arno/kube-bench
1
0
Fork 0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-11-22 08:08:07 +00:00
Code Issues Releases Wiki Activity
1,079 Commits 4 Branches 82 Tags 157 MiB
a9422a6623
Commit Graph

76 Commits

Author SHA1 Message Date
mjshastha
f8b6f2fc19
chore: fixed vulns - bump Go version (#1687) 2024-09-24 12:12:40 +06:00
dependabot[bot]
5a3fd1d896
build(deps): bump golang from 1.22.2 to 1.22.4 (#1629) 
Bumps golang from 1.22.2 to 1.22.4.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-07-04 08:46:34 +03:00
Andy Pitcher
7027b6b2ec
Add CIS kubernetes CIS-1.9 for k8s v1.27 - v1.29 (#1617) 
* Create cis-1.9 yamls and Update info
      - policies.yaml
          - 5.1.1 to 5.1.6 were adapted from Manual to Automated
          - 5.1.3 got broken down into 5.1.3.1 and 5.1.3.2
          - 5.1.6 got broken down into 5.1.6.1 and 5.1.6.2
          - version was set to cis-1.9
       - node.yaml master.yaml controlplane.yaml etcd.yaml
          - version was set to cis-1.9

* Adapt master.yaml
    - Expand 1.1.13/1.1.14 checks by adding super-admin.conf to the permission and ownership verification
    - Remove 1.2.12 Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used (Manual)
    - Adjust numbering from 1.2.12 to 1.2.29

* Adjust policies.yaml
   - Check 5.2.3 to 5.2.9 Title Automated to Manual

* Append node.yaml
   - Create 4.3 kube-config group
   - Create 4.3.1 Ensure that the kube-proxy metrics service is bound to localhost (Automated)

* Adjust policies 5.1.3 and 5.1.6

   - Merge 5.1.3.1 and 5.1.3.2 into 5.1.3 (use role_is_compliant and clusterrole_is_compliant)
   - Remove 5.1.6.1 and promote 5.1.6.2 to 5.1.6 since it natively covered 5.1.6.1 artifacts

* Add kubectl dependency and update publish
   - Download kubectl (build stage) based on version and architecture
   - Add binary checksum verification
   - Use go env GOARCH for ARCH
 2024-06-26 15:53:57 +03:00
dependabot[bot]
d8fc37649a
build(deps): bump alpine from 3.19.1 to 3.20.0 (#1621) 
Bumps alpine from 3.19.1 to 3.20.0.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-05-31 17:28:56 +03:00
dependabot[bot]
2a8615befd
build(deps): bump golang from 1.22.1 to 1.22.2 (#1596) 
Bumps golang from 1.22.1 to 1.22.2.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-05-03 19:35:58 +03:00
dependabot[bot]
dc7441620f
build(deps): bump golang from 1.22.0 to 1.22.1 (#1583) 
Bumps golang from 1.22.0 to 1.22.1.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-03-29 14:10:34 +03:00
dependabot[bot]
f297da6603
build(deps): bump golang from 1.21.6 to 1.22.0 (#1569) 
Bumps golang from 1.21.6 to 1.22.0.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: chenk <hen.keinan@gmail.com>
 2024-02-19 09:51:35 +02:00
dependabot[bot]
72eee4b7a4
build(deps): bump alpine from 3.19.0 to 3.19.1 (#1557) 
Bumps alpine from 3.19.0 to 3.19.1.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: chenk <hen.keinan@gmail.com>
 2024-02-19 09:15:28 +02:00
dependabot[bot]
628999c9c5
build(deps): bump golang from 1.21.5 to 1.21.6 (#1549) 
Bumps golang from 1.21.5 to 1.21.6.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: chenk <hen.keinan@gmail.com>
 2024-01-26 13:12:14 +02:00
dependabot[bot]
39c29fb07a
build(deps): bump alpine from 3.18.3 to 3.19.0 (#1535) 
Bumps alpine from 3.18.3 to 3.19.0.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: chenk <hen.keinan@gmail.com>
 2024-01-12 08:01:55 +02:00
dependabot[bot]
f353bc4cba
build(deps): bump golang from 1.21.3 to 1.21.5 (#1534) 
Bumps golang from 1.21.3 to 1.21.5.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-13 09:28:12 +02:00
dependabot[bot]
dc0580cebe
build(deps): bump golang from 1.21.1 to 1.21.3 (#1507) 
Bumps golang from 1.21.1 to 1.21.3.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: chenk <hen.keinan@gmail.com>
 2023-11-03 18:33:42 +02:00
dependabot[bot]
e1c6c80d02
build(deps): bump golang from 1.20.6 to 1.21.1 (#1494) 
Bumps golang from 1.20.6 to 1.21.1.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-09-16 12:59:20 +03:00
dependabot[bot]
3ef3e9a861
build(deps): bump alpine from 3.18.2 to 3.18.3 (#1487) 
Bumps alpine from 3.18.2 to 3.18.3.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-09-09 21:37:29 +03:00
Jonas-Taha El Sesiy
20ad80577c
Bump docker base images (#1465) 
During a recent CVE scan we found kube-bench to use `alpine:3.18` as the final image which has a known high CVE.

```
grype aquasec/kube-bench:v0.6.15
 ✔ Vulnerability DB        [no update available]
 ✔ Loaded image
 ✔ Parsed image
 ✔ Cataloged packages      [73 packages]
 ✔ Scanning image...       [4 vulnerabilities]
   ├── 0 critical, 4 high, 0 medium, 0 low, 0 negligible
   └── 4 fixed
NAME        INSTALLED  FIXED-IN  TYPE  VULNERABILITY  SEVERITY
libcrypto3  3.1.0-r4   3.1.1-r0  apk   CVE-2023-2650  High
libssl3     3.1.0-r4   3.1.1-r0  apk   CVE-2023-2650  High
openssl     3.1.0-r4   3.1.1-r0  apk   CVE-2023-2650  High
```

