31Z" - message: Successfully reconciled - reason: Done - status: "True" - type: Completed - - lastTransitionTime: "2024-04-24T01:00:00Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: OnFailurePostBackupExecHooksRunCompleted - postBackupExecHooksRunResults: [] - postSnapshotExecHooksRunResults: [] - preBackupExecHooksRunResults: [] - preSnapshotExecHooksRunResults: [] - progress: - volumeBackups: - - completionTimestamp: "2024-04-24T01:02:30Z" - pvcUid: b9ff9e05-5049-4862-82c6-dea080c2fe0d - resticRepositoryPath: gs:astra-gcp-backup-743cfd150129://ghost_0af10ee8-772b-4367-8334-44f9e4ad2849/restic/ghost/ghost_b9ff9e05-5049-4862-82c6-dea080c2fe0d - resticSnapshotID: 5d066ee6e4626ec2e3eff50d766f080ba90b2339df5b9f7baf46c281d0763da6 - resticVolumeBackupCompleted: true - resticVolumeBackupCreated: true - sourceVolumeSnapshot: - name: snapshot-71804332-e19d-42a0-bc02-56bd606b9f66-pvc-b9ff9e05-5049-4862-82c6-dea080c2fe0d - namespace: ghost - volumeSnapshotContentCopyName: backup-d4b61932-5c8e-4310-82a5-37a0b671aa2d-vsc-ab718bad-fa67-4159-a761-6d1eb5de5330 - volumeSnapshotCopied: true - volumeSnapshotCopyDeleted: true - volumeSnapshotCopyName: backup-d4b61932-5c8e-4310-82a5-37a0b671aa2d-vs-d55f9b97-11e5-4fb7-89c0-a2559eba753d - volumeSnapshotCopyReadyToUse: true - - completionTimestamp: "2024-04-24T01:02:30Z" - pvcUid: 38c468b3-eed6-48f2-b43b-15083dd1c030 - resticRepositoryPath: gs:astra-gcp-backup-743cfd150129://ghost_0af10ee8-772b-4367-8334-44f9e4ad2849/restic/ghost/mysql-pv-claim_38c468b3-eed6-48f2-b43b-15083dd1c030 - resticSnapshotID: dc601d5db3ed78823b134326c6cc9607f1636530783707eb8cd02a018b244e07 - resticVolumeBackupCompleted: true - resticVolumeBackupCreated: true - sourceVolumeSnapshot: - name: snapshot-71804332-e19d-42a0-bc02-56bd606b9f66-pvc-38c468b3-eed6-48f2-b43b-15083dd1c030 - namespace: ghost - volumeSnapshotContentCopyName: backup-d4b61932-5c8e-4310-82a5-37a0b671aa2d-vsc-df43df62-1501-406b-b7ba-90aafcd763d5 - volumeSnapshotCopied: true - volumeSnapshotCopyDeleted: true - volumeSnapshotCopyName: backup-d4b61932-5c8e-4310-82a5-37a0b671aa2d-vs-ecf680cf-1665-4320-9f84-c99911b48a2b - volumeSnapshotCopyReadyToUse: true - sourceSnapshotName: daily-a4587-20240424010000 - state: Completed diff --git a/resource_customizations/astra.netapp.io/Backup/testdata/progressing_nostatus.yaml b/resource_customizations/astra.netapp.io/Backup/testdata/progressing_nostatus.yaml deleted file mode 100644 index 9cc87d827cb11..0000000000000 --- a/resource_customizations/astra.netapp.io/Backup/testdata/progressing_nostatus.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: Backup -metadata: - annotations: - astra.netapp.io/correlationid: 3c492b7e-8b1f-491a-af99-aa3fca9d54cf - created-by-astra-schedule-name: ghost-daily - created-by-astra-schedule-namespace: astra-connector - creationTimestamp: "2024-04-24T01:00:00Z" - finalizers: - - astra.netapp.io/finalizer - generation: 1 - labels: - created-by-astra-schedule-uid: a2736922-6801-482c-a199-03ef8a3f35d7 - name: daily-a4587-20240424010000 - namespace: astra-connector - ownerReferences: - - apiVersion: astra.netapp.io/v1 - kind: Application - name: ghost - uid: 0af10ee8-772b-4367-8334-44f9e4ad2849 - resourceVersion: "9965658" - uid: d4b61932-5c8e-4310-82a5-37a0b671aa2d -spec: - appVaultRef: astra-gcp-backup-743cfd150129 - applicationRef: ghost - snapshotRef: daily-a4587-20240424010000 diff --git a/resource_customizations/astra.netapp.io/Backup/testdata/progressing_status.yaml b/resource_customizations/astra.netapp.io/Backup/testdata/progressing_status.yaml deleted file mode 100644 index 38477b5a3f02c..0000000000000 --- a/resource_customizations/astra.netapp.io/Backup/testdata/progressing_status.yaml +++ /dev/null @@ -1,76 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: Backup -metadata: - annotations: - astra.netapp.io/correlationid: cd272631-d0a8-4a61-9cde-6a7202074051 - creationTimestamp: "2024-04-24T19:39:34Z" - finalizers: - - astra.netapp.io/finalizer - generation: 1 - name: backup-20240424193745 - namespace: astra-connector - ownerReferences: - - apiVersion: astra.netapp.io/v1 - kind: Application - name: ghost - uid: 0af10ee8-772b-4367-8334-44f9e4ad2849 - resourceVersion: "10599529" - uid: fea5520e-553c-400d-8539-e9d2bbe5b762 -spec: - appVaultRef: astra-gcp-backup-743cfd150129 - applicationRef: ghost -status: - conditions: - - lastTransitionTime: "2024-04-24T19:39:34Z" - message: Successfully reconciled - reason: Done - status: "True" - type: AppOwnerReferenceCreated - - lastTransitionTime: "2024-04-24T19:39:34Z" - message: Successfully reconciled - reason: Done - status: "True" - type: SourceSnapshotExists - - lastTransitionTime: "2024-04-24T19:39:34Z" - message: Waiting for source Snapshot to complete - reason: Waiting - status: "False" - type: SourceSnapshotCompleted - - lastTransitionTime: "2024-04-24T19:39:34Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: SnapshotAppArchiveCopied - - lastTransitionTime: "2024-04-24T19:39:34Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: PreBackupExecHooksRunCompleted - - lastTransitionTime: "2024-04-24T19:39:34Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: VolumeBackupsCompleted - - lastTransitionTime: "2024-04-24T19:39:34Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: PostBackupExecHooksRunCompleted - - lastTransitionTime: "2024-04-24T19:39:34Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: TemporarySnapshotCleanedUp - - lastTransitionTime: "2024-04-24T19:39:34Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: Completed - - lastTransitionTime: "2024-04-24T19:39:34Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: OnFailurePostBackupExecHooksRunCompleted - progress: {} - sourceSnapshotName: backup-fea5520e-553c-400d-8539-e9d2bbe5b762 - state: Running diff --git a/resource_customizations/astra.netapp.io/ExecHook/health.lua b/resource_customizations/astra.netapp.io/ExecHook/health.lua deleted file mode 100644 index 6d7389ccf0704..0000000000000 --- a/resource_customizations/astra.netapp.io/ExecHook/health.lua +++ /dev/null @@ -1,13 +0,0 @@ -hs = { status = "Progressing", message = "No status available" } -if obj.spec ~= nil then - if obj.spec.enabled ~= nil then - if obj.spec.enabled == true then - hs.status = "Healthy" - hs.message = obj.kind .. " enabled" - elseif obj.spec.enabled == false then - hs.status = "Suspended" - hs.message = obj.kind .. " disabled" - end - end -end -return hs diff --git a/resource_customizations/astra.netapp.io/ExecHook/health_test.yaml b/resource_customizations/astra.netapp.io/ExecHook/health_test.yaml deleted file mode 100644 index abe46b3f6714e..0000000000000 --- a/resource_customizations/astra.netapp.io/ExecHook/health_test.yaml +++ /dev/null @@ -1,13 +0,0 @@ -tests: - - healthStatus: - status: Progressing - message: "No status available" - inputPath: testdata/progressing_nostatus.yaml - - healthStatus: - status: Healthy - message: "ExecHook enabled" - inputPath: testdata/healthy.yaml - - healthStatus: - status: Suspended - message: "ExecHook disabled" - inputPath: testdata/suspended.yaml diff --git a/resource_customizations/astra.netapp.io/ExecHook/testdata/healthy.yaml b/resource_customizations/astra.netapp.io/ExecHook/testdata/healthy.yaml deleted file mode 100644 index fd0e7ad1af15b..0000000000000 --- a/resource_customizations/astra.netapp.io/ExecHook/testdata/healthy.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: ExecHook -metadata: - creationTimestamp: "2024-04-25T14:17:52Z" - generation: 1 - labels: - argocd.argoproj.io/instance: ghost-demo - name: pre-snapshot - namespace: astra-connector - resourceVersion: "11239151" - uid: 105679e3-4acc-4618-a3c2-53e0e5949f65 -spec: - action: snapshot - applicationRef: ghost - arguments: - - pre - enabled: true - hookSource: IyEvYmluL3NoCgojCiMgc3VjY2Vzc19zYW1wbGUuc2gKIwojIEEgc2ltcGxlIG5vb3Agc3VjY2VzcyBob29rIHNjcmlwdCBmb3IgdGVzdGluZyBwdXJwb3Nlcy4KIwojIGFyZ3M6IE5vbmUKIwoKCiMKIyBXcml0ZXMgdGhlIGdpdmVuIG1lc3NhZ2UgdG8gc3RhbmRhcmQgb3V0cHV0CiMKIyAkKiAtIFRoZSBtZXNzYWdlIHRvIHdyaXRlCiMKbXNnKCkgewogICAgZWNobyAiJCoiCn0KCgojCiMgV3JpdGVzIHRoZSBnaXZlbiBpbmZvcm1hdGlvbiBtZXNzYWdlIHRvIHN0YW5kYXJkIG91dHB1dAojCiMgJCogLSBUaGUgbWVzc2FnZSB0byB3cml0ZQojCmluZm8oKSB7CiAgICBtc2cgIklORk86ICQqIgp9CgojCiMgV3JpdGVzIHRoZSBnaXZlbiBlcnJvciBtZXNzYWdlIHRvIHN0YW5kYXJkIGVycm9yCiMKIyAkKiAtIFRoZSBtZXNzYWdlIHRvIHdyaXRlCiMKZXJyb3IoKSB7CiAgICBtc2cgIkVSUk9SOiAkKiIgMT4mMgp9CgoKIwojIG1haW4KIwoKIyBsb2cgc29tZXRoaW5nIHRvIHN0ZG91dAppbmZvICJydW5uaW5nIHN1Y2Nlc3Nfc2FtcGxlLnNoIgoKIyBleGl0IHdpdGggMCB0byBpbmRpY2F0ZSBzdWNjZXNzIAppbmZvICJleGl0IDAiCmV4aXQgMA== - matchingCriteria: - - type: containerImage - value: mysql - stage: pre - timeout: 25 diff --git a/resource_customizations/astra.netapp.io/ExecHook/testdata/progressing_nostatus.yaml b/resource_customizations/astra.netapp.io/ExecHook/testdata/progressing_nostatus.yaml deleted file mode 100644 index ba5af3f288bf4..0000000000000 --- a/resource_customizations/astra.netapp.io/ExecHook/testdata/progressing_nostatus.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: ExecHook -metadata: - creationTimestamp: "2024-04-25T14:17:52Z" - generation: 3 - labels: - argocd.argoproj.io/instance: ghost-demo - name: pre-snapshot - namespace: astra-connector - resourceVersion: "11342335" - uid: 105679e3-4acc-4618-a3c2-53e0e5949f65 -spec: - action: snapshot - applicationRef: ghost - arguments: - - pre - hookSource: IyEvYmluL3NoCgojCiMgc3VjY2Vzc19zYW1wbGUuc2gKIwojIEEgc2ltcGxlIG5vb3Agc3VjY2VzcyBob29rIHNjcmlwdCBmb3IgdGVzdGluZyBwdXJwb3Nlcy4KIwojIGFyZ3M6IE5vbmUKIwoKCiMKIyBXcml0ZXMgdGhlIGdpdmVuIG1lc3NhZ2UgdG8gc3RhbmRhcmQgb3V0cHV0CiMKIyAkKiAtIFRoZSBtZXNzYWdlIHRvIHdyaXRlCiMKbXNnKCkgewogICAgZWNobyAiJCoiCn0KCgojCiMgV3JpdGVzIHRoZSBnaXZlbiBpbmZvcm1hdGlvbiBtZXNzYWdlIHRvIHN0YW5kYXJkIG91dHB1dAojCiMgJCogLSBUaGUgbWVzc2FnZSB0byB3cml0ZQojCmluZm8oKSB7CiAgICBtc2cgIklORk86ICQqIgp9CgojCiMgV3JpdGVzIHRoZSBnaXZlbiBlcnJvciBtZXNzYWdlIHRvIHN0YW5kYXJkIGVycm9yCiMKIyAkKiAtIFRoZSBtZXNzYWdlIHRvIHdyaXRlCiMKZXJyb3IoKSB7CiAgICBtc2cgIkVSUk9SOiAkKiIgMT4mMgp9CgoKIwojIG1haW4KIwoKIyBsb2cgc29tZXRoaW5nIHRvIHN0ZG91dAppbmZvICJydW5uaW5nIHN1Y2Nlc3Nfc2FtcGxlLnNoIgoKIyBleGl0IHdpdGggMCB0byBpbmRpY2F0ZSBzdWNjZXNzIAppbmZvICJleGl0IDAiCnNsZWVwIDMwMApleGl0IDA= - matchingCriteria: - - type: containerImage - value: mysql - stage: pre - timeout: 25 diff --git a/resource_customizations/astra.netapp.io/ExecHook/testdata/suspended.yaml b/resource_customizations/astra.netapp.io/ExecHook/testdata/suspended.yaml deleted file mode 100644 index 607b3df616164..0000000000000 --- a/resource_customizations/astra.netapp.io/ExecHook/testdata/suspended.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: ExecHook -metadata: - creationTimestamp: "2024-04-25T14:17:52Z" - generation: 3 - labels: - argocd.argoproj.io/instance: ghost-demo - name: pre-snapshot - namespace: astra-connector - resourceVersion: "11342335" - uid: 105679e3-4acc-4618-a3c2-53e0e5949f65 -spec: - action: snapshot - applicationRef: ghost - arguments: - - pre - enabled: false - hookSource: IyEvYmluL3NoCgojCiMgc3VjY2Vzc19zYW1wbGUuc2gKIwojIEEgc2ltcGxlIG5vb3Agc3VjY2VzcyBob29rIHNjcmlwdCBmb3IgdGVzdGluZyBwdXJwb3Nlcy4KIwojIGFyZ3M6IE5vbmUKIwoKCiMKIyBXcml0ZXMgdGhlIGdpdmVuIG1lc3NhZ2UgdG8gc3RhbmRhcmQgb3V0cHV0CiMKIyAkKiAtIFRoZSBtZXNzYWdlIHRvIHdyaXRlCiMKbXNnKCkgewogICAgZWNobyAiJCoiCn0KCgojCiMgV3JpdGVzIHRoZSBnaXZlbiBpbmZvcm1hdGlvbiBtZXNzYWdlIHRvIHN0YW5kYXJkIG91dHB1dAojCiMgJCogLSBUaGUgbWVzc2FnZSB0byB3cml0ZQojCmluZm8oKSB7CiAgICBtc2cgIklORk86ICQqIgp9CgojCiMgV3JpdGVzIHRoZSBnaXZlbiBlcnJvciBtZXNzYWdlIHRvIHN0YW5kYXJkIGVycm9yCiMKIyAkKiAtIFRoZSBtZXNzYWdlIHRvIHdyaXRlCiMKZXJyb3IoKSB7CiAgICBtc2cgIkVSUk9SOiAkKiIgMT4mMgp9CgoKIwojIG1haW4KIwoKIyBsb2cgc29tZXRoaW5nIHRvIHN0ZG91dAppbmZvICJydW5uaW5nIHN1Y2Nlc3Nfc2FtcGxlLnNoIgoKIyBleGl0IHdpdGggMCB0byBpbmRpY2F0ZSBzdWNjZXNzIAppbmZvICJleGl0IDAiCnNsZWVwIDMwMApleGl0IDA= - matchingCriteria: - - type: containerImage - value: mysql - stage: pre - timeout: 25 diff --git a/resource_customizations/astra.netapp.io/ExecHooksRun/health.lua b/resource_customizations/astra.netapp.io/ExecHooksRun/health.lua deleted file mode 100644 index 39de4ac74eb68..0000000000000 --- a/resource_customizations/astra.netapp.io/ExecHooksRun/health.lua +++ /dev/null @@ -1,16 +0,0 @@ -hs = { status = "Progressing", message = "No status available" } -if obj.status ~= nil then - if obj.status.state ~= nil then - if obj.status.state == "Completed" then - hs.status = "Healthy" - hs.message = obj.kind .. " Completed" - elseif obj.status.state == "Running" then - hs.status = "Progressing" - hs.message = obj.kind .. " Running" - else - hs.status = "Degraded" - hs.message = obj.status.state - end - end -end -return hs diff --git a/resource_customizations/astra.netapp.io/ExecHooksRun/health_test.yaml b/resource_customizations/astra.netapp.io/ExecHooksRun/health_test.yaml deleted file mode 100644 index 52b629e5e7013..0000000000000 --- a/resource_customizations/astra.netapp.io/ExecHooksRun/health_test.yaml +++ /dev/null @@ -1,17 +0,0 @@ -tests: - - healthStatus: - status: Progressing - message: "No status available" - inputPath: testdata/progressing_nostatus.yaml - - healthStatus: - status: Progressing - message: "ExecHooksRun Running" - inputPath: testdata/progressing_status.yaml - - healthStatus: - status: Healthy - message: "ExecHooksRun Completed" - inputPath: testdata/healthy.yaml - - healthStatus: - status: Degraded - message: "Failed" - inputPath: testdata/degraded.yaml diff --git a/resource_customizations/astra.netapp.io/ExecHooksRun/testdata/degraded.yaml b/resource_customizations/astra.netapp.io/ExecHooksRun/testdata/degraded.yaml deleted file mode 100644 index d8822c311f449..0000000000000 --- a/resource_customizations/astra.netapp.io/ExecHooksRun/testdata/degraded.yaml +++ /dev/null @@ -1,71 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: ExecHooksRun -metadata: - annotations: - astra.netapp.io/correlationid: 1c47a636-f819-43f3-baee-054793424bb5 - creationTimestamp: "2024-04-25T17:00:50Z" - generation: 1 - name: post-snapshot-073d13d7-4a0c-4c5e-914f-331ef6d00de2 - namespace: astra-connector - ownerReferences: - - apiVersion: astra.netapp.io/v1 - blockOwnerDeletion: true - controller: true - kind: Snapshot - name: argo-presync-20240425163524 - uid: 073d13d7-4a0c-4c5e-914f-331ef6d00de2 - resourceVersion: "11335239" - uid: 9bfcda95-2731-47dc-8eb2-6e83ae19da00 -spec: - action: snapshot - appArchivePath: ghost_0af10ee8-772b-4367-8334-44f9e4ad2849/snapshots/20240425163526_argo-presync-20240425163524_073d13d7-4a0c-4c5e-914f-331ef6d00de2 - appVaultRef: astra-gcp-backup-743cfd150129 - applicationRef: ghost - completionTimeout: 0s - resourceFilter: {} - stage: post -status: - completionTimestamp: "2024-04-25T17:00:56Z" - conditions: - - lastTransitionTime: "2024-04-25T17:00:50Z" - message: failed to get application archive - reason: Done - status: "False" - type: RetrievedMatchingContainers - - lastTransitionTime: "2024-04-25T17:00:50Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: WaitForReadiness - - lastTransitionTime: "2024-04-25T17:00:56Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: ProcessMatchingContainers - - lastTransitionTime: "2024-04-25T17:00:56Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: ArchiveExecHooksUsed - - lastTransitionTime: "2024-04-25T17:00:56Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: Completed - - lastTransitionTime: "2024-04-25T17:00:50Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: OnFailureArchiveExecHooksUsed - matchingContainers: - - completionTimestamp: "2024-04-25T17:00:56Z" - containerImage: docker.io/bitnami/mysql:8.0.32-debian-11-r8 - containerName: mysql - execHookRef: post-snapshot - execHookUID: 2cafb1b4-2575-426c-8102-29437ebee48b - jobName: ehr-47223ea8dd0115ca18a986c77380aeb3 - namespace: ghost - podName: ghost-mysql-5bfb6bc8f5-stw4w - podUID: 15ddfce0-1565-4574-89a6-80662450aedd - startTimestamp: "2024-04-25T17:00:50Z" - state: Failed diff --git a/resource_customizations/astra.netapp.io/ExecHooksRun/testdata/healthy.yaml b/resource_customizations/astra.netapp.io/ExecHooksRun/testdata/healthy.yaml deleted file mode 100644 index 0d237f0eb75a5..0000000000000 --- a/resource_customizations/astra.netapp.io/ExecHooksRun/testdata/healthy.yaml +++ /dev/null @@ -1,71 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: ExecHooksRun -metadata: - annotations: - astra.netapp.io/correlationid: 1c47a636-f819-43f3-baee-054793424bb5 - creationTimestamp: "2024-04-25T17:00:50Z" - generation: 1 - name: post-snapshot-073d13d7-4a0c-4c5e-914f-331ef6d00de2 - namespace: astra-connector - ownerReferences: - - apiVersion: astra.netapp.io/v1 - blockOwnerDeletion: true - controller: true - kind: Snapshot - name: argo-presync-20240425163524 - uid: 073d13d7-4a0c-4c5e-914f-331ef6d00de2 - resourceVersion: "11335239" - uid: 9bfcda95-2731-47dc-8eb2-6e83ae19da00 -spec: - action: snapshot - appArchivePath: ghost_0af10ee8-772b-4367-8334-44f9e4ad2849/snapshots/20240425163526_argo-presync-20240425163524_073d13d7-4a0c-4c5e-914f-331ef6d00de2 - appVaultRef: astra-gcp-backup-743cfd150129 - applicationRef: ghost - completionTimeout: 0s - resourceFilter: {} - stage: post -status: - completionTimestamp: "2024-04-25T17:00:56Z" - conditions: - - lastTransitionTime: "2024-04-25T17:00:50Z" - message: Found 1 matching container/exechook pairs - reason: Done - status: "True" - type: RetrievedMatchingContainers - - lastTransitionTime: "2024-04-25T17:00:50Z" - message: Wait only needed on a restore - reason: Done - status: "True" - type: WaitForReadiness - - lastTransitionTime: "2024-04-25T17:00:56Z" - message: Successfully reconciled - reason: Done - status: "True" - type: ProcessMatchingContainers - - lastTransitionTime: "2024-04-25T17:00:56Z" - message: Successfully reconciled - reason: Done - status: "True" - type: ArchiveExecHooksUsed - - lastTransitionTime: "2024-04-25T17:00:56Z" - message: Successfully reconciled - reason: Done - status: "True" - type: Completed - - lastTransitionTime: "2024-04-25T17:00:50Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: OnFailureArchiveExecHooksUsed - matchingContainers: - - completionTimestamp: "2024-04-25T17:00:56Z" - containerImage: docker.io/bitnami/mysql:8.0.32-debian-11-r8 - containerName: mysql - execHookRef: post-snapshot - execHookUID: 2cafb1b4-2575-426c-8102-29437ebee48b - jobName: ehr-47223ea8dd0115ca18a986c77380aeb3 - namespace: ghost - podName: ghost-mysql-5bfb6bc8f5-stw4w - podUID: 15ddfce0-1565-4574-89a6-80662450aedd - startTimestamp: "2024-04-25T17:00:50Z" - state: Completed diff --git a/resource_customizations/astra.netapp.io/ExecHooksRun/testdata/progressing_nostatus.yaml b/resource_customizations/astra.netapp.io/ExecHooksRun/testdata/progressing_nostatus.yaml deleted file mode 100644 index 4d3b6704d4d20..0000000000000 --- a/resource_customizations/astra.netapp.io/ExecHooksRun/testdata/progressing_nostatus.