upgrade to latest dependencies (#398)

knative-automation · web-flow · commit 29a1b6564e85 · 2022-10-18T14:37:10.000Z
bumping knative.dev/eventing 0fe923c...0fe923c:
bumping knative.dev/serving 6e597fa...d108ba9:
  &gt; d108ba9 Allow setting seccompProfile to enable using restricted security profile (# 13401)
  &gt; 388128b Run queue proxy with restricted profile (# 13376)

Signed-off-by: Knative Automation &lt;automation@knative.team&gt;

Signed-off-by: Knative Automation &lt;automation@knative.team&gt;
diff --git a/go.mod b/go.mod
@@ -13,10 +13,10 @@ require (
 	k8s.io/api v0.25.2
 	k8s.io/apimachinery v0.25.2
 	k8s.io/client-go v0.25.2
-	knative.dev/eventing v0.34.1-0.20221018032010-0fe923cd8a5b
+	knative.dev/eventing v0.35.0
 	knative.dev/hack v0.0.0-20221010154335-3fdc50b9c24a
 	knative.dev/pkg v0.0.0-20221011175852-714b7630a836
-	knative.dev/serving v0.34.1-0.20221017223110-6e597fa7fd73
+	knative.dev/serving v0.34.1-0.20221018131616-d108ba9b28c0
 )
 
 require (
diff --git a/go.sum b/go.sum
@@ -973,16 +973,16 @@ k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1 h1:MQ8BAZPZlWk3S9K4a9NCkI
 k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1/go.mod h1:C/N6wCaBHeBHkHUesQOQy2/MZqGgMAFPqGsGQLdbZBU=
 k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed h1:jAne/RjBTyawwAy0utX5eqigAwz/lQhTmy+Hr/Cpue4=
 k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
-knative.dev/eventing v0.34.1-0.20221018032010-0fe923cd8a5b h1:fgr/yRUg7nHSP0GM4eVO9eRDNV129SrSL3NfPojL6KE=
-knative.dev/eventing v0.34.1-0.20221018032010-0fe923cd8a5b/go.mod h1:MEqB5frQ5jQ2/A+WHpDU2VNLXum+4o7TiMhTdCvji9w=
+knative.dev/eventing v0.35.0 h1:0sn4Fc0OajdEf4s+0SucwzAIGvO3LZA/BZHsSwfjHes=
+knative.dev/eventing v0.35.0/go.mod h1:MEqB5frQ5jQ2/A+WHpDU2VNLXum+4o7TiMhTdCvji9w=
 knative.dev/hack v0.0.0-20221010154335-3fdc50b9c24a h1:yfq1OMrkyYkxDeM0pmAOeN4YF16R/WG0C+VvLBeq4uc=
 knative.dev/hack v0.0.0-20221010154335-3fdc50b9c24a/go.mod h1:yk2OjGDsbEnQjfxdm0/HJKS2WqTLEFg/N6nUs6Rqx3Q=
 knative.dev/networking v0.0.0-20221012062251-58f3e6239b4f h1:e/08+ofUjGjSYV2Usvb22IbkX4MjoiywbRtnXUK3FQY=
 knative.dev/networking v0.0.0-20221012062251-58f3e6239b4f/go.mod h1:GciicKYf4aWE138pT2ZKkZ/E10rd0Kt4ziX52A/HnVY=
 knative.dev/pkg v0.0.0-20221011175852-714b7630a836 h1:0N7Zo/O+xeUUebJPm9keBaGclrUoEbljr3J1MsqtaIM=
 knative.dev/pkg v0.0.0-20221011175852-714b7630a836/go.mod h1:DMTRDJ5WRxf/DrlOPzohzfhSuJggscLZ8EavOq9O/x8=
-knative.dev/serving v0.34.1-0.20221017223110-6e597fa7fd73 h1:8Z/YcMlmtXaIoB1Z7eG2Ek/WzN+742byNCHY7ygrVMI=
-knative.dev/serving v0.34.1-0.20221017223110-6e597fa7fd73/go.mod h1:eKvzlUmOFunHbVqkP5kmrNKSsjpo9TrYjWk/TK/4eGA=
+knative.dev/serving v0.34.1-0.20221018131616-d108ba9b28c0 h1:vLJuyV7sOMlUHnxbs+OOJr6MI5xEBwvWOPHm7AGzpAs=
+knative.dev/serving v0.34.1-0.20221018131616-d108ba9b28c0/go.mod h1:eKvzlUmOFunHbVqkP5kmrNKSsjpo9TrYjWk/TK/4eGA=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
diff --git a/vendor/knative.dev/serving/pkg/apis/serving/fieldmask.go b/vendor/knative.dev/serving/pkg/apis/serving/fieldmask.go
@@ -600,12 +600,14 @@ func PodSecurityContextMask(ctx context.Context, in *corev1.PodSecurityContext)
 	out.RunAsNonRoot = in.RunAsNonRoot
 	out.FSGroup = in.FSGroup
 	out.SupplementalGroups = in.SupplementalGroups
+	out.SeccompProfile = in.SeccompProfile
 
 	// Disallowed
 	// This list is unnecessary, but added here for clarity
 	out.SELinuxOptions = nil
 	out.WindowsOptions = nil
 	out.Sysctls = nil
+	out.FSGroupChangePolicy = nil
 
 	return out
 }
@@ -631,6 +633,9 @@ func SecurityContextMask(ctx context.Context, in *corev1.SecurityContext) *corev
 	// AllowPrivilegeEscalation when unset can behave the same way as true
 	// We do want the ability for folks to set this value to false
 	out.AllowPrivilegeEscalation = in.AllowPrivilegeEscalation
+	// SeccompProfile defaults to "unconstrained", but the safe values are
+	// "RuntimeDefault" or "Localhost" (with localhost path set)
+	out.SeccompProfile = in.SeccompProfile
 
 	// Disallowed
 	// This list is unnecessary, but added here for clarity
diff --git a/vendor/modules.txt b/vendor/modules.txt
@@ -1029,7 +1029,7 @@ k8s.io/utils/net
 k8s.io/utils/pointer
 k8s.io/utils/strings/slices
 k8s.io/utils/trace
-# knative.dev/eventing v0.34.1-0.20221018032010-0fe923cd8a5b
+# knative.dev/eventing v0.35.0
 ## explicit; go 1.18
 knative.dev/eventing/pkg/adapter/v2
 knative.dev/eventing/pkg/adapter/v2/util/crstatusevent
@@ -1150,7 +1150,7 @@ knative.dev/pkg/tracker
 knative.dev/pkg/version
 knative.dev/pkg/webhook
 knative.dev/pkg/webhook/certificates/resources
-# knative.dev/serving v0.34.1-0.20221017223110-6e597fa7fd73
+# knative.dev/serving v0.34.1-0.20221018131616-d108ba9b28c0
 ## explicit; go 1.18
 knative.dev/serving/pkg/apis/autoscaling
 knative.dev/serving/pkg/apis/autoscaling/v1alpha1