The CVE in question was addressed in the latest [alpine release](https://www.alpinelinux.org/posts/Alpine-3.15.9-3.16.6-3.17.4-3.18.2-released.html), hence updating the dockerfiles accordingly
 2023-07-26 18:22:19 +03:00
dependabot[bot]
a727d73e8a
build(deps): bump golang from 1.19.4 to 1.20.4 (#1436) 
Bumps golang from 1.19.4 to 1.20.4.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-06-10 18:07:26 +03:00
dependabot[bot]
84f80b59b8
build(deps): bump alpine from 3.17 to 3.18 (#1443) 
Bumps alpine from 3.17 to 3.18.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-05-26 13:41:30 +03:00
Devendra Turkar
96c6b385ef
chore: publish ubi based image (#1412) 
* chore: publish ubi based image

- added publish step to publish ubi image
- updated base image for alpine based dockerfile

* chore: update pipeline image to ubuntu-latest
 2023-04-05 13:02:36 +03:00
dependabot[bot]
465c16fe4b
build(deps): bump golang from 1.19.3 to 1.19.4 (#1345) 
Bumps golang from 1.19.3 to 1.19.4.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-12-22 16:10:46 +02:00
dependabot[bot]
e096229a5a
build(deps): bump alpine from 3.16.2 to 3.17.0 (#1332) 
Bumps alpine from 3.16.2 to 3.17.0.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-12-02 19:06:02 +02:00
dependabot[bot]
d5039002af
build(deps): bump golang from 1.19.2 to 1.19.3 (#1318) 
Bumps golang from 1.19.2 to 1.19.3.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-12-01 14:35:26 +02:00
dependabot[bot]
bb3c8e9685
build(deps): bump golang from 1.19.0 to 1.19.2 (#1299) 
Bumps golang from 1.19.0 to 1.19.2.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-17 20:24:30 +03:00
chenk
e05dabe0a9
chore: replace gclib alpine pkg (#1280) 
* chore: replace gclib alpine pkg