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: ExecHooksRun -metadata: - annotations: - astra.netapp.io/correlationid: 1c47a636-f819-43f3-baee-054793424bb5 - creationTimestamp: "2024-04-25T16:35:34Z" - generation: 1 - name: pre-snapshot-073d13d7-4a0c-4c5e-914f-331ef6d00de2 - namespace: astra-connector - ownerReferences: - - apiVersion: astra.netapp.io/v1 - blockOwnerDeletion: true - controller: true - kind: Snapshot - name: argo-presync-20240425163524 - uid: 073d13d7-4a0c-4c5e-914f-331ef6d00de2 - resourceVersion: "11320392" - uid: 064199e2-d540-4628-b4ec-5b417bb85128 -spec: - action: snapshot - appArchivePath: ghost_0af10ee8-772b-4367-8334-44f9e4ad2849/snapshots/20240425163526_argo-presync-20240425163524_073d13d7-4a0c-4c5e-914f-331ef6d00de2 - appVaultRef: astra-gcp-backup-734ced050128 - applicationRef: ghost - completionTimeout: 0s - resourceFilter: {} - stage: pre diff --git a/resource_customizations/astra.netapp.io/ExecHooksRun/testdata/progressing_status.yaml b/resource_customizations/astra.netapp.io/ExecHooksRun/testdata/progressing_status.yaml deleted file mode 100644 index 44578700d61dd..0000000000000 --- a/resource_customizations/astra.netapp.io/ExecHooksRun/testdata/progressing_status.yaml +++ /dev/null @@ -1,69 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: ExecHooksRun -metadata: - annotations: - astra.netapp.io/correlationid: 1c47a636-f819-43f3-baee-054793424bb5 - creationTimestamp: "2024-04-25T16:35:34Z" - generation: 1 - name: pre-snapshot-073d13d7-4a0c-4c5e-914f-331ef6d00de2 - namespace: astra-connector - ownerReferences: - - apiVersion: astra.netapp.io/v1 - blockOwnerDeletion: true - controller: true - kind: Snapshot - name: argo-presync-20240425163524 - uid: 073d13d7-4a0c-4c5e-914f-331ef6d00de2 - resourceVersion: "11320407" - uid: 064199e2-d540-4628-b4ec-5b417bb85128 -spec: - action: snapshot - appArchivePath: ghost_0af10ee8-772b-4367-8334-44f9e4ad2849/snapshots/20240425163526_argo-presync-20240425163524_073d13d7-4a0c-4c5e-914f-331ef6d00de2 - appVaultRef: astra-gcp-backup-743cfd150129 - applicationRef: ghost - completionTimeout: 0s - resourceFilter: {} - stage: pre -status: - conditions: - - lastTransitionTime: "2024-04-25T16:35:34Z" - message: Found 1 matching container/exechook pairs - reason: Done - status: "True" - type: RetrievedMatchingContainers - - lastTransitionTime: "2024-04-25T16:35:34Z" - message: Wait only needed on a restore - reason: Done - status: "True" - type: WaitForReadiness - - lastTransitionTime: "2024-04-25T16:35:34Z" - message: Waiting - reason: Waiting - status: "False" - type: ProcessMatchingContainers - - lastTransitionTime: "2024-04-25T16:35:34Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: ArchiveExecHooksUsed - - lastTransitionTime: "2024-04-25T16:35:34Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: Completed - - lastTransitionTime: "2024-04-25T16:35:34Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: OnFailureArchiveExecHooksUsed - matchingContainers: - - containerImage: docker.io/bitnami/mysql:8.0.32-debian-11-r8 - containerName: mysql - execHookRef: pre-snapshot - execHookUID: 105679e3-4acc-4618-a3c2-53e0e5949f65 - jobName: ehr-ea0e89c8221790b54e94b4ac937aeac2 - namespace: ghost - podName: ghost-mysql-5bfb6bc8f5-stw4w - podUID: 15ddfce0-1565-4574-89a6-80662450aedd - startTimestamp: "2024-04-25T16:35:34Z" - state: Running diff --git a/resource_customizations/astra.netapp.io/ResourceBackup/health.lua b/resource_customizations/astra.netapp.io/ResourceBackup/health.lua deleted file mode 100644 index 39de4ac74eb68..0000000000000 --- a/resource_customizations/astra.netapp.io/ResourceBackup/health.lua +++ /dev/null @@ -1,16 +0,0 @@ -hs = { status = "Progressing", message = "No status available" } -if obj.status ~= nil then - if obj.status.state ~= nil then - if obj.status.state == "Completed" then - hs.status = "Healthy" - hs.message = obj.kind .. " Completed" - elseif obj.status.state == "Running" then - hs.status = "Progressing" - hs.message = obj.kind .. " Running" - else - hs.status = "Degraded" - hs.message = obj.status.state - end - end -end -return hs diff --git a/resource_customizations/astra.netapp.io/ResourceBackup/health_test.yaml b/resource_customizations/astra.netapp.io/ResourceBackup/health_test.yaml deleted file mode 100644 index 21668ca2006eb..0000000000000 --- a/resource_customizations/astra.netapp.io/ResourceBackup/health_test.yaml +++ /dev/null @@ -1,17 +0,0 @@ -tests: - - healthStatus: - status: Progressing - message: "No status available" - inputPath: testdata/progressing_nostatus.yaml - - healthStatus: - status: Progressing - message: "ResourceBackup Running" - inputPath: testdata/progressing_status.yaml - - healthStatus: - status: Healthy - message: "ResourceBackup Completed" - inputPath: testdata/healthy.yaml - - healthStatus: - status: Degraded - message: "Error" - inputPath: testdata/degraded.yaml diff --git a/resource_customizations/astra.netapp.io/ResourceBackup/testdata/degraded.yaml b/resource_customizations/astra.netapp.io/ResourceBackup/testdata/degraded.yaml deleted file mode 100644 index dc8bcd087f06c..0000000000000 --- a/resource_customizations/astra.netapp.io/ResourceBackup/testdata/degraded.yaml +++ /dev/null @@ -1,52 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: ResourceBackup -metadata: - annotations: - astra.netapp.io/correlationid: 6094b54d-b02b-475a-b5db-136729841240 - creationTimestamp: "2024-04-24T19:54:19Z" - finalizers: - - astra.netapp.io/finalizer - generation: 1 - name: snapshot-7b0d4f5e-53d0-4742-adec-15ef5d527865 - namespace: astra-connector - ownerReferences: - - apiVersion: astra.netapp.io/v1 - blockOwnerDeletion: true - controller: true - kind: Snapshot - name: backup-ad301b6a-6536-4313-89c1-d10ad0275430 - uid: 7b0d4f5e-53d0-4742-adec-15ef5d527865 - resourceVersion: "10608354" - uid: 9f8505a1-29ac-4755-92b5-536e6d825c35 -spec: - appArchivePath: ghost_0af10ee8-772b-4367-8334-44f9e4ad2849/snapshots/20240424195419_backup-ad301b6a-6536-4313-89c1-d10ad0275430_7b0d4f5e-53d0-4742-adec-15ef5d527865 - appVaultRef: astra-gcp-backup-743cfd150129 - applicationRef: ghost -status: - conditions: - - lastTransitionTime: "2024-04-24T19:54:19Z" - message: Successfully reconciled - reason: Done - status: "True" - type: AppOwnerReferenceCreated - - lastTransitionTime: "2024-04-24T19:54:19Z" - message: - 'unable to fetch appVault: AppVault.astra.netapp.io "astra-gcp-backup-743cfd150129" - not found' - reason: Error - status: "False" - type: JobCreated - - lastTransitionTime: "2024-04-24T19:54:19Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: JobCompleted - - lastTransitionTime: "2024-04-24T19:54:19Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: JobCleanedUp - error: - 'unable to fetch appVault: AppVault.astra.netapp.io "astra-gcp-backup-743cfd150129" - not found' - state: Error diff --git a/resource_customizations/astra.netapp.io/ResourceBackup/testdata/healthy.yaml b/resource_customizations/astra.netapp.io/ResourceBackup/testdata/healthy.yaml deleted file mode 100644 index 047ccbf583b5a..0000000000000 --- a/resource_customizations/astra.netapp.io/ResourceBackup/testdata/healthy.yaml +++ /dev/null @@ -1,49 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: ResourceBackup -metadata: - annotations: - astra.netapp.io/correlationid: 5b89a58c-9b7c-42e8-b426-c8f863e88f41 - creationTimestamp: "2024-04-18T02:00:00Z" - finalizers: - - astra.netapp.io/finalizer - generation: 1 - name: snapshot-0b1c9d28-33bd-45ce-b75b-2a45721e7218 - namespace: astra-connector - ownerReferences: - - apiVersion: astra.netapp.io/v1 - blockOwnerDeletion: true - controller: true - kind: Snapshot - name: daily-02c95-20240418020000 - uid: 0b1c9d28-33bd-45ce-b75b-2a45721e7218 - resourceVersion: "5060306" - uid: 28c08689-2f8d-4b1e-bfa4-ac8c8795adff -spec: - appArchivePath: wordpress_5ab7cd7d-7a9b-4508-9da2-c7dcb10a69b3/snapshots/20240418020000_daily-02c95-20240418020000_0b1c9d28-33bd-45ce-b75b-2a45721e7218 - appVaultRef: astra-gcp-backup-743cfd150129 - applicationRef: wordpress -status: - appArchivePath: wordpress_5ab7cd7d-7a9b-4508-9da2-c7dcb10a69b3/snapshots/20240418020000_daily-02c95-20240418020000_0b1c9d28-33bd-45ce-b75b-2a45721e7218 - completionTimestamp: "2024-04-18T02:00:09Z" - conditions: - - lastTransitionTime: "2024-04-18T02:00:00Z" - message: Successfully reconciled - reason: Done - status: "True" - type: AppOwnerReferenceCreated - - lastTransitionTime: "2024-04-18T02:00:00Z" - message: Successfully reconciled - reason: Done - status: "True" - type: JobCreated - - lastTransitionTime: "2024-04-18T02:00:09Z" - message: Successfully reconciled - reason: Done - status: "True" - type: JobCompleted - - lastTransitionTime: "2024-04-18T02:00:10Z" - message: Successfully reconciled - reason: Done - status: "True" - type: JobCleanedUp - state: Completed diff --git a/resource_customizations/astra.netapp.io/ResourceBackup/testdata/progressing_nostatus.yaml b/resource_customizations/astra.netapp.io/ResourceBackup/testdata/progressing_nostatus.yaml deleted file mode 100644 index e4e5f9f6512d5..0000000000000 --- a/resource_customizations/astra.netapp.io/ResourceBackup/testdata/progressing_nostatus.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: ResourceBackup -metadata: - annotations: - astra.netapp.io/correlationid: ee3baf3b-c470-486f-a327-47a6eada0722 - creationTimestamp: "2024-04-24T21:30:21Z" - finalizers: - - astra.netapp.io/finalizer - generation: 1 - name: snapshot-0796d78d-e751-4835-a0d4-be61b9f9076a - namespace: astra-connector - ownerReferences: - - apiVersion: astra.netapp.io/v1 - blockOwnerDeletion: true - controller: true - kind: Snapshot - name: argo-presync-20240424213020 - uid: 0796d78d-e751-4835-a0d4-be61b9f9076a - resourceVersion: "10661760" - uid: 6ed660f0-95be-4369-b548-15cb094a44c2 -spec: - appArchivePath: ghost_0af10ee8-772b-4367-8334-44f9e4ad2849/snapshots/20240424213020_argo-presync-20240424213020_0796d78d-e751-4835-a0d4-be61b9f9076a - appVaultRef: astra-gcp-backup-743cfd150129 - applicationRef: ghost diff --git a/resource_customizations/astra.netapp.io/ResourceBackup/testdata/progressing_status.yaml b/resource_customizations/astra.netapp.io/ResourceBackup/testdata/progressing_status.yaml deleted file mode 100644 index ba27f3627f798..0000000000000 --- a/resource_customizations/astra.netapp.io/ResourceBackup/testdata/progressing_status.yaml +++ /dev/null @@ -1,48 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: ResourceBackup -metadata: - annotations: - astra.netapp.io/correlationid: ee3baf3b-c470-486f-a327-47a6eada0722 - creationTimestamp: "2024-04-24T21:30:21Z" - finalizers: - - astra.netapp.io/finalizer - generation: 1 - name: snapshot-0796d78d-e751-4835-a0d4-be61b9f9076a - namespace: astra-connector - ownerReferences: - - apiVersion: astra.netapp.io/v1 - blockOwnerDeletion: true - controller: true - kind: Snapshot - name: argo-presync-20240424213020 - uid: 0796d78d-e751-4835-a0d4-be61b9f9076a - resourceVersion: "10661760" - uid: 6ed660f0-95be-4369-b548-15cb094a44c2 -spec: - appArchivePath: ghost_0af10ee8-772b-4367-8334-44f9e4ad2849/snapshots/20240424213020_argo-presync-20240424213020_0796d78d-e751-4835-a0d4-be61b9f9076a - appVaultRef: astra-gcp-backup-743cfd150129 - applicationRef: ghost -status: - appArchivePath: ghost_0af10ee8-772b-4367-8334-44f9e4ad2849/snapshots/20240424213020_argo-presync-20240424213020_0796d78d-e751-4835-a0d4-be61b9f9076a - conditions: - - lastTransitionTime: "2024-04-24T21:30:21Z" - message: Successfully reconciled - reason: Done - status: "True" - type: AppOwnerReferenceCreated - - lastTransitionTime: "2024-04-24T21:30:21Z" - message: Successfully reconciled - reason: Done - status: "True" - type: JobCreated - - lastTransitionTime: "2024-04-24T21:30:21Z" - message: waiting for resource backup job to complete - reason: Waiting - status: "False" - type: JobCompleted - - lastTransitionTime: "2024-04-24T21:30:21Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: JobCleanedUp - state: Running diff --git a/resource_customizations/astra.netapp.io/ResticVolumeBackup/health.lua b/resource_customizations/astra.netapp.io/ResticVolumeBackup/health.lua deleted file mode 100644 index 39de4ac74eb68..0000000000000 --- a/resource_customizations/astra.netapp.io/ResticVolumeBackup/health.lua +++ /dev/null @@ -1,16 +0,0 @@ -hs = { status = "Progressing", message = "No status available" } -if obj.status ~= nil then - if obj.status.state ~= nil then - if obj.status.state == "Completed" then - hs.status = "Healthy" - hs.message = obj.kind .. " Completed" - elseif obj.status.state == "Running" then - hs.status = "Progressing" - hs.message = obj.kind .. " Running" - else - hs.status = "Degraded" - hs.message = obj.status.state - end - end -end -return hs diff --git a/resource_customizations/astra.netapp.io/ResticVolumeBackup/health_test.yaml b/resource_customizations/astra.netapp.io/ResticVolumeBackup/health_test.yaml deleted file mode 100644 index 2038e85656a2f..0000000000000 --- a/resource_customizations/astra.netapp.io/ResticVolumeBackup/health_test.yaml +++ /dev/null @@ -1,17 +0,0 @@ -tests: - - healthStatus: - status: Progressing - message: "No status available" - inputPath: testdata/progressing_nostatus.yaml - - healthStatus: - status: Progressing - message: "ResticVolumeBackup Running" - inputPath: testdata/progressing_status.yaml - - healthStatus: - status: Healthy - message: "ResticVolumeBackup Completed" - inputPath: testdata/healthy.yaml - - healthStatus: - status: Degraded - message: "Failed" - inputPath: testdata/degraded.yaml diff --git a/resource_customizations/astra.netapp.io/ResticVolumeBackup/testdata/degraded.yaml b/resource_customizations/astra.netapp.io/ResticVolumeBackup/testdata/degraded.yaml deleted file mode 100644 index dd1e080791b2a..0000000000000 --- a/resource_customizations/astra.netapp.io/ResticVolumeBackup/testdata/degraded.yaml +++ /dev/null @@ -1,99 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: ResticVolumeBackup -metadata: - annotations: - astra.netapp.io/correlationid: 26d34f64-38cc-4775-881d-a2fa12437f4b - creationTimestamp: "2024-04-17T13:50:44Z" - deletionGracePeriodSeconds: 0 - deletionTimestamp: "2024-04-17T14:51:28Z" - finalizers: - - astra.netapp.io/finalizer - generation: 2 - name: backup-8f2ae7bd-82fc-4b4f-a22d-d08edc2e4e27-vs-54c8ec7f-42e8-48aa-b347-d4acab7b877b - namespace: astra-connector - ownerReferences: - - apiVersion: astra.netapp.io/v1 - blockOwnerDeletion: true - controller: true - kind: Backup - name: hourly-acde9-20240417135000 - uid: 8f2ae7bd-82fc-4b4f-a22d-d08edc2e4e27 - resourceVersion: "4675672" - uid: ba90a4f7-a68f-4978-bc04-86902281adc2 -spec: - clonePVC: - metadata: {} - spec: - accessModes: - - ReadWriteMany - resources: - requests: - storage: 100Gi - storageClassName: netapp-cvs-perf-premium - dataSourceRef: - apiGroup: snapshot.storage.k8s.io - kind: VolumeSnapshot - name: backup-8f2ae7bd-82fc-4b4f-a22d-d08edc2e4e27-vs-54c8ec7f-42e8-48aa-b347-d4acab7b877b - resticEnv: - - name: GOOGLE_PROJECT_ID - - name: GOOGLE_APPLICATION_CREDENTIALS - value: /var/run/secrets/neptune/astra-gcp-backup-743cfd150129-5rdt4/credentials.json - - name: RESTIC_PASSWORD - value: password - resticRepository: gs:astra-gcp-backup-743cfd150129://ghost_0af10ee8-772b-4367-8334-44f9e4ad2849/restic/ghost/ghost_b9ff9e05-5049-4862-82c6-dea080c2fe0d - resticVolumeMounts: - - mount: - mountPath: /var/run/secrets/neptune/astra-gcp-backup-743cfd150129-5rdt4 - name: secret-astra-gcp-backup-743cfd150129-5rdt4 - readOnly: true - source: - items: - - key: credentials.json - path: credentials.json - secretName: astra-gcp-backup-743cfd150129-5rdt4 -status: - clonePVCName: restic-volume-backup-ba90a4f7-a68f-4978-bc04-86902281adc2 - clonePVName: "" - conditions: - - lastTransitionTime: "2024-04-17T13:50:44Z" - message: Successfully reconciled - reason: Done - status: "True" - type: SourcePVCExists - - lastTransitionTime: "2024-04-17T13:50:44Z" - message: Successfully reconciled - reason: Done - status: "True" - type: ResticJobCreated - - lastTransitionTime: "2024-04-17T13:50:44Z" - message: - "restic job restic-volume-backup-ba90a4f7-a68f-4978-bc04-86902281adc2 - failed: permanent error" - reason: Failed - status: "False" - type: ResticJobCompleted - - lastTransitionTime: "2024-04-17T13:50:44Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: ResticJobCleanedUp - - lastTransitionTime: "2024-04-17T13:50:44Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: TemporaryPVCCloneCleanedUp - - lastTransitionTime: "2024-04-17T13:50:44Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: TemporaryPVCloneCleanedUp - - lastTransitionTime: "2024-04-17T13:50:44Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: Completed - error: - "restic job restic-volume-backup-ba90a4f7-a68f-4978-bc04-86902281adc2 failed: - permanent error" - resticJobName: restic-volume-backup-ba90a4f7-a68f-4978-bc04-86902281adc2 - state: Failed diff --git a/resource_customizations/astra.netapp.io/ResticVolumeBackup/testdata/healthy.yaml b/resource_customizations/astra.netapp.io/ResticVolumeBackup/testdata/healthy.yaml deleted file mode 100644 index 55d5fdf49055e..0000000000000 --- a/resource_customizations/astra.netapp.io/ResticVolumeBackup/testdata/healthy.yaml +++ /dev/null @@ -1,94 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: ResticVolumeBackup -metadata: - annotations: - astra.netapp.io/correlationid: 2d54c3e9-2b18-4ce9-958e-4c307619e4e7 - creationTimestamp: "2024-04-25T20:30:15Z" - finalizers: - - astra.netapp.io/finalizer - generation: 1 - name: backup-40b1dc7d-f1c0-4c3d-b34e-d7db5cc26d14-vs-78b36b0d-52db-4b24-afe4-ceec56209bbb - namespace: astra-connector - ownerReferences: - - apiVersion: astra.netapp.io/v1 - blockOwnerDeletion: true - controller: true - kind: Backup - name: hourly-acde9-20240425195000 - uid: 40b1dc7d-f1c0-4c3d-b34e-d7db5cc26d14 - resourceVersion: "11460297" - uid: f3424a57-862e-4609-88ce-e534a655a5d6 -spec: - clonePVC: - metadata: {} - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 100Gi - storageClassName: netapp-cvs-perf-premium - dataSourceRef: - apiGroup: snapshot.storage.k8s.io - kind: VolumeSnapshot - name: backup-40b1dc7d-f1c0-4c3d-b34e-d7db5cc26d14-vs-78b36b0d-52db-4b24-afe4-ceec56209bbb - resticEnv: - - name: GOOGLE_PROJECT_ID - - name: GOOGLE_APPLICATION_CREDENTIALS - value: /var/run/secrets/neptune/astra-gcp-backup-743cfd150129-5rdt4/credentials.json - - name: RESTIC_PASSWORD - value: password - resticRepository: gs:astra-gcp-backup-743cfd150129://ghost_0af10ee8-772b-4367-8334-44f9e4ad2849/restic/ghost/mysql-pv-claim_5749beb5-e09a-4286-8cb4-1af9750f6929 - resticVolumeMounts: - - mount: - mountPath: /var/run/secrets/neptune/astra-gcp-backup-743cfd150129-5rdt4 - name: secret-astra-gcp-backup-743cfd150129-5rdt4 - readOnly: true - source: - items: - - key: credentials.json - path: credentials.json - secretName: astra-gcp-backup-743cfd150129-5rdt4 -status: - clonePVCName: restic-volume-backup-f3424a57-862e-4609-88ce-e534a655a5d6 - clonePVName: pvc-90470af6-7d44-4500-80c1-99f925193654 - completionTimestamp: "2024-04-25T20:31:57Z" - conditions: - - lastTransitionTime: "2024-04-25T20:30:15Z" - message: Successfully reconciled - reason: Done - status: "True" - type: SourcePVCExists - - lastTransitionTime: "2024-04-25T20:30:15Z" - message: Successfully reconciled - reason: Done - status: "True" - type: ResticJobCreated - - lastTransitionTime: "2024-04-25T20:30:54Z" - message: Successfully reconciled - reason: Done - status: "True" - type: ResticJobCompleted - - lastTransitionTime: "2024-04-25T20:30:54Z" - message: Successfully reconciled - reason: Done - status: "True" - type: ResticJobCleanedUp - - lastTransitionTime: "2024-04-25T20:30:54Z" - message: Successfully reconciled - reason: Done - status: "True" - type: TemporaryPVCCloneCleanedUp - - lastTransitionTime: "2024-04-25T20:31:57Z" - message: Successfully reconciled - reason: Done - status: "True" - type: TemporaryPVCloneCleanedUp - - lastTransitionTime: "2024-04-25T20:31:57Z" - message: Successfully reconciled - reason: Done - status: "True" - type: Completed - resticJobName: restic-volume-backup-f3424a57-862e-4609-88ce-e534a655a5d6 - resticSnapshotID: 88c5684cf3e0cd73e57d96f11d20b1c6b03c913cf574cb73cb40da95078d6694 - state: Completed diff --git a/resource_customizations/astra.netapp.io/ResticVolumeBackup/testdata/progressing_nostatus.yaml b/resource_customizations/astra.netapp.io/ResticVolumeBackup/testdata/progressing_nostatus.yaml deleted file mode 100644 index b622e552015f1..0000000000000 --- a/resource_customizations/astra.netapp.io/ResticVolumeBackup/testdata/progressing_nostatus.yaml +++ /dev/null @@ -1,49 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: ResticVolumeBackup -metadata: - creationTimestamp: "2024-04-25T20:30:15Z" - finalizers: - - astra.netapp.io/finalizer - generation: 1 - name: backup-40b1dc7d-f1c0-4c3d-b34e-d7db5cc26d14-vs-78b36b0d-52db-4b24-afe4-ceec56209bbb - namespace: astra-connector - ownerReferences: - - apiVersion: astra.netapp.io/v1 - blockOwnerDeletion: true - controller: true - kind: Backup - name: hourly-acde9-20240425195000 - uid: 40b1dc7d-f1c0-4c3d-b34e-d7db5cc26d14 - resourceVersion: "11459172" - uid: f3424a57-862e-4609-88ce-e534a655a5d6 -spec: - clonePVC: - metadata: {} - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 100Gi - storageClassName: netapp-cvs-perf-premium - dataSourceRef: - apiGroup: snapshot.storage.k8s.io - kind: VolumeSnapshot - name: backup-40b1dc7d-f1c0-4c3d-b34e-d7db5cc26d14-vs-78b36b0d-52db-4b24-afe4-ceec56209bbb - resticEnv: - - name: GOOGLE_PROJECT_ID - - name: GOOGLE_APPLICATION_CREDENTIALS - value: /var/run/secrets/neptune/astra-gcp-backup-743cfd150129-5rdt4/credentials.json - - name: RESTIC_PASSWORD - value: password - resticRepository: gs:astra-gcp-backup-743cfd150129://ghost_0af10ee8-772b-4367-8334-44f9e4ad2849/restic/ghost/mysql-pv-claim_5749beb5-e09a-4286-8cb4-1af9750f6929 - resticVolumeMounts: - - mount: - mountPath: /var/run/secrets/neptune/astra-gcp-backup-743cfd150129-5rdt4 - name: secret-astra-gcp-backup-743cfd150129-5rdt4 - readOnly: true - source: - items: - - key: credentials.json - path: credentials.json - secretName: astra-gcp-backup-743cfd150129-5rdt4 diff --git a/resource_customizations/astra.netapp.io/ResticVolumeBackup/testdata/progressing_status.yaml b/resource_customizations/astra.netapp.io/ResticVolumeBackup/testdata/progressing_status.yaml deleted file mode 100644 index e0889bf955fdd..0000000000000 --- a/resource_customizations/astra.netapp.io/ResticVolumeBackup/testdata/progressing_status.yaml +++ /dev/null @@ -1,92 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: ResticVolumeBackup -metadata: - annotations: - astra.netapp.io/correlationid: 2d54c3e9-2b18-4ce9-958e-4c307619e4e7 - creationTimestamp: "2024-04-25T20:30:15Z" - finalizers: - - astra.netapp.io/finalizer - generation: 1 - name: backup-40b1dc7d-f1c0-4c3d-b34e-d7db5cc26d14-vs-78b36b0d-52db-4b24-afe4-ceec56209bbb - namespace: astra-connector - ownerReferences: - - apiVersion: astra.netapp.io/v1 - blockOwnerDeletion: true - controller: true - kind: Backup - name: hourly-acde9-20240425195000 - uid: 40b1dc7d-f1c0-4c3d-b34e-d7db5cc26d14 - resourceVersion: "11459181" - uid: f3424a57-862e-4609-88ce-e534a655a5d6 -spec: - clonePVC: - metadata: {} - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 100Gi - storageClassName: netapp-cvs-perf-premium - dataSourceRef: - apiGroup: snapshot.storage.k8s.io - kind: VolumeSnapshot - name: backup-40b1dc7d-f1c0-4c3d-b34e-d7db5cc26d14-vs-78b36b0d-52db-4b24-afe4-ceec56209bbb - resticEnv: - - name: GOOGLE_PROJECT_ID - - name: GOOGLE_APPLICATION_CREDENTIALS - value: /var/run/secrets/neptune/astra-gcp-backup-743cfd150129-5rdt4/credentials.json - - name: RESTIC_PASSWORD - value: password - resticRepository: gs:astra-gcp-backup-743cfd150129://ghost_0af10ee8-772b-4367-8334-44f9e4ad2849/restic/ghost/mysql-pv-claim_5749beb5-e09a-4286-8cb4-1af9750f6929 - resticVolumeMounts: - - mount: - mountPath: /var/run/secrets/neptune/astra-gcp-backup-743cfd150129-5rdt4 - name: secret-astra-gcp-backup-743cfd150129-5rdt4 - readOnly: true - source: - items: - - key: credentials.json - path: credentials.json - secretName: astra-gcp-backup-743cfd150129-5rdt4 -status: - clonePVCName: restic-volume-backup-f3424a57-862e-4609-88ce-e534a655a5d6 - clonePVName: "" - conditions: - - lastTransitionTime: "2024-04-25T20:30:15Z" - message: Successfully reconciled - reason: Done - status: "True" - type: SourcePVCExists - - lastTransitionTime: "2024-04-25T20:30:15Z" - message: Successfully reconciled - reason: Done - status: "True" - type: ResticJobCreated - - lastTransitionTime: "2024-04-25T20:30:15Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: ResticJobCompleted - - lastTransitionTime: "2024-04-25T20:30:15Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: ResticJobCleanedUp - - lastTransitionTime: "2024-04-25T20:30:15Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: TemporaryPVCCloneCleanedUp - - lastTransitionTime: "2024-04-25T20:30:15Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: TemporaryPVCloneCleanedUp - - lastTransitionTime: "2024-04-25T20:30:15Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: Completed - resticJobName: restic-volume-backup-f3424a57-862e-4609-88ce-e534a655a5d6 - state: Running diff --git a/resource_customizations/astra.netapp.io/Schedule/health.lua b/resource_customizations/astra.netapp.io/Schedule/health.lua deleted file mode 100644 index 5d122593e5b08..0000000000000 --- a/resource_customizations/astra.netapp.io/Schedule/health.lua +++ /dev/null @@ -1,7 +0,0 @@ -hs = { status = "Healthy", message = "Protection policy not yet executed" } -if obj.status ~= nil then - if obj.status.lastScheduleTime ~= nil then - hs.message = "Protection policy lastScheduleTime: " .. obj.status.lastScheduleTime - end -end -return hs diff --git a/resource_customizations/astra.netapp.io/Schedule/health_test.yaml b/resource_customizations/astra.netapp.io/Schedule/health_test.yaml deleted file mode 100644 index 73414e0b58d5a..0000000000000 --- a/resource_customizations/astra.netapp.io/Schedule/health_test.yaml +++ /dev/null @@ -1,9 +0,0 @@ -tests: - - healthStatus: - status: Healthy - message: "Protection policy not yet executed" - inputPath: testdata/healthy_nostatus.yaml - - healthStatus: - status: Healthy - message: "Protection policy lastScheduleTime: 2024-04-24T01:00:00Z" - inputPath: testdata/healthy_status.yaml diff --git a/resource_customizations/astra.netapp.io/Schedule/testdata/healthy_nostatus.yaml b/resource_customizations/astra.netapp.io/Schedule/testdata/healthy_nostatus.yaml deleted file mode 100644 index 0456fb39fc0f6..0000000000000 --- a/resource_customizations/astra.netapp.io/Schedule/testdata/healthy_nostatus.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: Schedule -metadata: - creationTimestamp: "2024-04-15T20:46:16Z" - generation: 2 - labels: - argocd.argoproj.io/instance: ghost-demo - name: ghost-monthly - namespace: astra-connector - ownerReferences: - - apiVersion: astra.netapp.io/v1 - kind: Application - name: ghost - uid: 0af10ee8-772b-4367-8334-44f9e4ad2849 - resourceVersion: "3231157" - uid: f75ebc6f-627c-4b34-ba36-e64ddc3948e3 -spec: - appVaultRef: astra-gcp-backup-743cfd150129 - applicationRef: ghost - backupRetention: "1" - dayOfMonth: "1" - dayOfWeek: "" - enabled: true - granularity: monthly - hour: "2" - minute: "0" - recurrenceRule: "" - snapshotRetention: "1" diff --git a/resource_customizations/astra.netapp.io/Schedule/testdata/healthy_status.yaml b/resource_customizations/astra.netapp.io/Schedule/testdata/healthy_status.yaml deleted file mode 100644 index 71f99ddf23299..0000000000000 --- a/resource_customizations/astra.netapp.io/Schedule/testdata/healthy_status.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: Schedule -metadata: - creationTimestamp: "2024-04-15T20:46:16Z" - generation: 2 - labels: - argocd.argoproj.io/instance: ghost-demo - name: ghost-daily - namespace: astra-connector - ownerReferences: - - apiVersion: astra.netapp.io/v1 - kind: Application - name: ghost - uid: 0af10ee8-772b-4367-8334-44f9e4ad2849 - resourceVersion: "9963815" - uid: a2736922-6801-482c-a199-03ef8a3f35d7 -spec: - appVaultRef: astra-gcp-backup-743cfd150129 - applicationRef: ghost - backupRetention: "1" - dayOfMonth: "" - dayOfWeek: "" - enabled: true - granularity: daily - hour: "1" - minute: "0" - recurrenceRule: "" - snapshotRetention: "1" -status: - lastScheduleTime: "2024-04-24T01:00:00Z" diff --git a/resource_customizations/astra.netapp.io/Snapshot/health.lua b/resource_customizations/astra.netapp.io/Snapshot/health.lua deleted file mode 100644 index 39de4ac74eb68..0000000000000 --- a/resource_customizations/astra.netapp.io/Snapshot/health.lua +++ /dev/null @@ -1,16 +0,0 @@ -hs = { status = "Progressing", message = "No status available" } -if obj.status ~= nil then - if obj.status.state ~= nil then - if obj.status.state == "Completed" then - hs.status = "Healthy" - hs.message = obj.kind .. " Completed" - elseif obj.status.state == "Running" then - hs.status = "Progressing" - hs.message = obj.kind .. " Running" - else - hs.status = "Degraded" - hs.message = obj.status.state - end - end -end -return hs diff --git a/resource_customizations/astra.netapp.io/Snapshot/health_test.yaml b/resource_customizations/astra.netapp.io/Snapshot/health_test.yaml deleted file mode 100644 index c15b3d8b3a9f0..0000000000000 --- a/resource_customizations/astra.netapp.io/Snapshot/health_test.yaml +++ /dev/null @@ -1,17 +0,0 @@ -tests: - - healthStatus: - status: Progressing - message: "No status available" - inputPath: testdata/progressing_nostatus.yaml - - healthStatus: - status: Progressing - message: "Snapshot Running" - inputPath: testdata/progressing_status.yaml - - healthStatus: - status: Healthy - message: "Snapshot Completed" - inputPath: testdata/healthy.yaml - - healthStatus: - status: Degraded - message: "Failed" - inputPath: testdata/degraded.yaml diff --git a/resource_customizations/astra.netapp.io/Snapshot/testdata/degraded.yaml b/resource_customizations/astra.netapp.io/Snapshot/testdata/degraded.yaml deleted file mode 100644 index 89851bbe5dc0b..0000000000000 --- a/resource_customizations/astra.netapp.io/Snapshot/testdata/degraded.yaml +++ /dev/null @@ -1,80 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: Snapshot -metadata: - annotations: - astra.netapp.io/correlationid: 6094b54d-b02b-475a-b5db-136729841240 - creationTimestamp: "2024-04-24T19:54:18Z" - finalizers: - - astra.netapp.io/finalizer - generation: 1 - name: backup-ad301b6a-6536-4313-89c1-d10ad0275430 - namespace: astra-connector - ownerReferences: - - apiVersion: astra.netapp.io/v1 - blockOwnerDeletion: true - controller: true - kind: Backup - name: backup-20240424193746 - uid: ad301b6a-6536-4313-89c1-d10ad0275430 - - apiVersion: astra.netapp.io/v1 - kind: Application - name: ghost - uid: 0af10ee8-772b-4367-8334-44f9e4ad2849 - resourceVersion: "10641329" - uid: 7b0d4f5e-53d0-4742-adec-15ef5d527865 -spec: - appVaultRef: astra-gcp-backup-743cfd150129 - applicationRef: ghost - completionTimeout: 0s - volumeSnapshotsCreatedTimeout: 0s - volumeSnapshotsReadyToUseTimeout: 0s -status: - appArchivePath: ghost_0af10ee8-772b-4367-8334-44f9e4ad2849/snapshots/20240424195419_backup-ad301b6a-6536-4313-89c1-d10ad0275430_7b0d4f5e-53d0-4742-adec-15ef5d527865 - conditions: - - lastTransitionTime: "2024-04-24T19:54:19Z" - message: Successfully reconciled - reason: Done - status: "True" - type: AppOwnerReferenceCreated - - lastTransitionTime: "2024-04-24T19:54:19Z" - message: Successfully reconciled - reason: Done - status: "True" - type: AppArchivePathNameGenerated - - lastTransitionTime: "2024-04-24T19:54:19Z" - message: reconcile timeout of 1h0m0s exceeded - reason: Timeout - status: "False" - type: ResourceBackupCompleted - - lastTransitionTime: "2024-04-24T19:54:19Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: PreSnapshotExecHooksRunCompleted - - lastTransitionTime: "2024-04-24T19:54:19Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: VolumeSnapshotsCreated - - lastTransitionTime: "2024-04-24T19:54:19Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: PostSnapshotExecHooksRunCompleted - - lastTransitionTime: "2024-04-24T19:54:19Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: VolumeSnapshotsReady - - lastTransitionTime: "2024-04-24T19:54:19Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: Completed - - lastTransitionTime: "2024-04-24T19:54:19Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: OnFailurePostSnapshotExecHooksRunCompleted - error: reconcile timeout of 1h0m0s exceeded - state: Failed diff --git a/resource_customizations/astra.netapp.io/Snapshot/testdata/healthy.yaml b/resource_customizations/astra.netapp.io/Snapshot/testdata/healthy.yaml deleted file mode 100644 index 7073f9c5147b5..0000000000000 --- a/resource_customizations/astra.netapp.io/Snapshot/testdata/healthy.yaml +++ /dev/null @@ -1,81 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: Snapshot -metadata: - annotations: - astra.netapp.io/correlationid: 87091676-6489-4c76-8728-6b81bf4936b0 - creationTimestamp: "2024-04-24T14:23:18Z" - finalizers: - - astra.netapp.io/finalizer - generation: 2 - name: argo-presync-20240424142317 - namespace: astra-connector - ownerReferences: - - apiVersion: astra.netapp.io/v1 - kind: Application - name: ghost - uid: 0af10ee8-772b-4367-8334-44f9e4ad2849 - resourceVersion: "10421471" - uid: 152faab3-0374-4cef-bac9-6e7940b06aa9 -spec: - appVaultRef: astra-gcp-backup-743cfd150129 - applicationRef: ghost - completionTimeout: 0s - volumeSnapshotsCreatedTimeout: 0s - volumeSnapshotsReadyToUseTimeout: 0s -status: - appArchivePath: ghost_0af10ee8-772b-4367-8334-44f9e4ad2849/snapshots/20240424142318_argo-presync-20240424142317_152faab3-0374-4cef-bac9-6e7940b06aa9 - completionTimestamp: "2024-04-24T14:23:43Z" - conditions: - - lastTransitionTime: "2024-04-24T14:23:18Z" - message: Successfully reconciled - reason: Done - status: "True" - type: AppOwnerReferenceCreated - - lastTransitionTime: "2024-04-24T14:23:18Z" - message: Successfully reconciled - reason: Done - status: "True" - type: AppArchivePathNameGenerated - - lastTransitionTime: "2024-04-24T14:23:30Z" - message: Successfully reconciled - reason: Done - status: "True" - type: ResourceBackupCompleted - - lastTransitionTime: "2024-04-24T14:23:31Z" - message: Successfully reconciled - reason: Done - status: "True" - type: PreSnapshotExecHooksRunCompleted - - lastTransitionTime: "2024-04-24T14:23:41Z" - message: Successfully reconciled - reason: Done - status: "True" - type: VolumeSnapshotsCreated - - lastTransitionTime: "2024-04-24T14:23:42Z" - message: Successfully reconciled - reason: Done - status: "True" - type: PostSnapshotExecHooksRunCompleted - - lastTransitionTime: "2024-04-24T14:23:43Z" - message: Successfully reconciled - reason: Done - status: "True" - type: VolumeSnapshotsReady - - lastTransitionTime: "2024-04-24T14:23:43Z" - message: Successfully reconciled - reason: Done - status: "True" - type: Completed - - lastTransitionTime: "2024-04-24T14:23:18Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: OnFailurePostSnapshotExecHooksRunCompleted - postSnapshotExecHooksRunResults: [] - preSnapshotExecHooksRunResults: [] - state: Completed - volumeSnapshots: - - name: snapshot-152faab3-0374-4cef-bac9-6e7940b06aa9-pvc-b9ff9e05-5049-4862-82c6-dea080c2fe0d - namespace: ghost - - name: snapshot-152faab3-0374-4cef-bac9-6e7940b06aa9-pvc-38c468b3-eed6-48f2-b43b-15083dd1c030 - namespace: ghost diff --git a/resource_customizations/astra.netapp.io/Snapshot/testdata/progressing_nostatus.yaml b/resource_customizations/astra.netapp.io/Snapshot/testdata/progressing_nostatus.yaml deleted file mode 100644 index 28501e28fd95f..0000000000000 --- a/resource_customizations/astra.netapp.io/Snapshot/testdata/progressing_nostatus.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: Snapshot -metadata: - annotations: - astra.netapp.io/correlationid: de2315e9-4733-4733-91a0-1abec5f1e44e - creationTimestamp: "2024-04-24T21:17:04Z" - finalizers: - - astra.netapp.io/finalizer - generation: 2 - name: argo-presync-20240424211703 - namespace: astra-connector - ownerReferences: - - apiVersion: astra.netapp.io/v1 - kind: Application - name: ghost - uid: 0af10ee8-772b-4367-8334-44f9e4ad2849 - resourceVersion: "10654224" - uid: b200db48-c186-4ae8-9748-1ba7bec23d6d -spec: - appVaultRef: astra-gcp-backup-743cfd150129 - applicationRef: ghost - completionTimeout: 0s - volumeSnapshotsCreatedTimeout: 0s - volumeSnapshotsReadyToUseTimeout: 0s diff --git a/resource_customizations/astra.netapp.io/Snapshot/testdata/progressing_status.yaml b/resource_customizations/astra.netapp.io/Snapshot/testdata/progressing_status.yaml deleted file mode 100644 index 08951648c6d74..0000000000000 --- a/resource_customizations/astra.netapp.io/Snapshot/testdata/progressing_status.yaml +++ /dev/null @@ -1,73 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: Snapshot -metadata: - annotations: - astra.netapp.io/correlationid: de2315e9-4733-4733-91a0-1abec5f1e44e - creationTimestamp: "2024-04-24T21:17:04Z" - finalizers: - - astra.netapp.io/finalizer - generation: 2 - name: argo-presync-20240424211703 - namespace: astra-connector - ownerReferences: - - apiVersion: astra.netapp.io/v1 - kind: Application - name: ghost - uid: 0af10ee8-772b-4367-8334-44f9e4ad2849 - resourceVersion: "10654224" - uid: b200db48-c186-4ae8-9748-1ba7bec23d6d -spec: - appVaultRef: astra-gcp-backup-743cfd150129 - applicationRef: ghost - completionTimeout: 0s - volumeSnapshotsCreatedTimeout: 0s - volumeSnapshotsReadyToUseTimeout: 0s -status: - appArchivePath: ghost_0af10ee8-772b-4367-8334-44f9e4ad2849/snapshots/20240424211704_argo-presync-20240424211703_b200db48-c186-4ae8-9748-1ba7bec23d6d - conditions: - - lastTransitionTime: "2024-04-24T21:17:04Z" - message: Successfully reconciled - reason: Done - status: "True" - type: AppOwnerReferenceCreated - - lastTransitionTime: "2024-04-24T21:17:04Z" - message: Successfully reconciled - reason: Done - status: "True" - type: AppArchivePathNameGenerated - - lastTransitionTime: "2024-04-24T21:17:04Z" - message: Waiting for ResourceBackup to complete - reason: Waiting - status: "False" - type: ResourceBackupCompleted - - lastTransitionTime: "2024-04-24T21:17:04Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: PreSnapshotExecHooksRunCompleted - - lastTransitionTime: "2024-04-24T21:17:04Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: VolumeSnapshotsCreated - - lastTransitionTime: "2024-04-24T21:17:04Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: PostSnapshotExecHooksRunCompleted - - lastTransitionTime: "2024-04-24T21:17:04Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: VolumeSnapshotsReady - - lastTransitionTime: "2024-04-24T21:17:04Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: Completed - - lastTransitionTime: "2024-04-24T21:17:04Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: OnFailurePostSnapshotExecHooksRunCompleted - state: Running diff --git a/resource_customizations/openfaas.com/Function/health.lua b/resource_customizations/openfaas.com/Function/health.lua deleted file mode 100644 index df72e228b04fa..0000000000000 --- a/resource_customizations/openfaas.com/Function/health.lua +++ /dev/null @@ -1,31 +0,0 @@ -hs = {} -if obj.status ~= nil then - if obj.status.conditions ~= nil then - for i, condition in ipairs(obj.status.conditions) do - if condition.type == "Ready" and condition.status == "False" then - hs.status = "Degraded" - hs.message = condition.message - return hs - end - if condition.type == "Stalled" and condition.status == "True" then - hs.status = "Degraded" - hs.message = condition.message - return hs - end - if condition.type == "Ready" and condition.status == "True" then - if obj.status.replicas ~= nil and obj.status.replicas > 0 then - hs.status = "Healthy" - hs.message = condition.message - else - hs.status = "Suspended" - hs.message = "No replicas available" - end - return hs - end - end - end -end - -hs.status = "Progressing" -hs.message = "Waiting for Function" -return hs diff --git a/resource_customizations/openfaas.com/Function/health_test.yaml b/resource_customizations/openfaas.com/Function/health_test.yaml deleted file mode 100644 index 750089fac48ea..0000000000000 --- a/resource_customizations/openfaas.com/Function/health_test.yaml +++ /dev/null @@ -1,17 +0,0 @@ -tests: -- healthStatus: - status: Progressing - message: "Waiting for Function" - inputPath: testdata/progressing.yaml -- healthStatus: - status: Degraded - message: "Secret missing: secrets \"missing-secret\" not found" - inputPath: testdata/degraded_no_secret.yaml -- healthStatus: - status: Healthy - message: "Deployment and service reconciled" - inputPath: testdata/healthy.yaml -- healthStatus: - status: Suspended - message: "No replicas available" - inputPath: testdata/suspended_zero_replicas.yaml diff --git a/resource_customizations/openfaas.com/Function/testdata/degraded_no_secret.yaml b/resource_customizations/openfaas.com/Function/testdata/degraded_no_secret.yaml deleted file mode 100644 index a1c0c981f1176..0000000000000 --- a/resource_customizations/openfaas.com/Function/testdata/degraded_no_secret.yaml +++ /dev/null @@ -1,48 +0,0 @@ -{ - "apiVersion": "openfaas.com/v1", - "kind": "Function", - "metadata": { - "annotations": { - "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"openfaas.com/v1\",\"kind\":\"Function\",\"metadata\":{\"annotations\":{},\"name\":\"env\",\"namespace\":\"openfaas-fn\"},\"spec\":{\"annotations\":{},\"environment\":{\"fprocess\":\"env\",\"test\":\"yes\"},\"image\":\"ghcr.io/openfaas/alpine:latest\",\"labels\":{},\"name\":\"env\",\"secrets\":[\"missing-secret\"]}}\n" - }, - "creationTimestamp": "2024-04-29T13:42:46Z", - "generation": 1, - "name": "env", - "namespace": "openfaas-fn", - "resourceVersion": "580675", - "uid": "7a00bc7b-eb01-4f6a-b5f7-7893422ace7d" - }, - "spec": { - "annotations": {}, - "environment": { - "fprocess": "env", - "test": "yes" - }, - "image": "ghcr.io/openfaas/alpine:latest", - "labels": {}, - "name": "env", - "secrets": [ - "missing-secret" - ] - }, - "status": { - "conditions": [ - { - "lastTransitionTime": "2024-04-29T13:42:46Z", - "message": "Function queued for creation", - "observedGeneration": 1, - "reason": "Reconciling", - "status": "True", - "type": "Reconciling" - }, - { - "lastTransitionTime": "2024-04-29T13:42:46Z", - "message": "Secret missing: secrets \"missing-secret\" not found", - "observedGeneration": 1, - "reason": "SecretMissing", - "status": "True", - "type": "Stalled" - } - ] - } -} diff --git a/resource_customizations/openfaas.com/Function/testdata/healthy.yaml b/resource_customizations/openfaas.com/Function/testdata/healthy.yaml deleted file mode 100644 index 7d09972561710..0000000000000 --- a/resource_customizations/openfaas.com/Function/testdata/healthy.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: openfaas.com/v1 -kind: Function -metadata: - annotations: - kubectl.kubernetes.io/last-applied-configuration: | - {"apiVersion":"openfaas.com/v1","kind":"Function","metadata":{"annotations":{},"name":"env","namespace":"openfaas-fn"},"spec":{"annotations":{},"environment":{"fprocess":"env","test":"yes"},"image":"ghcr.io/openfaas/alpine:latest","labels":{},"name":"env"}} - creationTimestamp: "2024-04-29T13:38:50Z" - generation: 1 - name: env - namespace: openfaas-fn - resourceVersion: "580323" - uid: 865f74b9-cbc5-455a-abd7-4a1cdeae22d1 -spec: - annotations: {} - environment: - fprocess: env - test: "yes" - image: ghcr.io/openfaas/alpine:latest - labels: {} - name: env -status: - availableReplicas: 1 - conditions: - - lastTransitionTime: "2024-04-29T13:38:50Z" - message: Deployment and service reconciled - observedGeneration: 1 - reason: Ready - status: "True" - type: Ready - - lastTransitionTime: "2024-04-29T13:38:53Z" - message: At least one replica available - observedGeneration: 1 - reason: ReplicaAvailable - status: "True" - type: Healthy - replicas: 1 diff --git a/resource_customizations/openfaas.com/Function/testdata/progressing.yaml b/resource_customizations/openfaas.com/Function/testdata/progressing.yaml deleted file mode 100644 index 4b70ad08c19aa..0000000000000 --- a/resource_customizations/openfaas.com/Function/testdata/progressing.yaml +++ /dev/null @@ -1,30 +0,0 @@ ---- -apiVersion: openfaas.com/v1 -kind: Function -metadata: - annotations: - kubectl.kubernetes.io/last-applied-configuration: | - {"apiVersion":"openfaas.com/v1","kind":"Function","metadata":{"annotations":{},"name":"env","namespace":"openfaas-fn"},"spec":{"annotations":{},"environment":{"fprocess":"env","test":"yes"},"image":"ghcr.io/openfaas/alpine:latest","labels":{},"name":"env"}} - creationTimestamp: "2024-04-29T13:38:50Z" - generation: 1 - name: env - namespace: openfaas-fn - resourceVersion: "580277" - uid: 865f74b9-cbc5-455a-abd7-4a1cdeae22d1 -spec: - annotations: {} - environment: - fprocess: env - test: "yes" - image: ghcr.io/openfaas/alpine:latest - labels: {} - name: env -status: - conditions: - - lastTransitionTime: "2024-04-29T13:38:50Z" - message: Function queued for creation - observedGeneration: 1 - reason: Reconciling - status: "True" - type: Reconciling ---- diff --git a/resource_customizations/openfaas.com/Function/testdata/suspended_zero_replicas.yaml b/resource_customizations/openfaas.com/Function/testdata/suspended_zero_replicas.yaml deleted file mode 100644 index 3307dfd8e4fe4..0000000000000 --- a/resource_customizations/openfaas.com/Function/testdata/suspended_zero_replicas.yaml +++ /dev/null @@ -1,35 +0,0 @@ ---- -apiVersion: openfaas.com/v1 -kind: Function -metadata: - annotations: - kubectl.kubernetes.io/last-applied-configuration: | - {"apiVersion":"openfaas.com/v1","kind":"Function","metadata":{"annotations":{},"name":"env","namespace":"openfaas-fn"},"spec":{"annotations":{},"environment":{"fprocess":"env","test":"yes"},"image":"ghcr.io/openfaas/alpine:latest","labels":{},"name":"env"}} - creationTimestamp: "2024-04-29T13:38:50Z" - generation: 1 - name: env - namespace: openfaas-fn - resourceVersion: "580543" - uid: 865f74b9-cbc5-455a-abd7-4a1cdeae22d1 -spec: - annotations: {} - environment: - fprocess: env - test: "yes" - image: ghcr.io/openfaas/alpine:latest - labels: {} - name: env -status: - conditions: - - lastTransitionTime: "2024-04-29T13:38:50Z" - message: Deployment and service reconciled - observedGeneration: 1 - reason: Ready - status: "True" - type: Ready - - lastTransitionTime: "2024-04-29T13:41:27Z" - message: At least one replica available - observedGeneration: 1 - reason: ReplicaAvailable - status: "False" - type: Healthy diff --git a/server/application/application.go b/server/application/application.go index 164eda5937321..19d80303c2dfd 100644 --- a/server/application/application.go +++ b/server/application/application.go @@ -2139,7 +2139,12 @@ func (s *Server) resolveRevision(ctx context.Context, app *appv1.Application, sy ambiguousRevision := getAmbiguousRevision(app, syncReq, sourceIndex) - repo, err := s.db.GetRepository(ctx, app.Spec.GetSource().RepoURL) + repoUrl := app.Spec.GetSource().RepoURL + if app.Spec.HasMultipleSources() { + repoUrl = app.Spec.Sources[sourceIndex].RepoURL + } + + repo, err := s.db.GetRepository(ctx, repoUrl) if err != nil { return "", "", fmt.Errorf("error getting repository by URL: %w", err) } diff --git a/server/applicationset/applicationset.go b/server/applicationset/applicationset.go index 1875d01616858..d67815bd9a53d 100644 --- a/server/applicationset/applicationset.go +++ b/server/applicationset/applicationset.go @@ -280,52 +280,6 @@ func (s *Server) Delete(ctx context.Context, q *applicationset.ApplicationSetDel } -func (s *Server) ResourceTree(ctx context.Context, q *applicationset.ApplicationSetTreeQuery) (*v1alpha1.ApplicationSetTree, error) { - namespace := s.appsetNamespaceOrDefault(q.AppsetNamespace) - - if !s.isNamespaceEnabled(namespace) { - return nil, security.NamespaceNotPermittedError(namespace) - } - - a, err := s.appclientset.ArgoprojV1alpha1().ApplicationSets(namespace).Get(ctx, q.Name, metav1.GetOptions{}) - - if err != nil { - return nil, fmt.Errorf("error getting ApplicationSet: %w", err) - } - if err = s.enf.EnforceErr(ctx.Value("claims"), rbacpolicy.ResourceApplicationSets, rbacpolicy.ActionGet, a.RBACName(s.ns)); err != nil { - return nil, err - } - - return s.buildApplicationSetTree(ctx, a) -} - -func (s *Server) buildApplicationSetTree(ctx context.Context, a *v1alpha1.ApplicationSet) (*v1alpha1.ApplicationSetTree, error) { - var tree v1alpha1.ApplicationSetTree - - gvk := v1alpha1.ApplicationSetSchemaGroupVersionKind - parentRefs := []v1alpha1.ResourceRef{ - {Group: gvk.Group, Version: gvk.Version, Kind: gvk.Kind, Name: a.Name, Namespace: a.Namespace, UID: string(a.UID)}, - } - - apps := a.Status.Resources - for _, app := range apps { - tree.Nodes = append(tree.Nodes, v1alpha1.ResourceNode{ - Health: app.Health, - ResourceRef: v1alpha1.ResourceRef{ - Name: app.Name, - Group: app.Group, - Version: app.Version, - Kind: app.Kind, - Namespace: a.Namespace, - }, - ParentRefs: parentRefs, - }) - } - tree.Normalize() - - return &tree, nil -} - func (s *Server) validateAppSet(ctx context.Context, appset *v1alpha1.ApplicationSet) (string, error) { if appset == nil { return "", fmt.Errorf("ApplicationSet cannot be validated for nil value") diff --git a/server/applicationset/applicationset.proto b/server/applicationset/applicationset.proto index 07ed4e2c89384..2a857d41a00ce 100644 --- a/server/applicationset/applicationset.proto +++ b/server/applicationset/applicationset.proto @@ -46,11 +46,6 @@ message ApplicationSetDeleteRequest { string appsetNamespace = 2; } -message ApplicationSetTreeQuery { - string name = 1; - // The application set namespace. Default empty is argocd control plane namespace - string appsetNamespace = 2; -} // ApplicationSetService service ApplicationSetService { @@ -78,9 +73,4 @@ service ApplicationSetService { option (google.api.http).delete = "/api/v1/applicationsets/{name}"; } - // ResourceTree returns resource tree - rpc ResourceTree(ApplicationSetTreeQuery) returns (github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.ApplicationSetTree) { - option (google.api.http).get = "/api/v1/applicationsets/{name}/resource-tree"; - } - -} +} \ No newline at end of file diff --git a/server/applicationset/applicationset_test.go b/server/applicationset/applicationset_test.go index e72fec497c9b8..c49ddb35a7970 100644 --- a/server/applicationset/applicationset_test.go +++ b/server/applicationset/applicationset_test.go @@ -4,7 +4,6 @@ import ( "context" "testing" - "github.com/argoproj/gitops-engine/pkg/health" "github.com/argoproj/pkg/sync" "github.com/stretchr/testify/assert" v1 "k8s.io/api/core/v1" @@ -475,90 +474,3 @@ func TestUpdateAppSet(t *testing.T) { }) } - -func TestResourceTree(t *testing.T) { - appSet1 := newTestAppSet(func(appset *appsv1.ApplicationSet) { - appset.Name = "AppSet1" - appset.Status.Resources = []appsv1.ResourceStatus{ - { - Name: "app1", - Kind: "Application", - Group: "argoproj.io", - Version: "v1alpha1", - Namespace: "default", - Health: &appsv1.HealthStatus{ - Status: health.HealthStatusHealthy, - Message: "OK", - }, - Status: appsv1.SyncStatusCodeSynced, - }, - } - }) - - appSet2 := newTestAppSet(func(appset *appsv1.ApplicationSet) { - appset.Name = "AppSet2" - }) - - appSet3 := newTestAppSet(func(appset *appsv1.ApplicationSet) { - appset.Name = "AppSet3" - }) - - expectedTree := &appsv1.ApplicationSetTree{ - Nodes: []appsv1.ResourceNode{ - { - ResourceRef: appsv1.ResourceRef{ - Kind: "Application", - Group: "argoproj.io", - Version: "v1alpha1", - Namespace: "default", - Name: "app1", - }, - ParentRefs: []appsv1.ResourceRef{ - { - Kind: "ApplicationSet", - Group: "argoproj.io", - Version: "v1alpha1", - Namespace: "default", - Name: "AppSet1", - }, - }, - Health: &appsv1.HealthStatus{ - Status: health.HealthStatusHealthy, - Message: "OK", - }, - }, - }, - } - - t.Run("ResourceTree in default namespace", func(t *testing.T) { - - appSetServer := newTestAppSetServer(appSet1, appSet2, appSet3) - - appsetQuery := applicationset.ApplicationSetTreeQuery{Name: "AppSet1"} - - res, err := appSetServer.ResourceTree(context.Background(), &appsetQuery) - assert.NoError(t, err) - assert.Equal(t, expectedTree, res) - }) - - t.Run("ResourceTree in named namespace", func(t *testing.T) { - - appSetServer := newTestAppSetServer(appSet1, appSet2, appSet3) - - appsetQuery := applicationset.ApplicationSetTreeQuery{Name: "AppSet1", AppsetNamespace: testNamespace} - - res, err := appSetServer.ResourceTree(context.Background(), &appsetQuery) - assert.NoError(t, err) - assert.Equal(t, expectedTree, res) - }) - - t.Run("ResourceTree in not allowed namespace", func(t *testing.T) { - - appSetServer := newTestAppSetServer(appSet1, appSet2, appSet3) - - appsetQuery := applicationset.ApplicationSetTreeQuery{Name: "AppSet1", AppsetNamespace: "NOT-ALLOWED"} - - _, err := appSetServer.ResourceTree(context.Background(), &appsetQuery) - assert.Equal(t, "namespace 'NOT-ALLOWED' is not permitted", err.Error()) - }) -} diff --git a/server/badge/badge.go b/server/badge/badge.go index 5ed445e6643c3..8a706f67f2b05 100644 --- a/server/badge/badge.go +++ b/server/badge/badge.go @@ -5,7 +5,6 @@ import ( "fmt" "net/http" "regexp" - "strconv" "strings" healthutil "github.com/argoproj/gitops-engine/pkg/health" @@ -46,21 +45,18 @@ var ( titleTextPattern = regexp.MustCompile(`id="titleText" [^>]*>([^<]*)`) titleRectWidthPattern = regexp.MustCompile(`(id="titleRect" .* width=)("0")`) rightRectWidthPattern = regexp.MustCompile(`(id="rightRect" .* width=)("\d*")`) - revisionRectWidthPattern = regexp.MustCompile(`(id="revisionRect" .* width=)("\d*")`) leftRectYCoodPattern = regexp.MustCompile(`(id="leftRect" .* y=)("\d*")`) rightRectYCoodPattern = regexp.MustCompile(`(id="rightRect" .* y=)("\d*")`) revisionRectYCoodPattern = regexp.MustCompile(`(id="revisionRect" .* y=)("\d*")`) leftTextYCoodPattern = regexp.MustCompile(`(id="leftText" .* y=)("\d*")`) rightTextYCoodPattern = regexp.MustCompile(`(id="rightText" .* y=)("\d*")`) revisionTextYCoodPattern = regexp.MustCompile(`(id="revisionText" .* y=)("\d*")`) - revisionTextXCoodPattern = regexp.MustCompile(`(id="revisionText" x=)("\d*")`) svgHeightPattern = regexp.MustCompile(`^( 7 { - displayedRevision = revision[:7] - svgWidth = svgWidthWithRevision - } else { - svgWidth = svgWidthWithFullRevision - } - - badge = replaceFirstGroupSubMatch(revisionTextPattern, badge, fmt.Sprintf("(%s)", displayedRevision)) - } - - if widthParam, ok := r.URL.Query()["width"]; ok && enabled { - width, err := strconv.Atoi(widthParam[0]) - if err == nil { - svgWidth = width - adjustWidth = true - } - } - - // Increase width of SVG - if adjustWidth { - badge = svgWidthPattern.ReplaceAllString(badge, fmt.Sprintf(` 7 { + shortRevision = shortRevision[:7] } + badge = replaceFirstGroupSubMatch(revisionTextPattern, badge, fmt.Sprintf("(%s)", shortRevision)) } if showAppNameParam, ok := r.URL.Query()["showAppName"]; ok && enabled && strings.EqualFold(showAppNameParam[0], "true") { @@ -246,6 +215,7 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) { titleRectWidth := len(applicationName) * widthPerChar var longerWidth int = max(titleRectWidth, svgWidth) rightRectWidth := longerWidth - leftRectWidth + fmt.Println(len(applicationName)) badge = titleRectWidthPattern.ReplaceAllString(badge, fmt.Sprintf(`$1"%d"`, longerWidth)) badge = rightRectWidthPattern.ReplaceAllString(badge, fmt.Sprintf(`$1"%d"`, rightRectWidth)) badge = replaceFirstGroupSubMatch(titleTextPattern, badge, applicationName) diff --git a/server/badge/badge_test.go b/server/badge/badge_test.go index 706153c267fe9..57d88c963323a 100644 --- a/server/badge/badge_test.go +++ b/server/badge/badge_test.go @@ -75,22 +75,6 @@ func testApp2() *v1alpha1.Application { }, } } - -func testApp3() *v1alpha1.Application { - return &v1alpha1.Application{ - ObjectMeta: v1.ObjectMeta{Name: "test-app", Namespace: "argocd-test"}, - Status: v1alpha1.ApplicationStatus{ - Sync: v1alpha1.SyncStatus{Status: v1alpha1.SyncStatusCodeSynced}, - Health: v1alpha1.HealthStatus{Status: health.HealthStatusHealthy}, - OperationState: &v1alpha1.OperationState{ - SyncResult: &v1alpha1.SyncOperationResult{ - Revision: "aa29b85ababababababab", - }, - }, - }, - } -} - func testProject() *v1alpha1.AppProject { return &v1alpha1.AppProject{ ObjectMeta: v1.ObjectMeta{Name: "test-project", Namespace: "default"}, @@ -245,70 +229,6 @@ func TestHandlerNamespacesIsEnabled(t *testing.T) { }) } -func TestHandlerFeatureIsEnabledKeepFullRevisionIsEnabled(t *testing.T) { - settingsMgr := settings.NewSettingsManager(context.Background(), fake.NewSimpleClientset(argoCDCm(), argoCDSecret()), "default") - handler := NewHandler(appclientset.NewSimpleClientset(testApp3()), settingsMgr, "argocd-test", []string{""}) - req, err := http.NewRequest(http.MethodGet, "/api/badge?name=test-app&revision=true&keepFullRevision=true", nil) - assert.NoError(t, err) - - rr := httptest.NewRecorder() - handler.ServeHTTP(rr, req) - - assert.Equal(t, "private, no-store", rr.Header().Get("Cache-Control")) - assert.Equal(t, "*", rr.Header().Get("Access-Control-Allow-Origin")) - - response := rr.Body.String() - assert.Equal(t, toRGBString(Green), leftRectColorPattern.FindStringSubmatch(response)[1]) - assert.Equal(t, toRGBString(Green), rightRectColorPattern.FindStringSubmatch(response)[1]) - assert.Equal(t, "Healthy", leftTextPattern.FindStringSubmatch(response)[1]) - assert.Equal(t, "Synced", rightTextPattern.FindStringSubmatch(response)[1]) - assert.NotContains(t, response, "test-app") - assert.Contains(t, response, "(aa29b85ababababababab)") -} - -func TestHandlerFeatureIsEnabledKeepFullRevisionIsDisabled(t *testing.T) { - settingsMgr := settings.NewSettingsManager(context.Background(), fake.NewSimpleClientset(argoCDCm(), argoCDSecret()), "default") - handler := NewHandler(appclientset.NewSimpleClientset(testApp3()), settingsMgr, "argocd-test", []string{}) - req, err := http.NewRequest(http.MethodGet, "/api/badge?name=test-app&revision=true&keepFullRevision=false", nil) - assert.NoError(t, err) - - rr := httptest.NewRecorder() - handler.ServeHTTP(rr, req) - - assert.Equal(t, "private, no-store", rr.Header().Get("Cache-Control")) - assert.Equal(t, "*", rr.Header().Get("Access-Control-Allow-Origin")) - - response := rr.Body.String() - assert.Equal(t, toRGBString(Green), leftRectColorPattern.FindStringSubmatch(response)[1]) - assert.Equal(t, toRGBString(Green), rightRectColorPattern.FindStringSubmatch(response)[1]) - assert.Equal(t, "Healthy", leftTextPattern.FindStringSubmatch(response)[1]) - assert.Equal(t, "Synced", rightTextPattern.FindStringSubmatch(response)[1]) - assert.NotContains(t, response, "test-app") - assert.Contains(t, response, "(aa29b85)") -} - -func TestHandlerFeatureIsEnabledKeepFullRevisionAndWidthIsEnabled(t *testing.T) { - settingsMgr := settings.NewSettingsManager(context.Background(), fake.NewSimpleClientset(argoCDCm(), argoCDSecret()), "default") - handler := NewHandler(appclientset.NewSimpleClientset(testApp3()), settingsMgr, "argocd-test", []string{""}) - req, err := http.NewRequest(http.MethodGet, "/api/badge?name=test-app&revision=true&keepFullRevision=true&width=500", nil) - assert.NoError(t, err) - - rr := httptest.NewRecorder() - handler.ServeHTTP(rr, req) - - assert.Equal(t, "private, no-store", rr.Header().Get("Cache-Control")) - assert.Equal(t, "*", rr.Header().Get("Access-Control-Allow-Origin")) - - response := rr.Body.String() - assert.Equal(t, toRGBString(Green), leftRectColorPattern.FindStringSubmatch(response)[1]) - assert.Equal(t, toRGBString(Green), rightRectColorPattern.FindStringSubmatch(response)[1]) - assert.Equal(t, "Healthy", leftTextPattern.FindStringSubmatch(response)[1]) - assert.Equal(t, "Synced", rightTextPattern.FindStringSubmatch(response)[1]) - assert.Equal(t, "500", svgWidthPattern.FindStringSubmatch(response)[1]) - assert.NotContains(t, response, "test-app") - assert.Contains(t, response, "(aa29b85ababababababab)") -} - func createApplicationFeatureProjectIsEnabled(healthStatus health.HealthStatusCode, syncStatus v1alpha1.SyncStatusCode, appName, projectName, namespace string) *v1alpha1.Application { return &v1alpha1.Application{ ObjectMeta: v1.ObjectMeta{Name: appName, Namespace: namespace}, diff --git a/server/project/project.go b/server/project/project.go index 471ac4ade6ce2..44ddee95eaaff 100644 --- a/server/project/project.go +++ b/server/project/project.go @@ -137,8 +137,6 @@ func (s *Server) createToken(ctx context.Context, q *project.ProjectTokenCreateR } id = claims.ID - prj.NormalizeJWTTokens() - items := append(prj.Status.JWTTokensByRole[q.Role].Items, v1alpha1.JWTToken{IssuedAt: issuedAt, ExpiresAt: expiresAt, ID: id}) if _, found := prj.Status.JWTTokensByRole[q.Role]; found { prj.Status.JWTTokensByRole[q.Role] = v1alpha1.JWTTokens{Items: items} diff --git a/server/project/project_test.go b/server/project/project_test.go index c970c8b20b4d3..caf0df9f3ebac 100644 --- a/server/project/project_test.go +++ b/server/project/project_test.go @@ -585,7 +585,7 @@ p, role:admin, projects, update, *, allow`) projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithRole), enforcer, sync.NewKeyLock(), nil, nil, projInformer, settingsMgr, argoDB) request := &project.ProjectUpdateRequest{Project: projWithRole} _, err := projectServer.Update(context.Background(), request) - assert.Contains(t, err.Error(), "object must be of form 'test/*', 'test[/]/' or 'test/'") + assert.Contains(t, err.Error(), "object must be of form 'test/*' or 'test/'") }) t.Run("TestValidateProjectIncorrectProjectInRoleFailure", func(t *testing.T) { diff --git a/server/server.go b/server/server.go index 625fa2053023e..bd1e9857ce1ef 100644 --- a/server/server.go +++ b/server/server.go @@ -771,7 +771,7 @@ func (a *ArgoCDServer) newGRPCServer() (*grpc.Server, application.AppResourceTre // NOTE: notice we do not configure the gRPC server here with TLS (e.g. grpc.Creds(creds)) // This is because TLS handshaking occurs in cmux handling sOpts = append(sOpts, grpc.StreamInterceptor(grpc_middleware.ChainStreamServer( - otelgrpc.StreamServerInterceptor(), + otelgrpc.StreamServerInterceptor(), //nolint:staticcheck // TODO: ignore SA1019 for depreciation: see https://github.com/argoproj/argo-cd/issues/18258 grpc_logrus.StreamServerInterceptor(a.log), grpc_prometheus.StreamServerInterceptor, grpc_auth.StreamServerInterceptor(a.Authenticate), @@ -785,7 +785,7 @@ func (a *ArgoCDServer) newGRPCServer() (*grpc.Server, application.AppResourceTre ))) sOpts = append(sOpts, grpc.UnaryInterceptor(grpc_middleware.ChainUnaryServer( bug21955WorkaroundInterceptor, - otelgrpc.UnaryServerInterceptor(), + otelgrpc.UnaryServerInterceptor(), //nolint:staticcheck // TODO: ignore SA1019 for depreciation: see https://github.com/argoproj/argo-cd/issues/18258 grpc_logrus.UnaryServerInterceptor(a.log), grpc_prometheus.UnaryServerInterceptor, grpc_auth.UnaryServerInterceptor(a.Authenticate), diff --git a/test/container/Dockerfile b/test/container/Dockerfile index 125cde44965b5..a6614cd13a2d6 100644 --- a/test/container/Dockerfile +++ b/test/container/Dockerfile @@ -6,15 +6,15 @@ FROM docker.io/library/redis:7.2.4@sha256:7dd707032d90c6eaafd566f62a00f5b0116ae0 RUN ln -s /usr/lib/$(uname -m)-linux-gnu /usr/lib/linux-gnu # Please make sure to also check the contained yarn version and update the references below when upgrading this image's version -FROM docker.io/library/node:22.0.0@sha256:cbd62dc7ba7e50d01520f2c0a8d9853ec872187fa806ed61d0f87081c220386d as node +FROM docker.io/library/node:21.7.1@sha256:b9ccc4aca32eebf124e0ca0fd573dacffba2b9236987a1d4d2625ce3c162ecc8 as node -FROM docker.io/library/golang:1.22.1@sha256:0b55ab82ac2a54a6f8f85ec8b943b9e470c39e32c109b766bbc1b801f3fa8d3b as golang +FROM docker.io/library/golang:1.21.9@sha256:7d0dcbe5807b1ad7272a598fbf9d7af15b5e2bed4fd6c4c2b5b3684df0b317dd as golang -FROM docker.io/library/registry:2.8@sha256:4fac7a8257b1d7a86599043fcc181dfbdf9c8f57e337db763ac94b0e67c6cfb5 as registry +FROM docker.io/library/registry:2.8@sha256:fb9c9aef62af3955f6014613456551c92e88a67dcf1fc51f5f91bcbd1832813f as registry -FROM docker.io/bitnami/kubectl:1.30@sha256:b909f3a93813f25192bcb57f5c1e482d53ba01413db69c8143fca882e6e930e5 as kubectl +FROM docker.io/bitnami/kubectl:1.27@sha256:14ab746e857d96c105df4989cc2bf841292f2d143f7c60f9d7f549ae660eab43 as kubectl -FROM docker.io/library/ubuntu:24.04@sha256:3f85b7caad41a95462cf5b787d8a04604c8262cdcdf9a472b8c52ef83375fe15 +FROM docker.io/library/ubuntu:22.04@sha256:77906da86b60585ce12215807090eb327e7386c8fafb5402369e421f44eff17e ENV DEBIAN_FRONTEND=noninteractive RUN apt-get update && apt-get install --fix-missing -y \ diff --git a/test/e2e/declarative_test.go b/test/e2e/declarative_test.go index bbde965b914e1..3f1c1a20e1037 100644 --- a/test/e2e/declarative_test.go +++ b/test/e2e/declarative_test.go @@ -55,7 +55,6 @@ func TestDeclarativeInvalidProject(t *testing.T) { Expect(HealthIs(health.HealthStatusUnknown)). Expect(SyncStatusIs(SyncStatusCodeUnknown)). Expect(Condition(ApplicationConditionInvalidSpecError, "Application referencing project garbage which does not exist")) - // TODO: you can`t delete application with invalid project due to enforcment that was recently added, // in https://github.com/argoproj/argo-cd/security/advisories/GHSA-2gvw-w6fj-7m3c //When(). diff --git a/test/e2e/multiarch-container/Dockerfile b/test/e2e/multiarch-container/Dockerfile index 97f665320188f..681a4bd44e61e 100644 --- a/test/e2e/multiarch-container/Dockerfile +++ b/test/e2e/multiarch-container/Dockerfile @@ -1,2 +1,2 @@ -FROM docker.io/library/busybox@sha256:6776a33c72b3af7582a5b301e3a08186f2c21a3409f0d2b52dfddbdbe24a5b04 +FROM docker.io/library/busybox@sha256:c3839dd800b9eb7603340509769c43e146a74c63dca3045a8e7dc8ee07e53966 CMD exec sh -c "trap : TERM INT; echo 'Hi' && tail -f /dev/null" diff --git a/test/e2e/project_management_test.go b/test/e2e/project_management_test.go index 8f60a901b5f41..fb8886a21dbd4 100644 --- a/test/e2e/project_management_test.go +++ b/test/e2e/project_management_test.go @@ -324,7 +324,6 @@ func TestUseJWTToken(t *testing.T) { projectName := "proj-" + strconv.FormatInt(time.Now().Unix(), 10) appName := "app-" + strconv.FormatInt(time.Now().Unix(), 10) roleName := "roleTest" - roleName2 := "roleTest2" testApp := &v1alpha1.Application{ ObjectMeta: metav1.ObjectMeta{ Name: appName, @@ -366,15 +365,6 @@ func TestUseJWTToken(t *testing.T) { _, err = fixture.RunCli("proj", "role", "create-token", projectName, roleName) assert.NoError(t, err) - // Create second role with kubectl, to test that it will not affect 1st role - _, err = fixture.Run("", "kubectl", "patch", "appproject", projectName, "--type", "merge", - "-n", fixture.TestNamespace(), - "-p", fmt.Sprintf(`{"spec":{"roles":[{"name":"%s"},{"name":"%s"}]}}`, roleName, roleName2)) - assert.NoError(t, err) - - _, err = fixture.RunCli("proj", "role", "create-token", projectName, roleName2) - assert.NoError(t, err) - for _, action := range []string{"get", "update", "sync", "create", "override", "*"} { _, err = fixture.RunCli("proj", "role", "add-policy", projectName, roleName, "-a", action, "-o", "*", "-p", "allow") assert.NoError(t, err) diff --git a/test/remote/Dockerfile b/test/remote/Dockerfile index 139bd696437ce..cf43ee355567d 100644 --- a/test/remote/Dockerfile +++ b/test/remote/Dockerfile @@ -1,4 +1,4 @@ -ARG BASE_IMAGE=docker.io/library/ubuntu:24.04@sha256:3f85b7caad41a95462cf5b787d8a04604c8262cdcdf9a472b8c52ef83375fe15 +ARG BASE_IMAGE=docker.io/library/ubuntu:22.04 FROM docker.io/library/golang:1.22.0@sha256:7b297d9abee021bab9046e492506b3c2da8a3722cbf301653186545ecc1e00bb AS go diff --git a/ui-test/Dockerfile b/ui-test/Dockerfile index 12917dcf41a70..46231bad8d142 100644 --- a/ui-test/Dockerfile +++ b/ui-test/Dockerfile @@ -1,4 +1,4 @@ -FROM docker.io/library/node:22.0.0@sha256:cbd62dc7ba7e50d01520f2c0a8d9853ec872187fa806ed61d0f87081c220386d as node +FROM docker.io/library/node:21.7.1@sha256:b9ccc4aca32eebf124e0ca0fd573dacffba2b9236987a1d4d2625ce3c162ecc8 as node RUN apt-get update && apt-get install --no-install-recommends -y \ software-properties-common diff --git a/ui/src/app/applications/components/application-details/application-resource-list.tsx b/ui/src/app/applications/components/application-details/application-resource-list.tsx index 6cee8b04a7205..d1e01adb52c04 100644 --- a/ui/src/app/applications/components/application-details/application-resource-list.tsx +++ b/ui/src/app/applications/components/application-details/application-resource-list.tsx @@ -12,14 +12,17 @@ import {format} from 'date-fns'; import {ResourceNode, ResourceRef} from '../../../shared/models'; import './application-resource-list.scss'; -export interface ApplicationResourceListProps { +export const ApplicationResourceList = ({ + resources, + onNodeClick, + nodeMenu, + tree +}: { resources: models.ResourceStatus[]; onNodeClick?: (fullName: string) => any; nodeMenu?: (node: models.ResourceNode) => React.ReactNode; tree?: models.ApplicationTree; -} - -export const ApplicationResourceList = (props: ApplicationResourceListProps) => { +}) => { function getResNode(nodes: ResourceNode[], nodeId: string): models.ResourceNode { for (const node of nodes) { if (nodeKey(node) === nodeId) { @@ -28,7 +31,7 @@ export const ApplicationResourceList = (props: ApplicationResourceListProps) => } return null; } - const parentNode = ((props.resources || []).length > 0 && (getResNode(props.tree.nodes, nodeKey(props.resources[0])) as ResourceNode)?.parentRefs?.[0]) || ({} as ResourceRef); + const parentNode = ((resources || []).length > 0 && (getResNode(tree.nodes, nodeKey(resources[0])) as ResourceNode)?.parentRefs?.[0]) || ({} as ResourceRef); const searchParams = new URLSearchParams(window.location.search); const view = searchParams.get('view'); @@ -70,7 +73,7 @@ export const ApplicationResourceList = (props: ApplicationResourceListProps) =>