Signed-off-by: chenk <hen.keinan@gmail.com>

* chore: replace gclib alpine pkg

Signed-off-by: chenk <hen.keinan@gmail.com>

Signed-off-by: chenk <hen.keinan@gmail.com>
 2022-09-14 16:59:58 +03:00
dependabot[bot]
7146b65da4
build(deps): bump golang from 1.18.3 to 1.19.0 (#1237) 
Bumps golang from 1.18.3 to 1.19.0.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-08-10 14:17:46 -03:00
dependabot[bot]
1c46d386a8
build(deps): bump alpine from 3.16.0 to 3.16.2 (#1240) 
Bumps alpine from 3.16.0 to 3.16.2.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-08-10 14:00:09 -03:00
dependabot[bot]
b6bc27db17
Bump golang from 1.18.2 to 1.18.3 (#1199) 
Bumps golang from 1.18.2 to 1.18.3.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-06-06 22:37:41 +03:00
dependabot[bot]
3f85968c3c
Bump alpine from 3.15.4 to 3.16.0 (#1193) 
Bumps alpine from 3.15.4 to 3.16.0.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-06-03 18:19:44 +03:00
dependabot[bot]
e0704da7d0
Bump golang from 1.18.1 to 1.18.2 (#1181) 
Bumps golang from 1.18.1 to 1.18.2.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-06-01 15:40:20 +03:00
dependabot[bot]
aea61c93c7
Bump golang from 1.18.0 to 1.18.1 (#1155) 
Bumps golang from 1.18.0 to 1.18.1.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-04-19 08:03:43 +03:00
dependabot[bot]
48b80f8f01
Bump alpine from 3.15.2 to 3.15.4 (#1146) 
Bumps alpine from 3.15.2 to 3.15.4.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-04-12 15:12:21 +03:00
dependabot[bot]
b3902d2d14
Bump alpine from 3.15.1 to 3.15.2 (#1130) 
Bumps alpine from 3.15.1 to 3.15.2.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-03-29 09:32:10 +03:00
dependabot[bot]
55c5b981cf
Bump alpine from 3.15.0 to 3.15.1 (#1119) 
Bumps alpine from 3.15.0 to 3.15.1.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: chenk <hen.keinan@gmail.com>
 2022-03-23 09:38:08 +02:00
dependabot[bot]
021bb13b05
Bump golang from 1.17.8 to 1.18.0 (#1118) 
Bumps golang from 1.17.8 to 1.18.0.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-03-22 17:23:08 +02:00
dependabot[bot]
675515a9b0
Bump golang from 1.17.7 to 1.17.8 (#1110) 
Bumps golang from 1.17.7 to 1.17.8.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: chenk <hen.keinan@gmail.com>
 2022-03-08 11:08:52 +02:00
dependabot[bot]
e2599b1e06
Bump golang from 1.17.6 to 1.17.7 (#1095) 
Bumps golang from 1.17.6 to 1.17.7.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Huang Huang <mozillazg101@gmail.com>
Co-authored-by: chenk <hen.keinan@gmail.com>
 2022-03-03 16:46:34 +02:00
dependabot[bot]
d3cbc64476
Bump golang from 1.17.5 to 1.17.6 (#1079) 
Bumps golang from 1.17.5 to 1.17.6.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-01-12 14:16:56 +02:00
dependabot[bot]
1fbf2ca403
Bump golang from 1.17.4 to 1.17.5 (#1071) 
Bumps golang from 1.17.4 to 1.17.5.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-12-29 17:33:30 +02:00
dependabot[bot]
26b07a8a4c
Bump golang from 1.17.3 to 1.17.4 (#1062) 
Bumps golang from 1.17.3 to 1.17.4.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-12-09 11:50:30 +02:00
dependabot[bot]
0ce8a92226
Bump alpine from 3.14.3 to 3.15.0 (#1056) 
Bumps alpine from 3.14.3 to 3.15.0.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-12-01 11:53:40 +02:00
dependabot[bot]
29c403edbe
Bump alpine from 3.14.2 to 3.14.3 (#1046) 
Bumps alpine from 3.14.2 to 3.14.3.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Yoav Rotem <yoavrotems97@gmail.com>
 2021-11-18 16:52:34 +02:00
dependabot[bot]
00be5e3912
Bump golang from 1.17.2 to 1.17.3 (#1043) 
Bumps golang from 1.17.2 to 1.17.3.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-11-11 13:43:16 +02:00
Huang Huang
beaad3bab2
Support arm64 architecture (#1036) 
* Support arm64 architecture

* remove .github/workflows/test_docker.yml

Co-authored-by: Yoav Rotem <yoavrotems97@gmail.com>
 2021-11-08 14:06:44 +02:00
dependabot[bot]
cc619e5aef
Bump golang from 1.17.1 to 1.17.2 (#1019) 
Bumps golang from 1.17.1 to 1.17.2.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Yoav Rotem <yoavrotems97@gmail.com>
 2021-10-28 13:54:29 +03:00
dependabot[bot]
2662c07e2b
Bump golang from 1.17.0 to 1.17.1 (#988) 
Bumps golang from 1.17.0 to 1.17.1.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-09-19 15:26:10 +03:00
Dave Hay
6d758d2011
Update/upgrade Alpine before installing openssl (#981) 
Mitigating CVE-2021-3711 and CVE-2021-3712

Signed-off-by: Dave Hay <david_hay@uk.ibm.com>

Co-authored-by: Yoav Rotem <yoavrotems97@gmail.com>
 2021-09-05 17:48:33 +03:00
dependabot[bot]
2b6d21a652
Bump alpine from 3.14.1 to 3.14.2 (#977) 
Bumps alpine from 3.14.1 to 3.14.2.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-09-01 10:00:35 +03:00
dependabot[bot]
89a7e7a82d
Bump golang from 1.16 to 1.17.0 (#973) 
Bumps golang from 1.16 to 1.17.0.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Yoav Rotem <yoavrotems97@gmail.com>
 2021-08-30 11:47:18 +03:00
dependabot[bot]
ee1fd825a7
Bump alpine from 3.14.0 to 3.14.1 (#956) 
Bumps alpine from 3.14.0 to 3.14.1.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-08-10 12:04:15 +03:00
Matthieu MOREL
8ac8ebfc2a
Update Dependencies (#941) 
* Create dependabot.yml

* Bump crazy-max/ghaction-docker-meta from 1 to 3.4.0 (#1)

Bumps [crazy-max/ghaction-docker-meta](https://github.com/crazy-max/ghaction-docker-meta) from 1 to 3.4.0.
- [Release notes](https://github.com/crazy-max/ghaction-docker-meta/releases)
- [Upgrade guide](https://github.com/docker/metadata-action/blob/master/UPGRADE.md)
- [Commits](https://github.com/crazy-max/ghaction-docker-meta/compare/v1...v3.4.0)

---
updated-dependencies:
- dependency-name: crazy-max/ghaction-docker-meta
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update .yamllint.yaml

* Update .yamllint.yaml

* Update dependabot.yml

* Update dependabot.yml

* Bump github.com/onsi/ginkgo from 1.10.1 to 1.16.4 (#2)

Bumps [github.com/onsi/ginkgo](https://github.com/onsi/ginkgo) from 1.10.1 to 1.16.4.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/ginkgo/compare/v1.10.1...v1.16.4)

---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump github.com/stretchr/testify from 1.4.0 to 1.7.0 (#4)

Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.4.0 to 1.7.0.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.4.0...v1.7.0)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump github.com/fatih/color from 1.5.0 to 1.12.0 (#6)

Bumps [github.com/fatih/color](https://github.com/fatih/color) from 1.5.0 to 1.12.0.
- [Release notes](https://github.com/fatih/color/releases)
- [Commits](https://github.com/fatih/color/compare/v1.5.0...v1.12.0)

---
updated-dependencies:
- dependency-name: github.com/fatih/color
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump github.com/magiconair/properties from 1.8.0 to 1.8.5 (#3)

Bumps [github.com/magiconair/properties](https://github.com/magiconair/properties) from 1.8.0 to 1.8.5.
- [Release notes](https://github.com/magiconair/properties/releases)
- [Changelog](https://github.com/magiconair/properties/blob/main/CHANGELOG.md)
- [Commits](https://github.com/magiconair/properties/compare/v1.8.0...v1.8.5)