                            STATUS
    - {props.resources + {resources .sort((first, second) => -createdOrNodeKey(first).localeCompare(createdOrNodeKey(second))) .map(res => (
    className={classNames('argo-table-list__row', { 'application-resource-tree__node--orphaned': res.orphaned })} - onClick={() => props.onNodeClick && props.onNodeClick(nodeKey(res))}> + onClick={() => onNodeClick(nodeKey(res))}>
    @@ -108,7 +111,7 @@ export const ApplicationResourceList = (props: ApplicationResourceListProps) =>
    {res.syncWave || '-'}
    {res.namespace}
    {res.kind === 'ReplicaSet' && - ((getResNode(props.tree.nodes, nodeKey(res)) as ResourceNode).info || []) + ((getResNode(tree.nodes, nodeKey(res)) as ResourceNode).info || []) .filter(tag => !tag.name.includes('Node')) .slice(0, 4) .map((tag, i) => { @@ -137,31 +140,27 @@ export const ApplicationResourceList = (props: ApplicationResourceListProps) => )} {res.status && } {res.hook && } - {props.nodeMenu && ( -
    - ( - - )}> - {() => - props.nodeMenu({ - name: res.name, - version: res.version, - kind: res.kind, - namespace: res.namespace, - group: res.group, - info: null, - uid: '', - resourceVersion: null, - parentRefs: [] - }) - } - -
    - )} +
    + ( + + )}> + {nodeMenu({ + name: res.name, + version: res.version, + kind: res.kind, + namespace: res.namespace, + group: res.group, + info: null, + uid: '', + resourceVersion: null, + parentRefs: [] + })} + +
    diff --git a/ui/src/app/applications/components/application-parameters/application-parameters.tsx b/ui/src/app/applications/components/application-parameters/application-parameters.tsx index 28698c8eda79f..38a6d151a90c2 100644 --- a/ui/src/app/applications/components/application-parameters/application-parameters.tsx +++ b/ui/src/app/applications/components/application-parameters/application-parameters.tsx @@ -14,11 +14,7 @@ import { StringValueField, NameValue, TagsInputField, - ValueEditor, - Paginate, - RevisionHelpIcon, - Revision, - Repo + ValueEditor } from '../../../shared/components'; import * as models from '../../../shared/models'; import {ApplicationSourceDirectory, Plugin} from '../../../shared/models'; @@ -27,9 +23,8 @@ import {ImageTagFieldEditor} from './kustomize'; import * as kustomize from './kustomize-image'; import {VarsInputField} from './vars-input-field'; import {concatMaps} from '../../../shared/utils'; -import {getAppDefaultSource, helpTip} from '../utils'; +import {getAppDefaultSource} from '../utils'; import * as jsYaml from 'js-yaml'; -import {RevisionFormField} from '../revision-form-field/revision-form-field'; const TextWithMetadataField = ReactFormField((props: {metadata: {value: string}; fieldApi: FieldApi; className: string}) => { const { @@ -56,16 +51,6 @@ function overridesFirst(first: {overrideIndex: number; metadata: {name: string}} return first.overrideIndex - second.overrideIndex; } -function processPath(path: string) { - if (path !== null && path !== undefined) { - if (path === '.') { - return '(root)'; - } - return path; - } - return ''; -} - function getParamsEditableItems( app: models.Application, title: string, @@ -137,287 +122,20 @@ function getParamsEditableItems( export const ApplicationParameters = (props: { application: models.Application; - details?: models.RepoAppDetails; - detailsList?: models.RepoAppDetails[]; + details: models.RepoAppDetails; save?: (application: models.Application, query: {validate?: boolean}) => Promise; noReadonlyMode?: boolean; - pageNumber?: number; - setPageNumber?: (x: number) => any; }) => { const app = cloneDeep(props.application); - const source = getAppDefaultSource(app); // For source field - const appSources = app?.spec.sources; + const source = getAppDefaultSource(app); const [removedOverrides, setRemovedOverrides] = React.useState(new Array()); let attributes: EditablePanelItem[] = []; - const multipleAttributes = new Array(); - + const isValuesObject = source?.helm?.valuesObject; + const helmValues = isValuesObject ? jsYaml.safeDump(source.helm.valuesObject) : source?.helm?.values; const [appParamsDeletedState, setAppParamsDeletedState] = React.useState([]); - if (appSources && props.detailsList && props.detailsList.length > 1) { - for (let i: number = 0; i < props.detailsList.length; i++) { - multipleAttributes.push( - gatherDetails(props.detailsList[i], attributes, appSources[i], app, setRemovedOverrides, removedOverrides, appParamsDeletedState, setAppParamsDeletedState) - ); - attributes = []; - } - } else { - // For source field. Delete this when source field is removed - attributes = gatherDetails(props.details, attributes, source, app, setRemovedOverrides, removedOverrides, appParamsDeletedState, setAppParamsDeletedState); - } - - if (props.detailsList && props.detailsList.length > 1) { - return ( - { - props.setPageNumber(page); - }}> - {data => { - const listOfPanels: any[] = []; - data.forEach(attr => { - const repoAppDetails = props.detailsList[multipleAttributes.indexOf(attr)]; - listOfPanels.push(getEditablePanel(attr, repoAppDetails, multipleAttributes.indexOf(attr), app.spec.sources)); - }); - return listOfPanels; - }} - - ); - } else { - const v: models.ApplicationSource[] = new Array(); - v.push(app.spec.source); - return getEditablePanel(attributes, props.details, 0, v, true); - } - - function getEditablePanel(panel: EditablePanelItem[], repoAppDetails: models.RepoAppDetails, ind: number, sources: models.ApplicationSource[], isSingleSource?: boolean): any { - const src: models.ApplicationSource = sources[ind]; - let descriptionCollapsed: string; - let floatingTitle: string; - if (sources.length > 1) { - if (repoAppDetails.type === 'Directory') { - floatingTitle = 'TYPE=' + repoAppDetails.type + ', URL=' + src.repoURL; - descriptionCollapsed = - 'TYPE=' + repoAppDetails.type + (src.path ? ', PATH=' + src.path : '' + (src.targetRevision ? ', TARGET REVISION=' + src.targetRevision : '')); - } else if (repoAppDetails.type === 'Helm') { - floatingTitle = 'TYPE=' + repoAppDetails.type + ', URL=' + src.repoURL + (src.chart ? ', CHART=' + src.chart + ':' + src.targetRevision : ''); - descriptionCollapsed = - 'TYPE=' + - repoAppDetails.type + - (src.chart ? ', CHART=' + src.chart + ':' + src.targetRevision : '') + - (src.path ? ', PATH=' + src.path : '') + - (src.helm && src.helm.valueFiles ? ', VALUES=' + src.helm.valueFiles[0] : ''); - } else if (repoAppDetails.type === 'Kustomize') { - floatingTitle = 'TYPE=' + repoAppDetails.type + ', URL=' + src.repoURL; - descriptionCollapsed = 'TYPE=' + repoAppDetails.type + ', VERSION=' + src.kustomize.version + (src.path ? ', PATH=' + src.path : ''); - } else if (repoAppDetails.type === 'Plugin') { - floatingTitle = - 'TYPE=' + - repoAppDetails.type + - ', URL=' + - src.repoURL + - (src.path ? ', PATH=' + src.path : '') + - (src.targetRevision ? ', TARGET REVISION=' + src.targetRevision : ''); - descriptionCollapsed = - 'TYPE=' + repoAppDetails.type + '' + (src.path ? ', PATH=' + src.path : '') + (src.targetRevision ? ', TARGET REVISION=' + src.targetRevision : ''); - } - } - return ( - { - const updatedSrc = isSingleSource ? input.spec.source : input.spec.sources[ind]; - - function isDefined(item: any) { - return item !== null && item !== undefined; - } - function isDefinedWithVersion(item: any) { - return item !== null && item !== undefined && item.match(/:/); - } - - if (updatedSrc.helm && updatedSrc.helm.parameters) { - updatedSrc.helm.parameters = updatedSrc.helm.parameters.filter(isDefined); - } - if (updatedSrc.kustomize && updatedSrc.kustomize.images) { - updatedSrc.kustomize.images = updatedSrc.kustomize.images.filter(isDefinedWithVersion); - } - - let params = input.spec?.source?.plugin?.parameters; - if (params) { - for (const param of params) { - if (param.map && param.array) { - // @ts-ignore - param.map = param.array.reduce((acc, {name, value}) => { - // @ts-ignore - acc[name] = value; - return acc; - }, {}); - delete param.array; - } - } - - params = params.filter(param => !appParamsDeletedState.includes(param.name)); - input.spec.source.plugin.parameters = params; - } - if (input.spec.source.helm && input.spec.source.helm.valuesObject) { - input.spec.source.helm.valuesObject = jsYaml.safeLoad(input.spec.source.helm.values); // Deserialize json - input.spec.source.helm.values = ''; - } - await props.save(input, {}); - setRemovedOverrides(new Array()); - }) - } - values={ - app?.spec?.source - ? ((props.details.plugin || app?.spec?.source?.plugin) && cloneDeep(app)) || app - : ((repoAppDetails.plugin || app?.spec?.sources[ind]?.plugin) && cloneDeep(app)) || app - } - validate={updatedApp => { - const errors = {} as any; - - for (const fieldPath of ['spec.source.directory.jsonnet.tlas', 'spec.source.directory.jsonnet.extVars']) { - const invalid = ((getNestedField(updatedApp, fieldPath) || []) as Array).filter(item => !item.name && !item.code); - errors[fieldPath] = invalid.length > 0 ? 'All fields must have name' : null; - } - - if (updatedApp.spec.source.helm && updatedApp.spec.source.helm.values) { - const parsedValues = jsYaml.safeLoad(updatedApp.spec.source.helm.values); - errors['spec.source.helm.values'] = typeof parsedValues === 'object' ? null : 'Values must be a map'; - } - - return errors; - }} - onModeSwitch={ - repoAppDetails.plugin && - (() => { - setAppParamsDeletedState([]); - }) - } - title={repoAppDetails.type.toLocaleUpperCase()} - titleCollapsed={src.repoURL} - floatingTitle={floatingTitle} - items={panel as EditablePanelItem[]} - noReadonlyMode={props.noReadonlyMode} - collapsible={sources.length > 1} - collapsed={true} - collapsedDescription={descriptionCollapsed} - hasMultipleSources={app.spec.sources && app.spec.sources.length > 0} - /> - ); - } -}; - -function gatherDetails( - repoDetails: models.RepoAppDetails, - attributes: EditablePanelItem[], - source: models.ApplicationSource, - app: models.Application, - setRemovedOverrides: any, - removedOverrides: any, - appParamsDeletedState: any[], - setAppParamsDeletedState: any -): EditablePanelItem[] { - const hasMultipleSources = app.spec.sources && app.spec.sources.length > 0; - const isHelm = source.hasOwnProperty('chart'); - if (hasMultipleSources) { - attributes.push({ - title: 'REPO URL', - view: , - edit: (formApi: FormApi) => - hasMultipleSources ? ( - helpTip('REPO URL is not editable for applications with multiple sources. You can edit them in the "Manifest" tab.') - ) : ( - - ) - }); - if (isHelm) { - attributes.push({ - title: 'CHART', - view: ( - - {source.chart}:{source.targetRevision} - - ), - edit: (formApi: FormApi) => - hasMultipleSources ? ( - helpTip('CHART is not editable for applications with multiple sources. You can edit them in the "Manifest" tab.') - ) : ( - services.repos.charts(src.repoURL).catch(() => new Array())}> - {(charts: models.HelmChart[]) => ( -
    -
    - chart.name), - filterSuggestions: true - }} - /> -
    - { - const chartInfo = data.charts.find(chart => chart.name === data.chart); - return (chartInfo && chartInfo.versions) || new Array(); - }}> - {(versions: string[]) => ( -
    - - -
    - )} -     -
    - )} -     - ) - }); - } else { - attributes.push({ - title: 'TARGET REVISION', - view: , - edit: (formApi: FormApi) => - hasMultipleSources ? ( - helpTip('TARGET REVISION is not editable for applications with multiple sources. You can edit them in the "Manifest" tab.') - ) : ( - - ) - }); - attributes.push({ - title: 'PATH', - view: ( - - {processPath(source.path)} - - ), - edit: (formApi: FormApi) => - hasMultipleSources ? ( - helpTip('PATH is not editable for applications with multiple sources. You can edit them in the "Manifest" tab.') - ) : ( - - ) - }); - attributes.push({ - title: 'REF', - view: source.ref, - edit: (formApi: FormApi) => - }); - } - } - if (repoDetails.type === 'Kustomize' && repoDetails.kustomize) { + if (props.details.type === 'Kustomize' && props.details.kustomize) { attributes.push({ title: 'VERSION', view: (source.kustomize && source.kustomize.version) || default, @@ -450,7 +168,7 @@ function gatherDetails( edit: (formApi: FormApi) => }); - const srcImages = ((repoDetails && repoDetails.kustomize && repoDetails.kustomize.images) || []).map(val => kustomize.parse(val)); + const srcImages = ((props.details && props.details.kustomize && props.details.kustomize.images) || []).map(val => kustomize.parse(val)); const images = ((source.kustomize && source.kustomize.images) || []).map(val => kustomize.parse(val)); if (srcImages.length > 0) { @@ -481,9 +199,7 @@ function gatherDetails( ) ); } - } else if (repoDetails.type === 'Helm' && repoDetails.helm) { - const isValuesObject = source?.helm?.valuesObject; - const helmValues = isValuesObject ? jsYaml.safeDump(source.helm.valuesObject) : source?.helm?.values; + } else if (props.details.type === 'Helm' && props.details.helm) { attributes.push({ title: 'VALUES FILES', view: (source.helm && (source.helm.valueFiles || []).join(', ')) || 'No values files selected', @@ -493,7 +209,7 @@ function gatherDetails( field='spec.source.helm.valueFiles' component={TagsInputField} componentProps={{ - options: repoDetails.helm.valueFiles, + options: props.details.helm.valueFiles, noTagsLabel: 'No values files selected' }} /> @@ -522,7 +238,7 @@ function gatherDetails( } }); const paramsByName = new Map(); - (repoDetails.helm.parameters || []).forEach(param => paramsByName.set(param.name, param)); + (props.details.helm.parameters || []).forEach(param => paramsByName.set(param.name, param)); const overridesByName = new Map(); ((source.helm && source.helm.parameters) || []).forEach((override, i) => overridesByName.set(override.name, i)); attributes = attributes.concat( @@ -545,7 +261,7 @@ function gatherDetails( ) ); const fileParamsByName = new Map(); - (repoDetails.helm.fileParameters || []).forEach(param => fileParamsByName.set(param.name, param)); + (props.details.helm.fileParameters || []).forEach(param => fileParamsByName.set(param.name, param)); const fileOverridesByName = new Map(); ((source.helm && source.helm.fileParameters) || []).forEach((override, i) => fileOverridesByName.set(override.name, i)); attributes = attributes.concat( @@ -567,7 +283,7 @@ function gatherDetails( }) ) ); - } else if (repoDetails.type === 'Plugin') { + } else if (props.details.type === 'Plugin') { attributes.push({ title: 'NAME', view:
    {ValueEditor(app.spec.source?.plugin?.name, null)}
    , @@ -593,8 +309,8 @@ function gatherDetails( edit: (formApi: FormApi) => }); const parametersSet = new Set(); - if (repoDetails?.plugin?.parametersAnnouncement) { - for (const announcement of repoDetails.plugin.parametersAnnouncement) { + if (props.details?.plugin?.parametersAnnouncement) { + for (const announcement of props.details.plugin.parametersAnnouncement) { parametersSet.add(announcement.name); } } @@ -608,7 +324,7 @@ function gatherDetails( parametersSet.delete(key); } parametersSet.forEach(name => { - const announcement = repoDetails.plugin.parametersAnnouncement?.find(param => param.name === name); + const announcement = props.details.plugin.parametersAnnouncement?.find(param => param.name === name); const liveParam = app.spec.source?.plugin?.parameters?.find(param => param.name === name); const pluginIcon = announcement && liveParam ? 'This parameter has been provided by plugin, but is overridden in application manifest.' : 'This parameter is provided by the plugin.'; @@ -734,7 +450,7 @@ function gatherDetails( }); } }); - } else if (repoDetails.type === 'Directory') { + } else if (props.details.type === 'Directory') { const directory = source.directory || ({} as ApplicationSourceDirectory); attributes.push({ title: 'DIRECTORY RECURSE', @@ -772,5 +488,79 @@ function gatherDetails( edit: (formApi: FormApi) => }); } - return attributes; -} + + return ( + { + const src = getAppDefaultSource(input); + + function isDefined(item: any) { + return item !== null && item !== undefined; + } + function isDefinedWithVersion(item: any) { + return item !== null && item !== undefined && item.match(/:/); + } + + if (src.helm && src.helm.parameters) { + src.helm.parameters = src.helm.parameters.filter(isDefined); + } + if (src.kustomize && src.kustomize.images) { + src.kustomize.images = src.kustomize.images.filter(isDefinedWithVersion); + } + + let params = input.spec?.source?.plugin?.parameters; + if (params) { + for (const param of params) { + if (param.map && param.array) { + // @ts-ignore + param.map = param.array.reduce((acc, {name, value}) => { + // @ts-ignore + acc[name] = value; + return acc; + }, {}); + delete param.array; + } + } + + params = params.filter(param => !appParamsDeletedState.includes(param.name)); + input.spec.source.plugin.parameters = params; + } + if (input.spec.source.helm && input.spec.source.helm.valuesObject) { + input.spec.source.helm.valuesObject = jsYaml.safeLoad(input.spec.source.helm.values); // Deserialize json + input.spec.source.helm.values = ''; + } + await props.save(input, {}); + setRemovedOverrides(new Array()); + }) + } + values={((props.details.plugin || app?.spec?.source?.plugin) && cloneDeep(app)) || app} + validate={updatedApp => { + const errors = {} as any; + + for (const fieldPath of ['spec.source.directory.jsonnet.tlas', 'spec.source.directory.jsonnet.extVars']) { + const invalid = ((getNestedField(updatedApp, fieldPath) || []) as Array).filter(item => !item.name && !item.code); + errors[fieldPath] = invalid.length > 0 ? 'All fields must have name' : null; + } + + if (updatedApp.spec.source.helm && updatedApp.spec.source.helm.values) { + const parsedValues = jsYaml.safeLoad(updatedApp.spec.source.helm.values); + errors['spec.source.helm.values'] = typeof parsedValues === 'object' ? null : 'Values must be a map'; + } + + return errors; + }} + onModeSwitch={ + props.details.plugin && + (() => { + setAppParamsDeletedState([]); + }) + } + title={props.details.type.toLocaleUpperCase()} + items={attributes} + noReadonlyMode={props.noReadonlyMode} + hasMultipleSources={app.spec.sources && app.spec.sources.length > 0} + /> + ); +}; diff --git a/ui/src/app/applications/components/application-status-panel/application-status-panel.tsx b/ui/src/app/applications/components/application-status-panel/application-status-panel.tsx index 7c2b65cd3ce27..956e8c679bf20 100644 --- a/ui/src/app/applications/components/application-status-panel/application-status-panel.tsx +++ b/ui/src/app/applications/components/application-status-panel/application-status-panel.tsx @@ -107,16 +107,20 @@ export const ApplicationStatusPanel = ({application, showDiff, showOperation, sh
    {application.spec.syncPolicy?.automated ? 'Auto sync is enabled.' : 'Auto sync is not enabled.'}
    - {application.status && application.status.sync && application.status.sync.revision && !application.spec.source.chart && ( -
    - -
    - )} + {application.status && + application.status.sync && + (hasMultipleSources + ? application.status.sync.revisions && application.status.sync.revisions[0] && application.spec.sources && !application.spec.sources[0].chart + : application.status.sync.revision && !application.spec.source?.chart) && ( +
    + +
    + )}
    {appOperationState && ( diff --git a/ui/src/app/applications/components/application-summary/application-summary.tsx b/ui/src/app/applications/components/application-summary/application-summary.tsx index 83916a001860e..f38a380b50ea8 100644 --- a/ui/src/app/applications/components/application-summary/application-summary.tsx +++ b/ui/src/app/applications/components/application-summary/application-summary.tsx @@ -170,7 +170,7 @@ export const ApplicationSummary = (props: ApplicationSummaryProps) => { title: 'CREATED AT', view: formatCreationTimestamp(app.metadata.creationTimestamp) }, - !hasMultipleSources && { + { title: 'REPO URL', view: , edit: (formApi: FormApi) => @@ -180,89 +180,88 @@ export const ApplicationSummary = (props: ApplicationSummaryProps) => { ) }, - ...(!hasMultipleSources - ? isHelm - ? [ - { - title: 'CHART', - view: ( - - {source.chart}:{source.targetRevision} - - ), - edit: (formApi: FormApi) => - hasMultipleSources ? ( - helpTip('CHART is not editable for applications with multiple sources. You can edit them in the "Manifest" tab.') - ) : ( - services.repos.charts(src.repoURL).catch(() => new Array())}> - {(charts: models.HelmChart[]) => ( -
    -
    - chart.name), - filterSuggestions: true - }} - /> -
    - { - const chartInfo = data.charts.find(chart => chart.name === data.chart); - return (chartInfo && chartInfo.versions) || new Array(); - }}> - {(versions: string[]) => ( -
    - - -
    - )} -     + ...(isHelm + ? [ + { + title: 'CHART', + view: ( + + {source.chart}:{source.targetRevision} + + ), + edit: (formApi: FormApi) => + hasMultipleSources ? ( + helpTip('CHART is not editable for applications with multiple sources. You can edit them in the "Manifest" tab.') + ) : ( + services.repos.charts(src.repoURL).catch(() => new Array())}> + {(charts: models.HelmChart[]) => ( +
    +
    + chart.name), + filterSuggestions: true + }} + />
    - )} - - ) - } - ] - : [ - { - title: 'TARGET REVISION', - view: , - edit: (formApi: FormApi) => - hasMultipleSources ? ( - helpTip('TARGET REVISION is not editable for applications with multiple sources. You can edit them in the "Manifest" tab.') - ) : ( - - ) - }, - { - title: 'PATH', - view: ( - - {processPath(source.path)} - - ), - edit: (formApi: FormApi) => - hasMultipleSources ? ( - helpTip('PATH is not editable for applications with multiple sources. You can edit them in the "Manifest" tab.') - ) : ( - - ) - } - ] - : []), + { + const chartInfo = data.charts.find(chart => chart.name === data.chart); + return (chartInfo && chartInfo.versions) || new Array(); + }}> + {(versions: string[]) => ( +
    + + +
    + )} +     +
    + )} +     + ) + } + ] + : [ + { + title: 'TARGET REVISION', + view: , + edit: (formApi: FormApi) => + hasMultipleSources ? ( + helpTip('TARGET REVISION is not editable for applications with multiple sources. You can edit them in the "Manifest" tab.') + ) : ( + + ) + }, + { + title: 'PATH', + view: ( + + {processPath(source.path)} + + ), + edit: (formApi: FormApi) => + hasMultipleSources ? ( + helpTip('PATH is not editable for applications with multiple sources. You can edit them in the "Manifest" tab.') + ) : ( + + ) + } + ]), + { title: 'REVISION HISTORY LIMIT', view: app.spec.revisionHistoryLimit, diff --git a/ui/src/app/applications/components/applications-list/applications-summary.tsx b/ui/src/app/applications/components/applications-list/applications-summary.tsx index efff821a01def..0a77350fd1127 100644 --- a/ui/src/app/applications/components/applications-list/applications-summary.tsx +++ b/ui/src/app/applications/components/applications-list/applications-summary.tsx @@ -40,7 +40,7 @@ export const ApplicationsSummary = ({applications}: {applications: models.Applic }, { title: 'CLUSTERS', - value: new Set(applications.map(app => app.spec.destination.server || app.spec.destination.name)).size + value: new Set(applications.map(app => app.spec.destination.server)).size }, { title: 'NAMESPACES', diff --git a/ui/src/app/applications/components/resource-details/resource-details.tsx b/ui/src/app/applications/components/resource-details/resource-details.tsx index 5462ba4f7315b..52d2fef184703 100644 --- a/ui/src/app/applications/components/resource-details/resource-details.tsx +++ b/ui/src/app/applications/components/resource-details/resource-details.tsx @@ -40,7 +40,6 @@ export const ResourceDetails = (props: ResourceDetailsProps) => { const tab = new URLSearchParams(appContext.history.location.search).get('tab'); const selectedNodeInfo = NodeInfo(new URLSearchParams(appContext.history.location.search).get('node')); const selectedNodeKey = selectedNodeInfo.key; - const [pageNumber, setPageNumber] = React.useState(0); const getResourceTabs = ( node: ResourceNode, @@ -116,7 +115,7 @@ export const ResourceDetails = (props: ResourceDetailsProps) => { } ]); } - if (selectedNode?.kind === 'Pod' && execEnabled && execAllowed) { + if (selectedNode.kind === 'Pod' && execEnabled && execAllowed) { tabs = tabs.concat([ { key: 'exec', @@ -162,18 +161,23 @@ export const ResourceDetails = (props: ResourceDetailsProps) => { content: updateApp(app, query)} /> }, { - title: 'SOURCES', - key: 'sources', + title: 'PARAMETERS', + key: 'parameters', content: ( - getSources(app)}> - {(details: RepoAppDetails[]) => ( + + services.repos.appDetails(AppUtils.getAppDefaultSource(app), app.metadata.name, app.spec.project).catch(() => ({ + type: 'Directory' as AppSourceType, + path: AppUtils.getAppDefaultSource(app).path + })) + }> + {(details: RepoAppDetails) => ( updateApp(app, query)} application={application} - details={details[0]} - detailsList={details} - pageNumber={pageNumber} - setPageNumber={setPageNumber} + details={details} /> )} @@ -364,32 +368,3 @@ export const ResourceDetails = (props: ResourceDetailsProps) => {
    ); }; - -// Maintain compatibility with single source field. Remove else block when source field is removed -async function getSources(app: models.Application) { - const listOfDetails = new Array(); - const sources: models.ApplicationSource[] = app.spec.sources; - if (sources) { - const length = sources.length; - for (let i = 0; i < length; i++) { - const aSource = sources[i]; - const repoDetail = await services.repos.appDetails(aSource, app.metadata.name, app.spec.project).catch(e => ({ - type: 'Directory' as AppSourceType, - path: aSource.path - })); - if (repoDetail) { - listOfDetails.push(repoDetail); - } - } - return listOfDetails; - } else { - const repoDetail = await services.repos.appDetails(AppUtils.getAppDefaultSource(app), app.metadata.name, app.spec.project).catch(() => ({ - type: 'Directory' as AppSourceType, - path: AppUtils.getAppDefaultSource(app).path - })); - if (repoDetail) { - listOfDetails.push(repoDetail); - } - return listOfDetails; - } -} diff --git a/ui/src/app/shared/components/editable-panel/editable-panel.scss b/ui/src/app/shared/components/editable-panel/editable-panel.scss index ee0d48e77d689..7da3f2c3fc55c 100644 --- a/ui/src/app/shared/components/editable-panel/editable-panel.scss +++ b/ui/src/app/shared/components/editable-panel/editable-panel.scss @@ -13,26 +13,6 @@ right: 3em; } - &__collapsible-button { - position: absolute; - top: 30px; - right: 30px; - } - - &__sticky-title { - z-index: 10; - opacity: 75%; - position: sticky; - padding-left: 15px; - padding-right: 15px; - margin-bottom: 5px; - text-align: center; - top: 0px; - text-overflow: ellipsis; - white-space: nowrap; - overflow: hidden; - } - .form-field__select { line-height: 15px; padding: 0; diff --git a/ui/src/app/shared/components/editable-panel/editable-panel.tsx b/ui/src/app/shared/components/editable-panel/editable-panel.tsx index 6567c7f4e3850..9e62711e0da7d 100644 --- a/ui/src/app/shared/components/editable-panel/editable-panel.tsx +++ b/ui/src/app/shared/components/editable-panel/editable-panel.tsx @@ -18,8 +18,6 @@ export interface EditablePanelItem { export interface EditablePanelProps { title?: string | React.ReactNode; - titleCollapsed?: string | React.ReactNode; - floatingTitle?: string | React.ReactNode; values: T; validate?: (values: T) => any; save?: (input: T, query: {validate?: boolean}) => Promise; @@ -29,15 +27,11 @@ export interface EditablePanelProps { view?: string | React.ReactNode; edit?: (formApi: FormApi) => React.ReactNode; hasMultipleSources?: boolean; - collapsible?: boolean; - collapsed?: boolean; - collapsedDescription?: string; } interface EditablePanelState { edit: boolean; saving: boolean; - collapsed: boolean; } require('./editable-panel.scss'); @@ -47,7 +41,7 @@ export class EditablePanel extends React.Component constructor(props: EditablePanelProps) { super(props); - this.state = {edit: !!props.noReadonlyMode, saving: false, collapsed: this.props.collapsed}; + this.state = {edit: !!props.noReadonlyMode, saving: false}; } public UNSAFE_componentWillReceiveProps(nextProps: EditablePanelProps) { @@ -61,130 +55,105 @@ export class EditablePanel extends React.Component public render() { return ( - {ctx => - this.props.collapsible && this.state.collapsed ? ( -
    this.setState({collapsed: !this.state.collapsed})}> -
    -
    {this.props.titleCollapsed ? this.props.titleCollapsed : this.props.title}
    -
    {this.props.collapsedDescription}
    -
    -
    - -
    -
    - ) : ( -
    - {this.props.floatingTitle &&
    {this.props.floatingTitle}
    } -
    - {!this.props.noReadonlyMode && this.props.save && ( -
    - {!this.state.edit && ( + {ctx => ( +
    +
    + {!this.props.noReadonlyMode && this.props.save && ( +
    + {!this.state.edit && ( + + )} + {this.state.edit && ( + + {' '} - )} - {this.state.edit && ( - - {' '} - + + )} +
    + )} + {this.props.title &&

    {this.props.title}

    } + {(!this.state.edit && ( + + {this.props.view} + {this.props.items + .filter(item => item.view) + .map(item => ( + + {item.before} +
    +
    {item.customTitle || item.title}
    +
    {item.view}
    +
    - )} -
    - )} - {this.props.collapsible && ( - -
    - { - this.setState({collapsed: !this.state.collapsed}); - }} - /> -
    -     - )} - {this.props.title &&

    {this.props.title}

    } - {(!this.state.edit && ( - - {this.props.view} - {this.props.items - .filter(item => item.view) - .map(item => ( + ))} + + )) || ( +
    (this.formApi = api)} + formDidUpdate={async form => { + if (this.props.noReadonlyMode && this.props.save) { + await this.props.save(form.values as any, {}); + } + }} + onSubmit={async input => { + try { + this.setState({saving: true}); + await this.props.save(input as any, {}); + this.setState({edit: false, saving: false}); + this.onModeSwitch(); + } catch (e) { + ctx.notifications.show({ + content: , + type: NotificationType.Error + }); + } finally { + this.setState({saving: false}); + } + }} + defaultValues={this.props.values} + validateError={this.props.validate}> + {api => ( + + {this.props.edit && this.props.edit(api)} + {this.props.items.map(item => ( {item.before}
    -
    {item.customTitle || item.title}
    -
    {item.view}
    +
    {(item.titleEdit && item.titleEdit(api)) || item.customTitle || item.title}
    +
    {(item.edit && item.edit(api)) || item.view}
     ))} -     - )) || ( - (this.formApi = api)} - formDidUpdate={async form => { - if (this.props.noReadonlyMode && this.props.save) { - await this.props.save(form.values as any, {}); - } - }} - onSubmit={async input => { - try { - this.setState({saving: true}); - await this.props.save(input as any, {}); - this.setState({edit: false, saving: false}); - this.onModeSwitch(); - } catch (e) { - ctx.notifications.show({ - content: , - type: NotificationType.Error - }); - } finally { - this.setState({saving: false}); - } - }} - defaultValues={this.props.values} - validateError={this.props.validate}> - {api => ( - - {this.props.edit && this.props.edit(api)} - {this.props.items.map(item => ( - - {item.before} -
    -
    {(item.titleEdit && item.titleEdit(api)) || item.customTitle || item.title}
    -
    {(item.edit && item.edit(api)) || item.view}
    -
    -     - ))} -     - )} - - )} -
    + + )} + + )}
    - ) - } +