---
updated-dependencies:
- dependency-name: github.com/magiconair/properties
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump github.com/aws/aws-sdk-go from 1.35.28 to 1.39.6 (#7)

Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.35.28 to 1.39.6.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.35.28...v1.39.6)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump gopkg.in/yaml.v2 from 2.3.0 to 2.4.0 (#8)

Bumps [gopkg.in/yaml.v2](https://github.com/go-yaml/yaml) from 2.3.0 to 2.4.0.
- [Release notes](https://github.com/go-yaml/yaml/releases)
- [Commits](https://github.com/go-yaml/yaml/compare/v2.3.0...v2.4.0)

---
updated-dependencies:
- dependency-name: gopkg.in/yaml.v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump github.com/spf13/viper from 1.4.0 to 1.8.1 (#9)

Bumps [github.com/spf13/viper](https://github.com/spf13/viper) from 1.4.0 to 1.8.1.
- [Release notes](https://github.com/spf13/viper/releases)
- [Commits](https://github.com/spf13/viper/compare/v1.4.0...v1.8.1)

---
updated-dependencies:
- dependency-name: github.com/spf13/viper
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump github.com/spf13/cobra from 0.0.3 to 0.0.7 (#10)

Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 0.0.3 to 0.0.7.
- [Release notes](https://github.com/spf13/cobra/releases)
- [Changelog](https://github.com/spf13/cobra/blob/master/CHANGELOG.md)
- [Commits](https://github.com/spf13/cobra/compare/v0.0.3...0.0.7)

---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump github.com/aws/aws-sdk-go from 1.39.6 to 1.40.0 (#11)

Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.39.6 to 1.40.0.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.39.6...v1.40.0)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump crazy-max/ghaction-docker-meta from 3.4.0 to 3.4.1 (#12)

Bumps [crazy-max/ghaction-docker-meta](https://github.com/crazy-max/ghaction-docker-meta) from 3.4.0 to 3.4.1.
- [Release notes](https://github.com/crazy-max/ghaction-docker-meta/releases)
- [Commits](https://github.com/crazy-max/ghaction-docker-meta/compare/v3.4.0...v3.4.1)

---
updated-dependencies:
- dependency-name: crazy-max/ghaction-docker-meta
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump github.com/aws/aws-sdk-go from 1.40.0 to 1.40.1 (#13)

Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.40.0 to 1.40.1.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.40.0...v1.40.1)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump github.com/aws/aws-sdk-go from 1.40.1 to 1.40.7 (#21)

Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.40.1 to 1.40.7.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.40.1...v1.40.7)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump codecov/codecov-action from 1 to 2.0.2 (#20)

Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 1 to 2.0.2.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/v1...v2.0.2)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update build.yml

* Update mkdocs-deploy.yaml

* Update publish.yml

* Update mkdocs-deploy.yaml

* Bump github.com/aws/aws-sdk-go from 1.40.7 to 1.40.9 (#23)

Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.40.7 to 1.40.9.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.40.7...v1.40.9)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update .github/workflows/publish.yml

* Update .github/workflows/build.yml

* Update mkdocs-deploy.yaml

* Update build.yml

* Update dependabot.yml

* Update dependabot.yml

* Bump alpine from 3.13 to 3.14.0 (#27)

Bumps alpine from 3.13 to 3.14.0.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump github.com/aws/aws-sdk-go from 1.40.9 to 1.40.13 (#28)

Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.40.9 to 1.40.13.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.40.9...v1.40.13)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-08-04 11:38:18 +03:00
Dave Hay
222e696934
Upgrading apk-tools (#944) 
Upgrading apk-tools to remediate CVE-2021-36159
( https://snyk.io/vuln/SNYK-ALPINE314-APKTOOLS-1533752 )

Fixes #943

Signed-off-by: Dave Hay <david_hay@uk.ibm.com>

Co-authored-by: Yoav Rotem <yoavrotems97@gmail.com>
 2021-08-03 17:21:24 +03:00