    + )} ); } diff --git a/ui/src/app/shared/models.ts b/ui/src/app/shared/models.ts index bb88dcf3cc443..823c61c34dc9a 100644 --- a/ui/src/app/shared/models.ts +++ b/ui/src/app/shared/models.ts @@ -197,8 +197,6 @@ export interface ApplicationSource { plugin?: ApplicationSourcePlugin; directory?: ApplicationSourceDirectory; - - ref?: string; } export interface ApplicationSourceHelm { diff --git a/util/app/path/path.go b/util/app/path/path.go index fe08c3e86c3b9..d2bb166fa1b26 100644 --- a/util/app/path/path.go +++ b/util/app/path/path.go @@ -131,11 +131,13 @@ func AppFilesHaveChanged(refreshPaths []string, changedFiles []string) bool { f = ensureAbsPath(f) for _, item := range refreshPaths { item = ensureAbsPath(item) + changed := false if f == item { - return true + changed = true } else if _, err := security.EnforceToCurrentRoot(item, f); err == nil { - return true - } else if matched, err := filepath.Match(item, f); err == nil && matched { + changed = true + } + if changed { return true } } diff --git a/util/app/path/path_test.go b/util/app/path/path_test.go index b7afd47734082..11c746a87f3b6 100644 --- a/util/app/path/path_test.go +++ b/util/app/path/path_test.go @@ -144,14 +144,6 @@ func Test_AppFilesHaveChanged(t *testing.T) { {"absolute path, multi source - matching #2", getMultiSourceApp("/source/path", "other/path", "source/path"), []string{"source/path/my-deployment.yaml"}, true}, {"absolute path - not matching", getApp("/source/path1", "source/path"), []string{"source/path/my-deployment.yaml"}, false}, {"absolute path, multi source - not matching", getMultiSourceApp("/source/path1", "other/path", "source/path"), []string{"source/path/my-deployment.yaml"}, false}, - {"glob path * - matching", getApp("/source/**/my-deployment.yaml", "source/path"), []string{"source/path/my-deployment.yaml"}, true}, - {"glob path * - not matching", getApp("/source/**/my-service.yaml", "source/path"), []string{"source/path/my-deployment.yaml"}, false}, - {"glob path ? - matching", getApp("/source/path/my-deployment-?.yaml", "source/path"), []string{"source/path/my-deployment-0.yaml"}, true}, - {"glob path ? - not matching", getApp("/source/path/my-deployment-?.yaml", "source/path"), []string{"source/path/my-deployment.yaml"}, false}, - {"glob path char range - matching", getApp("/source/path[0-9]/my-deployment.yaml", "source/path"), []string{"source/path1/my-deployment.yaml"}, true}, - {"glob path char range - not matching", getApp("/source/path[0-9]/my-deployment.yaml", "source/path"), []string{"source/path/my-deployment.yaml"}, false}, - {"mixed glob path - matching", getApp("/source/path[0-9]/my-*.yaml", "source/path"), []string{"source/path1/my-deployment.yaml"}, true}, - {"mixed glob path - not matching", getApp("/source/path[0-9]/my-*.yaml", "source/path"), []string{"README.md"}, false}, {"two relative paths - matching", getApp(".;../shared", "my-app"), []string{"shared/my-deployment.yaml"}, true}, {"two relative paths, multi source - matching #1", getMultiSourceApp(".;../shared", "my-app", "other/path"), []string{"shared/my-deployment.yaml"}, true}, {"two relative paths, multi source - matching #2", getMultiSourceApp(".;../shared", "my-app", "other/path"), []string{"shared/my-deployment.yaml"}, true}, @@ -193,12 +185,12 @@ func Test_GetAppRefreshPaths(t *testing.T) { }{ {"default no path", &v1alpha1.Application{}, []string{}}, {"relative path", getApp(".", "source/path"), []string{"source/path"}}, + {"absolute path", getApp("/source/path", "source/path"), []string{"source/path"}}, {"absolute path - multi source", getMultiSourceApp("/source/path", "source/path", "other/path"), []string{"source/path"}}, {"two relative paths ", getApp(".;../shared", "my-app"), []string{"my-app", "shared"}}, {"file relative path", getApp("./my-deployment.yaml", "source/path"), []string{"source/path/my-deployment.yaml"}}, {"file absolute path", getApp("/source/path/my-deployment.yaml", "source/path"), []string{"source/path/my-deployment.yaml"}}, {"file two relative paths", getApp("./README.md;../shared/my-deployment.yaml", "my-app"), []string{"my-app/README.md", "shared/my-deployment.yaml"}}, - {"glob path", getApp("/source/*/my-deployment.yaml", "source/path"), []string{"source/*/my-deployment.yaml"}}, {"empty path", getApp(".;", "source/path"), []string{"source/path"}}, } for _, tt := range tests { diff --git a/util/config/env.go b/util/config/env.go index d2007fba6af49..b6679bca7e460 100644 --- a/util/config/env.go +++ b/util/config/env.go @@ -1,10 +1,8 @@ package config import ( - "encoding/csv" "errors" "os" - "strconv" "strings" "github.com/kballard/go-shellquote" @@ -48,8 +46,8 @@ func loadFlags() error { // pkg shellquota doesn't recognize `=` so that the opts in format `foo=bar` could not work. // issue ref: https://github.com/argoproj/argo-cd/issues/6822 for k, v := range flags { - if strings.Contains(k, "=") && v == "true" { - kv := strings.SplitN(k, "=", 2) + if strings.Contains(k, "=") && strings.Count(k, "=") == 1 && v == "true" { + kv := strings.Split(k, "=") actualKey, actualValue := kv[0], kv[1] if _, ok := flags[actualKey]; !ok { flags[actualKey] = actualValue @@ -70,34 +68,3 @@ func GetFlag(key, fallback string) string { func GetBoolFlag(key string) bool { return GetFlag(key, "false") == "true" } - -func GetIntFlag(key string, fallback int) int { - val, ok := flags[key] - if !ok { - return fallback - } - - v, err := strconv.Atoi(val) - if err != nil { - log.Fatal(err) - } - return v -} - -func GetStringSliceFlag(key string, fallback []string) []string { - val, ok := flags[key] - if !ok { - return fallback - } - - if val == "" { - return []string{} - } - stringReader := strings.NewReader(val) - csvReader := csv.NewReader(stringReader) - v, err := csvReader.Read() - if err != nil { - log.Fatal(err) - } - return v -} diff --git a/util/config/env_test.go b/util/config/env_test.go index da0ae71ba18da..c19961813a457 100644 --- a/util/config/env_test.go +++ b/util/config/env_test.go @@ -54,63 +54,6 @@ func TestBooleanFlagAtEnd(t *testing.T) { assert.True(t, GetBoolFlag("foo")) } -func TestIntFlag(t *testing.T) { - loadOpts(t, "--foo 2") - - assert.Equal(t, 2, GetIntFlag("foo", 0)) -} - -func TestIntFlagAtStart(t *testing.T) { - loadOpts(t, "--foo 2 --bar baz") - - assert.Equal(t, 2, GetIntFlag("foo", 0)) -} - -func TestIntFlagInMiddle(t *testing.T) { - loadOpts(t, "--bar baz --foo 2 --qux") - - assert.Equal(t, 2, GetIntFlag("foo", 0)) -} - -func TestIntFlagAtEnd(t *testing.T) { - loadOpts(t, "--bar baz --foo 2") - - assert.Equal(t, 2, GetIntFlag("foo", 0)) -} - -func TestStringSliceFlag(t *testing.T) { - loadOpts(t, "--header='Content-Type: application/json; charset=utf-8,Strict-Transport-Security: max-age=31536000'") - strings := GetStringSliceFlag("header", []string{}) - - assert.Equal(t, 2, len(strings)) - assert.Equal(t, "Content-Type: application/json; charset=utf-8", strings[0]) - assert.Equal(t, "Strict-Transport-Security: max-age=31536000", strings[1]) -} - -func TestStringSliceFlagAtStart(t *testing.T) { - loadOpts(t, "--header='Strict-Transport-Security: max-age=31536000' --bar baz") - strings := GetStringSliceFlag("header", []string{}) - - assert.Equal(t, 1, len(strings)) - assert.Equal(t, "Strict-Transport-Security: max-age=31536000", strings[0]) -} - -func TestStringSliceFlagInMiddle(t *testing.T) { - loadOpts(t, "--bar baz --header='Strict-Transport-Security: max-age=31536000' --qux") - strings := GetStringSliceFlag("header", []string{}) - - assert.Equal(t, 1, len(strings)) - assert.Equal(t, "Strict-Transport-Security: max-age=31536000", strings[0]) -} - -func TestStringSliceFlagAtEnd(t *testing.T) { - loadOpts(t, "--bar baz --header='Strict-Transport-Security: max-age=31536000'") - strings := GetStringSliceFlag("header", []string{}) - - assert.Equal(t, 1, len(strings)) - assert.Equal(t, "Strict-Transport-Security: max-age=31536000", strings[0]) -} - func TestFlagAtStart(t *testing.T) { loadOpts(t, "--foo bar") diff --git a/util/git/client.go b/util/git/client.go index bbd510c5d106b..d5ac7643aff45 100644 --- a/util/git/client.go +++ b/util/git/client.go @@ -705,7 +705,7 @@ func (m *nativeGitClient) IsAnnotatedTag(revision string) bool { } } -// ChangedFiles returns a list of files changed between two revisions +// returns the meta-data for the commit func (m *nativeGitClient) ChangedFiles(revision string, targetRevision string) ([]string, error) { if revision == targetRevision { return []string{}, nil diff --git a/util/git/creds.go b/util/git/creds.go index e0ca584ebb7ad..18698449082bf 100644 --- a/util/git/creds.go +++ b/util/git/creds.go @@ -277,9 +277,6 @@ func (c SSHCreds) Environ() (io.Closer, []string, error) { if err != nil { return nil, nil, err } - - sshCloser := sshPrivateKeyFile(file.Name()) - defer func() { if err = file.Close(); err != nil { log.WithFields(log.Fields{ @@ -291,7 +288,6 @@ func (c SSHCreds) Environ() (io.Closer, []string, error) { _, err = file.WriteString(c.sshPrivateKey + "\n") if err != nil { - sshCloser.Close() return nil, nil, err } @@ -314,7 +310,6 @@ func (c SSHCreds) Environ() (io.Closer, []string, error) { if c.proxy != "" { parsedProxyURL, err := url.Parse(c.proxy) if err != nil { - sshCloser.Close() return nil, nil, fmt.Errorf("failed to set environment variables related to socks5 proxy, could not parse proxy URL '%s': %w", c.proxy, err) } args = append(args, "-o", fmt.Sprintf("ProxyCommand='connect-proxy -S %s:%s -5 %%h %%p'", @@ -329,7 +324,7 @@ func (c SSHCreds) Environ() (io.Closer, []string, error) { } env = append(env, []string{fmt.Sprintf("GIT_SSH_COMMAND=%s", strings.Join(args, " "))}...) env = append(env, proxyEnv...) - return sshCloser, env, nil + return sshPrivateKeyFile(file.Name()), env, nil } // GitHubAppCreds to authenticate as GitHub application diff --git a/util/git/creds_test.go b/util/git/creds_test.go index 69c1150db881b..23a705ed33574 100644 --- a/util/git/creds_test.go +++ b/util/git/creds_test.go @@ -17,7 +17,6 @@ import ( "github.com/argoproj/argo-cd/v2/util/cert" "github.com/argoproj/argo-cd/v2/util/io" - argoio "github.com/argoproj/gitops-engine/pkg/utils/io" ) type cred struct { @@ -303,37 +302,6 @@ func Test_SSHCreds_Environ_WithProxyUserNamePassword(t *testing.T) { } } -func Test_SSHCreds_Environ_TempFileCleanupOnInvalidProxyURL(t *testing.T) { - - // Previously, if the proxy URL was invalid, a temporary file would be left in /dev/shm. This ensures the file is cleaned up in this case. - - // countDev returns the number of files in /dev/shm (argoio.TempDir) - countFilesInDevShm := func() int { - entries, err := os.ReadDir(argoio.TempDir) - require.NoError(t, err) - - return len(entries) - } - - for _, insecureIgnoreHostKey := range []bool{false, true} { - tempDir := t.TempDir() - caFile := path.Join(tempDir, "caFile") - err := os.WriteFile(caFile, []byte(""), os.FileMode(0600)) - require.NoError(t, err) - creds := NewSSHCreds("sshPrivateKey", caFile, insecureIgnoreHostKey, &NoopCredsStore{}, ":invalid-proxy-url") - - filesInDevShmBeforeInvocation := countFilesInDevShm() - - _, _, err = creds.Environ() - require.Error(t, err) - - filesInDevShmAfterInvocation := countFilesInDevShm() - - assert.Equal(t, filesInDevShmBeforeInvocation, filesInDevShmAfterInvocation, "no temporary files should leak if the proxy url cannot be parsed") - - } -} - const gcpServiceAccountKeyJSON = `{ "type": "service_account", "project_id": "my-google-project", diff --git a/util/grpc/trace.go b/util/grpc/trace.go index 484e2b61dc253..7ecc5bc9647d0 100644 --- a/util/grpc/trace.go +++ b/util/grpc/trace.go @@ -17,8 +17,8 @@ var ( // see https://github.com/open-telemetry/opentelemetry-go-contrib/issues/4226 for details func ensureInitialized() { interceptorsInitialized.Do(func() { - otelUnaryInterceptor = otelgrpc.UnaryClientInterceptor() - otelStreamInterceptor = otelgrpc.StreamClientInterceptor() + otelUnaryInterceptor = otelgrpc.UnaryClientInterceptor() //nolint:staticcheck // TODO: ignore SA1019 for depreciation: see https://github.com/argoproj/argo-cd/issues/18258 + otelStreamInterceptor = otelgrpc.StreamClientInterceptor() //nolint:staticcheck // TODO: ignore SA1019 for depreciation: see https://github.com/argoproj/argo-cd/issues/18258 }) } diff --git a/util/helm/client.go b/util/helm/client.go index aab627cb7c4fb..8b99cd67c6904 100644 --- a/util/helm/client.go +++ b/util/helm/client.go @@ -32,8 +32,6 @@ import ( "github.com/argoproj/argo-cd/v2/util/proxy" ) -//go:generate go run github.com/vektra/mockery/v2@v2.25.1 --name=Client - var ( globalLock = sync.NewKeyLock() indexLock = sync.NewKeyLock() diff --git a/util/helm/mocks/Client.go b/util/helm/mocks/Client.go index a950d953b05a4..0acae845a3d33 100644 --- a/util/helm/mocks/Client.go +++ b/util/helm/mocks/Client.go @@ -1,4 +1,4 @@ -// Code generated by mockery v2.25.1. DO NOT EDIT. +// Code generated by mockery v1.0.0. DO NOT EDIT. package mocks @@ -28,32 +28,29 @@ func (_m *Client) CleanChartCache(chart string, version string) error { return r0 } -// ExtractChart provides a mock function with given fields: chart, version, passCredentials, manifestMaxExtractedSize, disableManifestMaxExtractedSize +// ExtractChart provides a mock function with given fields: chart, version func (_m *Client) ExtractChart(chart string, version string, passCredentials bool, manifestMaxExtractedSize int64, disableManifestMaxExtractedSize bool) (string, io.Closer, error) { - ret := _m.Called(chart, version, passCredentials, manifestMaxExtractedSize, disableManifestMaxExtractedSize) + ret := _m.Called(chart, version) var r0 string - var r1 io.Closer - var r2 error - if rf, ok := ret.Get(0).(func(string, string, bool, int64, bool) (string, io.Closer, error)); ok { - return rf(chart, version, passCredentials, manifestMaxExtractedSize, disableManifestMaxExtractedSize) - } - if rf, ok := ret.Get(0).(func(string, string, bool, int64, bool) string); ok { - r0 = rf(chart, version, passCredentials, manifestMaxExtractedSize, disableManifestMaxExtractedSize) + if rf, ok := ret.Get(0).(func(string, string) string); ok { + r0 = rf(chart, version) } else { r0 = ret.Get(0).(string) } - if rf, ok := ret.Get(1).(func(string, string, bool, int64, bool) io.Closer); ok { - r1 = rf(chart, version, passCredentials, manifestMaxExtractedSize, disableManifestMaxExtractedSize) + var r1 io.Closer + if rf, ok := ret.Get(1).(func(string, string) io.Closer); ok { + r1 = rf(chart, version) } else { if ret.Get(1) != nil { r1 = ret.Get(1).(io.Closer) } } - if rf, ok := ret.Get(2).(func(string, string, bool, int64, bool) error); ok { - r2 = rf(chart, version, passCredentials, manifestMaxExtractedSize, disableManifestMaxExtractedSize) + var r2 error + if rf, ok := ret.Get(2).(func(string, string) error); ok { + r2 = rf(chart, version) } else { r2 = ret.Error(2) } @@ -61,25 +58,22 @@ func (_m *Client) ExtractChart(chart string, version string, passCredentials boo return r0, r1, r2 } -// GetIndex provides a mock function with given fields: noCache, maxIndexSize +// GetIndex provides a mock function with given fields: noCache func (_m *Client) GetIndex(noCache bool, maxIndexSize int64) (*helm.Index, error) { - ret := _m.Called(noCache, maxIndexSize) + ret := _m.Called(noCache) var r0 *helm.Index - var r1 error - if rf, ok := ret.Get(0).(func(bool, int64) (*helm.Index, error)); ok { - return rf(noCache, maxIndexSize) - } - if rf, ok := ret.Get(0).(func(bool, int64) *helm.Index); ok { - r0 = rf(noCache, maxIndexSize) + if rf, ok := ret.Get(0).(func(bool) *helm.Index); ok { + r0 = rf(noCache) } else { if ret.Get(0) != nil { r0 = ret.Get(0).(*helm.Index) } } - if rf, ok := ret.Get(1).(func(bool, int64) error); ok { - r1 = rf(noCache, maxIndexSize) + var r1 error + if rf, ok := ret.Get(1).(func(bool) error); ok { + r1 = rf(noCache) } else { r1 = ret.Error(1) } @@ -87,15 +81,11 @@ func (_m *Client) GetIndex(noCache bool, maxIndexSize int64) (*helm.Index, error return r0, r1 } -// GetTags provides a mock function with given fields: chart, noCache +// GetTags provides a mock function with given fields: noCache func (_m *Client) GetTags(chart string, noCache bool) (*helm.TagsList, error) { ret := _m.Called(chart, noCache) var r0 *helm.TagsList - var r1 error - if rf, ok := ret.Get(0).(func(string, bool) (*helm.TagsList, error)); ok { - return rf(chart, noCache) - } if rf, ok := ret.Get(0).(func(string, bool) *helm.TagsList); ok { r0 = rf(chart, noCache) } else { @@ -104,6 +94,7 @@ func (_m *Client) GetTags(chart string, noCache bool) (*helm.TagsList, error) { } } + var r1 error if rf, ok := ret.Get(1).(func(string, bool) error); ok { r1 = rf(chart, noCache) } else { @@ -118,16 +109,13 @@ func (_m *Client) TestHelmOCI() (bool, error) { ret := _m.Called() var r0 bool - var r1 error - if rf, ok := ret.Get(0).(func() (bool, error)); ok { - return rf() - } if rf, ok := ret.Get(0).(func() bool); ok { r0 = rf() } else { r0 = ret.Get(0).(bool) } + var r1 error if rf, ok := ret.Get(1).(func() error); ok { r1 = rf() } else { @@ -136,18 +124,3 @@ func (_m *Client) TestHelmOCI() (bool, error) { return r0, r1 } - -type mockConstructorTestingTNewClient interface { - mock.TestingT - Cleanup(func()) -} - -// NewClient creates a new instance of Client. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. -func NewClient(t mockConstructorTestingTNewClient) *Client { - mock := &Client{} - mock.Mock.Test(t) - - t.Cleanup(func() { mock.AssertExpectations(t) }) - - return mock -} diff --git a/util/tls/tls.go b/util/tls/tls.go index c7925b8325273..5e18c8eb75cda 100644 --- a/util/tls/tls.go +++ b/util/tls/tls.go @@ -28,7 +28,7 @@ const ( DefaultRSABits = 2048 // The default TLS cipher suites to provide to clients - see https://cipherlist.eu for updates // Note that for TLS v1.3, cipher suites are not configurable and will be chosen automatically. - DefaultTLSCipherSuite = "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" + DefaultTLSCipherSuite = "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_RSA_WITH_AES_256_GCM_SHA384" // The default minimum TLS version to provide to clients DefaultTLSMinVersion = "1.2" // The default maximum TLS version to provide to clients